diff --git a/README.md b/README.md
index f89d0c17..2b28fc80 100644
--- a/README.md
+++ b/README.md
@@ -56,7 +56,7 @@ This is the CoreConfig that takserver war will look for when running from the ta
 
 See appendix B in src/docs/TAK_Server_Configuration_Guide.pdf for cert generation instructions.
 
-### Build and run TAK server locally for development
+### Build TAK server to run locally for development
 
 Note that due to Java 17, there are a lot of '--add-opens' arguments in the JDK_JAVA_OPTIONS
 ```
@@ -67,20 +67,30 @@ export IGNITE_HOME="$PWD/ignite"
 export JDK_JAVA_OPTIONS="-Dloader.path=WEB-INF/lib-provided,WEB-INF/lib,WEB-INF/classes,file:lib/ -Djava.net.preferIPv4Stack=true -Djava.security.egd=file:/dev/./urandom -DIGNITE_UPDATE_NOTIFIER=false -DIGNITE_QUIET=true -Dio.netty.tmpdir=$PWD -Djava.io.tmpdir=$PWD -Dio.netty.native.workdir=$PWD -Djdk.tls.client.protocols=TLSv1.2  --add-opens=java.base/sun.security.pkcs=ALL-UNNAMED --add-opens=java.base/sun.security.pkcs10=ALL-UNNAMED --add-opens=java.base/sun.security.util=ALL-UNNAMED --add-opens=java.base/sun.security.x509=ALL-UNNAMED --add-opens=java.base/sun.security.tools.keytool=ALL-UNNAMED --add-opens=java.base/jdk.internal.misc=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/com.sun.jmx.mbeanserver=ALL-UNNAMED --add-opens=jdk.internal.jvmstat/sun.jvmstat.monitor=ALL-UNNAMED --add-opens=java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.locks=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.math=ALL-UNNAMED --add-opens=java.sql/java.sql=ALL-UNNAMED --add-opens=java.base/javax.net.ssl=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=jdk.unsupported/sun.misc=ALL-UNNAMED --add-opens=java.base/java.lang.ref=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/java.security.ssl=ALL-UNNAMED --add-opens=java.base/java.security.cert=ALL-UNNAMED --add-opens=java.base/sun.security.rsa=ALL-UNNAMED --add-opens=java.base/sun.security.ssl=ALL-UNNAMED --add-opens=java.base/sun.security.x500=ALL-UNNAMED --add-opens=java.base/sun.security.pkcs12=ALL-UNNAMED --add-opens=java.base/sun.security.provider=ALL-UNNAMED --add-opens=java.base/javax.security.auth.x500=ALL-UNNAMED"
 
 ```
+### Running TAK server locally for development
 
-TAK server consists of two processes: Messaging and API. The messaging process can run independently, but the API process needs to connect to the ignite server that runs as a part of the messaging process. For both processes, -Xmx should always be specified.
+TAK server consists of three processes: Configuration, Messaging and API. 
 
-Run Messaging (note - this command and the following one to run api include the **duplicatelogs** profile. This turns off the filter that blocks duplicated log messages that cause log spam in operational deployments of TAK Server.
+The configuration process needs to be running first in order for the Messaging, API or any other services to retrieve the centralized configuration.  This is separate from the TAKIgniteConfiguration that is loaded **per service** using defaults or the overridden values in TAKIgniteConfig.xml.  
+
+The messaging process can run independently, but the API process may need to connect to the ignite server that runs as a part of the messaging process if it is not configured to run its own Ignite server. For both processes, -Xmx should always be specified.
+
+Note - These commands include the **duplicatelogs** profile. This turns off the filter that blocks duplicated log messages that cause log spam in operational deployments of TAK Server.
+
+#### Run Configuration Microservice
+```
+java -server -XX:+AlwaysPreTouch -XX:+UseG1GC -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC -Xmx<value> -Dspring.profiles.active=config,duplicatelogs -jar ../build/libs/takserver-core-xyz.war
+```
+#### Run Messaging Microservice
 ```
 java -server -XX:+AlwaysPreTouch -XX:+UseG1GC -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC -Xmx<value> -Dspring.profiles.active=messaging,duplicatelogs -jar ../build/libs/takserver-core-xyz.war
 ```
-
-Run API
+#### Run API Microservice
 ```
 java -server -XX:+AlwaysPreTouch -XX:+UseG1GC -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC -Xmx<value> -Dspring.profiles.active=api,duplicatelogs -Dkeystore.pkcs12.legacy -jar ../build/libs/takserver-core-xyz.war
 ```
 
-Run Plugin Manager (useful when working on plugin capability)
+#### Run Plugin Manager Microservice (optional - useful when working on plugin capability)
 ```
 java -server -XX:+AlwaysPreTouch -XX:+UseG1GC -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC -Xmx<value> -jar ../../takserver-plugin-manager/build/libs/takserver-plugin-manager-xyz.jar 
 ```
@@ -150,10 +160,12 @@ i.e.
 
 The TAK Server log files can be found in the _logs_ subdirectory:
 
-1. _takserver-messaging.log_ - Execution-level information about the messaging process, including client connection events, error messages and warnings.
-2. _takserver-api.log_ - Execution-level information about the API process, including error messages and warnings.
-3. _takserver-messaging-console.log_ - Java Virtual Machine (JVM) informational messages and errors, for the messaging process.
-4. _takserver-api-console.log_ - Java Virtual Machine (JVM) informational messages and errors, for the API process.
+1. _takserver-config.log_ - Execution-level information about the configuration process including setup, error messages and warnings.
+2. _takserver-messaging.log_ - Execution-level information about the messaging process, including client connection events, error messages and warnings.
+3. _takserver-api.log_ - Execution-level information about the API process, including error messages and warnings.
+4. _takserver-config-console.log_ - Java Virtual Machine (JVM) informational messages and errors, for the config process.
+5. _takserver-messaging-console.log_ - Java Virtual Machine (JVM) informational messages and errors, for the messaging process.
+6. _takserver-api-console.log_ - Java Virtual Machine (JVM) informational messages and errors, for the API process.
 
 ## Swagger
 https://localhost:8443/swagger-ui.html
diff --git a/src/docs/README_fedhub.md b/src/docs/README_fedhub.md
index c831496a..3002eaa7 100644
--- a/src/docs/README_fedhub.md
+++ b/src/docs/README_fedhub.md
@@ -1,6 +1,7 @@
+
 # TAK Server Federation Hub
 
-*Requires Java 11.*
+*Requires Java 17.*
 
 ## Description
 
@@ -37,18 +38,97 @@ To build the .rpm for the Federation Hub, run:
 2. broker 
 3. UI (optional)
 
-## Install and Run
+## Install and Run RHEL7
+Update yum
+
+```
+sudo yum update -y
+```
+
+Install Java 17
+```
+sudo yum install wget -y
+sudo wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.rpm
+sudo yum install -y ./jdk-17_linux-x64_bin.rpm
+```
+
+To install from the .rpm, run:
+
+```
+sudo rpm -ivh takserver-fed-hub-*.noarch.rpm --nodeps
+```
+
+## Install and Run RHEL8
+Update yum
+
+```
+sudo dnf update -y
+```
+
+Install Java 17
+```
+sudo dnf install java-17-openjdk-devel -y
+```
 
 To install from the .rpm, run:
 
 ```
-sudo yum install federation-hub-*.noarch.rpm
+sudo yum install takserver-fed-hub-*.noarch.rpm -y
+```
+
+Add and Apply SELinux
+```
+sudo dnf install checkpolicy
+cd /opt/tak/federation-hub && sudo ./apply-selinux.sh && sudo semodule -l | grep takserver
 ```
 
+## Install Mongo
+Make sure /opt/tak/federation-hub/configs/federation-hub-broker.yml has your database credentials defined. Defaults will be generated otherwise
+```
+dbUsername: martiuser
+dbPassword: pass4marti
+```
+
+Mongo Setup
+```
+sudo yum install -y mongodb-org
+sudo systemctl daemon-reload
+sudo systemctl enable mongod
+sudo systemctl restart mongod
+sudo /opt/tak/federation-hub/scripts/db/configure.sh
+```
+
+## Update from RPM
+Before updating the Federation Hub, you should back up the policy file and list of authorized users:
+
+```
+mv /opt/tak/federation-hub/ui_generated_policy.json /tmp
+mv /opt/tak/federation-hub/authorized_users.yml /tmp
+```
+
+RHEL7
+```
+sudo rpm -Uvh takserver-fed-hub-*.noarch.rpm --nodeps
+```
+
+RHEL8
+```
+sudo yum upgrade takserver-fed-hub-*.noarch.rpm
+```
+
+The policy and authorized can then be replaced:
+```
+mv /tmp/ui_generated_policy.json /opt/tak/federation-hub/
+mv /tmp/authorized_users.yml /opt/tak/federation-hub/
+```
+
+## Configuration
+**The Federation Hub authenticates clients using TLS with X.509 client certificates. Scripts for generating a private security enclave, including a Certificate Authority (CA), and certs for use by the Federation Hub are in the TAK server documentation. See the TAK server configuration guide (docs/TAK_Server_Configuration_Guide.pdf) for additional information.**
+
 The Federation Hub can then be started as a system service (and enabled to run on boot):
 
 ```
-sudo systemctl start federation-hub
+sudo systemctl restart federation-hub
 sudo systemctl enable federation-hub
 ```
 
@@ -64,8 +144,6 @@ The Federation Hub consists of three processes: a policy manager, an administrat
 
 ## Client Authentication and Authorization
 
-The Federation Hub authenticates clients using TLS with X.509 client certificates. Scripts for generating a private security enclave, including a Certificate Authority (CA), and certs for use by the Federation Hub are in the TAK server documentation. See the TAK server configuration guide (docs/TAK_Server_Configuration_Guide.pdf) for additional information.
-
 To authorize clients to act as administrators and enable access to the admin UI, use `federation-hub-manager.jar`:
 
 ```
diff --git a/src/docs/TAK_Server_Configuration_Guide.odt b/src/docs/TAK_Server_Configuration_Guide.odt
index 920e43e4..39e1c078 100644
Binary files a/src/docs/TAK_Server_Configuration_Guide.odt and b/src/docs/TAK_Server_Configuration_Guide.odt differ
diff --git a/src/docs/TAK_Server_Configuration_Guide.pdf b/src/docs/TAK_Server_Configuration_Guide.pdf
index e0ab34ec..e2282995 100644
Binary files a/src/docs/TAK_Server_Configuration_Guide.pdf and b/src/docs/TAK_Server_Configuration_Guide.pdf differ
diff --git a/src/federation-common/build.gradle b/src/federation-common/build.gradle
index 5dc0bea6..87e29398 100644
--- a/src/federation-common/build.gradle
+++ b/src/federation-common/build.gradle
@@ -8,6 +8,7 @@ dependencies {
   implementation group: 'org.slf4j', name: 'slf4j-api', version: slf4j_version
   implementation group: 'org.slf4j', name: 'log4j-over-slf4j', version: slf4j_version
 
+  implementation(project(':takserver-common'))
   api project(':takserver-fig-core')
 
   // Apache Ignite (cache and distributed service grid).
@@ -15,7 +16,7 @@ dependencies {
 //  implementation group: 'org.apache.ignite', name: 'ignite-spring-cache-ext', version: ignite_spring_cache_version
   implementation group: 'org.springframework', name: 'spring-beans', version: spring_version
   implementation group: 'org.springframework', name: 'spring-context', version: spring_version
-
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-mongodb', version: spring_boot_version
 
   implementation group: 'org.apache.ignite', name: 'ignite-kubernetes', version: ignite_version
   implementation group: 'org.apache.ignite', name: 'ignite-slf4j', version: ignite_version
diff --git a/src/federation-common/docker/Dockerfile.fedhub-db b/src/federation-common/docker/Dockerfile.fedhub-db
new file mode 100644
index 00000000..15d3d4b3
--- /dev/null
+++ b/src/federation-common/docker/Dockerfile.fedhub-db
@@ -0,0 +1,7 @@
+FROM mongo:6.0
+
+COPY tak/federation-hub/scripts/db /opt/tak/federation-hub/scripts/db
+
+RUN mkdir -p /var/lib/mongodb
+
+ENTRYPOINT ["/bin/sh","-c","/opt/tak/federation-hub/scripts/db/configureInDocker.sh && tail -f /dev/null"]
diff --git a/src/federation-common/src/main/java/tak/server/federation/FederateGroup.java b/src/federation-common/src/main/java/tak/server/federation/FederateGroup.java
index 8968c78b..d7a8d051 100644
--- a/src/federation-common/src/main/java/tak/server/federation/FederateGroup.java
+++ b/src/federation-common/src/main/java/tak/server/federation/FederateGroup.java
@@ -23,42 +23,6 @@ public FederateGroup(FederateIdentity federateIdentity) {
         this.filterExpression = "";
     }
 
-    public FederateGroup(FederateIdentity federateIdentity, boolean interconnected) {
-        super(federateIdentity);
-        this.interconnected = interconnected;
-        this.federatesInGroup = new HashSet<>();
-        this.filterExpression = "";
-    }
-
-    /* If there is a group filter expression, the group is interconnected. */
-    public FederateGroup(FederateIdentity federateIdentity, String filterExpression) {
-        super(federateIdentity);
-        this.interconnected = true;
-        this.filterExpression = filterExpression;
-        this.federatesInGroup = new HashSet<>();
-    }
-
-    public FederateGroup(String name, FederateIdentity federateIdentity) {
-        super(name, federateIdentity);
-        this.interconnected = true;
-        this.federatesInGroup = new HashSet<>();
-        this.filterExpression = "";
-    }
-
-    public FederateGroup(String name, FederateIdentity federateIdentity, boolean interconnected) {
-        super(name, federateIdentity);
-        this.interconnected = interconnected;
-        this.federatesInGroup = new HashSet<>();
-        this.filterExpression = "";
-    }
-
-    /* If there is a group filter expression, the group is interconnected. */
-    public FederateGroup(String name, FederateIdentity federateIdentity, String filterExpression) {
-        super(name, federateIdentity);
-        this.interconnected = true;
-        this.filterExpression = filterExpression;
-        this.federatesInGroup = new HashSet<>();
-    }
 
     public boolean isInterconnected() {
         return interconnected;
diff --git a/src/federation-common/src/main/java/tak/server/federation/FederationException.java b/src/federation-common/src/main/java/tak/server/federation/FederationException.java
index 7637ba89..67f8c9bd 100644
--- a/src/federation-common/src/main/java/tak/server/federation/FederationException.java
+++ b/src/federation-common/src/main/java/tak/server/federation/FederationException.java
@@ -24,7 +24,7 @@ public FederationException(String additionalInformation, Throwable failureCausin
     @Override
     public String toString() {
         Throwable cause = this.getCause();
-        if(cause == null) {
+        if (cause == null) {
             return this.getMessage();
         } else if (this.additionalInformation == null) {
             return cause.toString();
diff --git a/src/federation-common/src/main/java/tak/server/federation/FederationFilter.java b/src/federation-common/src/main/java/tak/server/federation/FederationFilter.java
index 5a4f6845..05ee05ea 100644
--- a/src/federation-common/src/main/java/tak/server/federation/FederationFilter.java
+++ b/src/federation-common/src/main/java/tak/server/federation/FederationFilter.java
@@ -31,7 +31,7 @@ public String getMethodName() {
     }
 
     public void addMessageAttribute(String key, Object value) {
-        if(isValueValidType(value)) {
+        if (isValueValidType(value)) {
             messageAttributes.put(key, value);
         }
     }
@@ -41,7 +41,7 @@ public Map<String, Object> getMessageAttributes() {
     }
 
     public void addSourceAttribute(String key, Object value) {
-        if(isValueValidType(value)) {
+        if (isValueValidType(value)) {
             sourceAttributes.put(key, value);
         }
     }
@@ -51,7 +51,7 @@ public Map<String, Object> getSourceAttributes() {
     }
 
     public void addDestinationAttribute(String key, Object value) {
-        if(isValueValidType(value)) {
+        if (isValueValidType(value)) {
             destinationAttributes.put(key, value);
 
         }
diff --git a/src/federation-common/src/main/java/tak/server/federation/GuardedStreamHolder.java b/src/federation-common/src/main/java/tak/server/federation/GuardedStreamHolder.java
index 33382fcf..5d4dc39c 100644
--- a/src/federation-common/src/main/java/tak/server/federation/GuardedStreamHolder.java
+++ b/src/federation-common/src/main/java/tak/server/federation/GuardedStreamHolder.java
@@ -21,6 +21,7 @@
 import com.atakmap.Tak.FederatedEvent;
 import com.atakmap.Tak.ROL;
 import com.atakmap.Tak.Subscription;
+import com.atakmap.Tak.Identity.ConnectionType;
 import com.google.common.base.Strings;
 
 import io.grpc.ClientCall;
@@ -46,7 +47,7 @@ public class GuardedStreamHolder<T> {
     private Subscription subscription;
     private int maxFederateHops = -1;
     
-    private boolean isHub = false;
+    private boolean isRunningInHub = false;
 
     private final Set<T> cache;
 
@@ -55,13 +56,13 @@ public Set<T> getCache() {
     }
     
     // for outgoing connections
-    public GuardedStreamHolder(ClientCall<T, Subscription> clientCall, String fedId, Comparator<T> comp, boolean isHub) {
+    public GuardedStreamHolder(ClientCall<T, Subscription> clientCall, String fedId, Comparator<T> comp, boolean isRunningInHub) {
 
     	requireNonNull(clientCall, "FederatedEvent groupCall");
 
         requireNonNull(comp, "comparator");
         
-        this.isHub = isHub;
+        this.isRunningInHub = isRunningInHub;
 
         this.cache = new ConcurrentSkipListSet<T>(comp);
         
@@ -74,14 +75,14 @@ public GuardedStreamHolder(ClientCall<T, Subscription> clientCall, String fedId,
     }
 
     // for incoming connections
-    public GuardedStreamHolder(StreamObserver<T> clientStream, String clientName, String certHash, SSLSession session, Subscription subscription, Comparator<T> comp, boolean isHub) {
+    public GuardedStreamHolder(StreamObserver<T> clientStream, String clientName, String certHash, SSLSession session, Subscription subscription, Comparator<T> comp, boolean isRunningInHub) {
 
         requireNonNull(clientStream, "FederatedEvent client stream");
 
         requireNonNull(subscription, "client subscription");
         requireNonNull(comp, "comparator");
         
-        this.isHub = isHub;
+        this.isRunningInHub = isRunningInHub;
         
         this.cache = new ConcurrentSkipListSet<T>(comp);
 
@@ -93,8 +94,12 @@ public GuardedStreamHolder(StreamObserver<T> clientStream, String clientName, St
             throw new IllegalArgumentException("empty cert hash - invalid stream");
         }
 
-        // append a random id to the end, to prevent collisions. this is done for outgoing connections as well in the javascript code
-        String fedId = clientName + "-" + certHash  + "-" + new BigInteger(session.getId());
+        // new takservers will send their CoreConfig serverId. if present, use it, otherwise generate a random unique identifier
+        String serverId = subscription.getIdentity().getServerId();
+        if (Strings.isNullOrEmpty(serverId)) {
+        	serverId = new BigInteger(session.getId()).toString();
+        }
+        String fedId = clientName + "-" + certHash  + "-" + serverId;
 
         this.subscription = subscription;
 
@@ -135,7 +140,7 @@ public synchronized void send(T event) {
         }
         
         T modifiedEvent = null;
-        if (isHub) {
+        if (isRunningInHub) {
         	// since hub outgoing connections can forward traffic to other hubs, we need to keep a list of visited nodes
             // so that we can stop cycles
             FederateProvenance prov = FederateProvenance.newBuilder()
@@ -155,7 +160,7 @@ public synchronized void send(T event) {
     	if (modifiedEvent == null) {
     		return;
     	}
-    	        
+    	    	        
         // clientStream = stream of messages going from server to a connected outgoing client
         if (clientStream != null) 
         	clientStream.onNext(modifiedEvent);
@@ -173,7 +178,7 @@ public T addPropertiesToEvent(T event, Set<FederateProvenance> federateProvenanc
         	
         	// if hops exist, check/increment them, if no hops exist, we need to add them
         	FederateHops federateHops = fedEvent.hasFederateHops() ? checkHops(event, fedEvent.getFederateHops()) : 
-        		FederateHops.newBuilder().setCurrentHops(0).setMaxHops(maxFederateHops).build();
+        		FederateHops.newBuilder().setCurrentHops(1).setMaxHops(maxFederateHops).build();
         	
         	if (federateHops == null) {
         		return null;
@@ -196,7 +201,7 @@ public T addPropertiesToEvent(T event, Set<FederateProvenance> federateProvenanc
         	
         	// if hops exist, check/increment them, if no hops exist, we need to add them
         	FederateHops federateHops = fedGroup.hasFederateHops() ? checkHops(event, fedGroup.getFederateHops()) : 
-        		FederateHops.newBuilder().setCurrentHops(0).setMaxHops(maxFederateHops).build();
+        		FederateHops.newBuilder().setCurrentHops(1).setMaxHops(maxFederateHops).build();
         	
         	if (federateHops == null) {
         		return null;
@@ -219,7 +224,7 @@ public T addPropertiesToEvent(T event, Set<FederateProvenance> federateProvenanc
         	
         	// if hops exist, check/increment them, if no hops exist, we need to add them
         	FederateHops federateHops = rol.hasFederateHops() ? checkHops(event, rol.getFederateHops()) : 
-        		FederateHops.newBuilder().setCurrentHops(0).setMaxHops(maxFederateHops).build();
+        		FederateHops.newBuilder().setCurrentHops(1).setMaxHops(maxFederateHops).build();
         	
         	if (federateHops == null) {
         		return null;
@@ -242,7 +247,7 @@ public T addPropertiesToEvent(T event, Set<FederateProvenance> federateProvenanc
         	
         	// if hops exist, check/increment them, if no hops exist, we need to add them
         	FederateHops federateHops = blob.hasFederateHops() ? checkHops(event, blob.getFederateHops()) : 
-        		FederateHops.newBuilder().setCurrentHops(0).setMaxHops(maxFederateHops).build();
+        		FederateHops.newBuilder().setCurrentHops(1).setMaxHops(maxFederateHops).build();
         	
         	if (federateHops == null) {
         		return null;
@@ -265,18 +270,33 @@ public T addPropertiesToEvent(T event, Set<FederateProvenance> federateProvenanc
     private FederateHops checkHops(T event, FederateHops federateHops) {
     	long maxHops = federateHops.getMaxHops();
 		long currentHops = federateHops.getCurrentHops() + 1;
-		    		
-		if (currentHops >= maxHops && maxHops != -1) {
+		
+		if (currentHops > maxHops && maxHops != -1) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("dropping message because of hop limit " + event);
 			}
 			return null;
-		}
-		else {
+		} 
+		// if there is only 1 hop left and the next hop is to a federation hub,
+		// just drop the message now because the next hub will not be allowed to send it
+		// further anyways
+		else if (isHubSubscription() && currentHops == maxHops) {  
+			if (logger.isDebugEnabled()) {
+				logger.debug("dropping message because of hop limit (1 hop left but next destination is a hub) " + event);
+			}
+			return null;
+		} else {
 			return FederateHops.newBuilder().setCurrentHops(currentHops).setMaxHops(maxHops).build();
 		}
     }
 
+    // if the subscription associated with this connection is a federation hub
+    private boolean isHubSubscription() {
+    	return subscription != null && 
+    			(subscription.getIdentity().getType() == ConnectionType.FEDERATION_HUB_CLIENT 
+    			|| subscription.getIdentity().getType() == ConnectionType.FEDERATION_HUB_SERVER);
+    }
+    
     public void throwDeadlineExceptionToClient() {
         try {
         	if (clientStream != null)
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/FederationHubDependencyInjectionProxy.java b/src/federation-common/src/main/java/tak/server/federation/hub/FederationHubDependencyInjectionProxy.java
index 6fd4c715..8b3f3f5f 100644
--- a/src/federation-common/src/main/java/tak/server/federation/hub/FederationHubDependencyInjectionProxy.java
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/FederationHubDependencyInjectionProxy.java
@@ -1,11 +1,8 @@
 package tak.server.federation.hub;
 
+import tak.server.federation.hub.broker.*;
 import tak.server.federation.hub.policy.FederationHubPolicyManager;
-import tak.server.federation.hub.broker.SSLConfig;
 import tak.server.federation.hub.broker.events.RestartServerEvent;
-import tak.server.federation.hub.broker.FederationHubServerConfig;
-import tak.server.federation.hub.broker.HubConnectionStore;
-import tak.server.federation.hub.broker.FederationHubBroker;
 
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
@@ -79,7 +76,7 @@ public FederationHubServerConfig fedHubServerConfig() {
 
         return fedHubServerConfig;
     }
-    
+
     private FederationHubBroker federationHubBroker = null;
 
     public FederationHubBroker federationHubBroker() {
@@ -93,7 +90,20 @@ public FederationHubBroker federationHubBroker() {
 
         return federationHubBroker;
     }
-    
+
+    private FederationHubBrokerMetrics federationHubBrokerMetrics = null;
+
+    public FederationHubBrokerMetrics federationHubBrokerMetrics() {
+        if (federationHubBrokerMetrics == null) {
+            synchronized (this) {
+                if (federationHubBrokerMetrics == null) {
+                    federationHubBrokerMetrics = springContext.getBean(FederationHubBrokerMetrics.class);
+                }
+            }
+        }
+        return federationHubBrokerMetrics;
+    }
+
     private HubConnectionStore hubConnectionStore = null;
 
     public HubConnectionStore hubConnectionStore() {
@@ -107,8 +117,8 @@ public HubConnectionStore hubConnectionStore() {
 
         return hubConnectionStore;
     }
-        
+
     public void restartV2Server() {
         springContext.publishEvent(new RestartServerEvent(this));
     }
-}
+}
\ No newline at end of file
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBroker.java b/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBroker.java
index 6ff141a6..37deb03f 100644
--- a/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBroker.java
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBroker.java
@@ -2,6 +2,7 @@
 
 import java.security.cert.X509Certificate;
 import java.util.List;
+import java.util.Map;
 
 import tak.server.federation.hub.ui.graph.FederationPolicyModel;
 
@@ -9,6 +10,8 @@ public interface FederationHubBroker {
     void addGroupCa(X509Certificate ca);
     void updatePolicy(FederationPolicyModel federationPolicyModel);
     List<HubConnectionInfo> getActiveConnections();
+    FederationHubBrokerMetrics getFederationHubBrokerMetrics();
     List<String> getGroupsForNode(String federateId);
 	void deleteGroupCa(String groupId);
-}
+	Map<String, X509Certificate> getCAsFromFile();
+}
\ No newline at end of file
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerImpl.java b/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerImpl.java
index 0140d6e4..34916869 100644
--- a/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerImpl.java
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerImpl.java
@@ -11,7 +11,9 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Enumeration;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 
@@ -97,7 +99,7 @@ public void addGroupCa(X509Certificate ca) {
         try {
             String dn = ca.getSubjectX500Principal().getName();
             String alias = FederationUtils.getBytesSHA256(ca.getEncoded());
-                        
+
             sslConfig.getTrust().setEntry(alias, new KeyStore.TrustedCertificateEntry(ca), null);
             saveTruststoreFile(sslConfig, fedHubConfig);
             sslConfig.refresh();
@@ -108,7 +110,30 @@ public void addGroupCa(X509Certificate ca) {
             throw new RuntimeException(e);
         }
     }
-    
+
+    @Override
+	public Map<String, X509Certificate> getCAsFromFile() {
+    	Map<String, X509Certificate> cas = new HashMap<>();
+
+		FederationHubDependencyInjectionProxy depProxy = FederationHubDependencyInjectionProxy.getInstance();
+		SSLConfig sslConfig = depProxy.sslConfig();
+
+		try {
+			for (Enumeration<String> e = sslConfig.getTrust().aliases(); e.hasMoreElements();) {
+				String alias = e.nextElement();
+				X509Certificate cert = (X509Certificate) sslConfig.getTrust().getCertificate(alias);
+				String issuerName = cert.getIssuerX500Principal().getName();
+				String groupName = issuerName + "-" + FederationUtils.getBytesSHA256(cert.getEncoded());
+
+				cas.put(groupName, cert);
+			}
+		} catch (Exception e) {
+			logger.error("Exception deleteing CA", e);
+		}
+
+		return cas;
+	}
+
 	@Override
 	public void deleteGroupCa(String groupId) {
 		FederationHubDependencyInjectionProxy depProxy = FederationHubDependencyInjectionProxy.getInstance();
@@ -126,11 +151,11 @@ public void deleteGroupCa(String groupId) {
 				if (groupName.equals(groupId)) {
 					FederateGroup group = new FederateGroup(new FederateIdentity(groupId));
 					fedHubPolicyManager.removeCaGroup(group);
-					
+
 					sslConfig.getTrust().deleteEntry(alias);
 					saveTruststoreFile(sslConfig, fedHubConfig);
 					sslConfig.refresh();
-					
+
 					depProxy.restartV2Server();
 				}
 			}
@@ -163,13 +188,13 @@ public void execute() throws Exception {
 	@Override
 	public void updatePolicy(FederationPolicyModel federationPolicyModel) {
 		Collection<PolicyObjectCell> cells = federationPolicyModel.getCells();
-		
+
 		if (cells != null) {
 			List<FederationOutgoingCell> outgoings = new ArrayList<>();
 			cells.stream().filter(cell -> cell instanceof FederationOutgoingCell).forEach( cell -> {
 				outgoings.add((FederationOutgoingCell) cell);
 	        });
-			
+
 			FederationHubDependencyInjectionProxy.getSpringContext().publishEvent(new UpdatePolicy(this, outgoings));
 		}
 	}
@@ -184,12 +209,19 @@ public List<HubConnectionInfo> getActiveConnections() {
 				.collect(Collectors.toList());
 	}
 
+	@Override
+	public FederationHubBrokerMetrics getFederationHubBrokerMetrics() {
+
+		return FederationHubDependencyInjectionProxy.getInstance()
+				.federationHubBrokerMetrics();
+	}
+
 	@Override
 	public List<String> getGroupsForNode(String federateId) {
 		FederationPolicyGraph policyGraph = FederationHubDependencyInjectionProxy.getInstance()
 				.fedHubPolicyManager()
 				.getPolicyGraph();
-		
+
 		FederationNode sourceNode = policyGraph.getNode(federateId);
 
 		if (sourceNode != null) {
@@ -206,18 +238,18 @@ public List<String> getGroupsForNode(String federateId) {
 						.flatMap(g -> g.getFederateGroupsList().stream())
 						.distinct()
 						.collect(Collectors.toList());
-					
+
 					return groups;
 			}
-			
+
 			if (sourceNode instanceof FederateGroup) {
 				FederateGroup sourceFederateGroup = (FederateGroup) policyGraph.getNode(federateId);
-				
+
 				Set<String> federateIdentitiesInGroup = sourceFederateGroup.getFederatesInGroup()
 						.stream()
 						.map(f -> f.getFederateIdentity().getFedId())
 						.collect(Collectors.toSet());
-				
+
 				List<String> groups = FederationHubDependencyInjectionProxy.getInstance()
 						.hubConnectionStore()
 						.getClientGroupStreamMap()
@@ -230,11 +262,11 @@ public List<String> getGroupsForNode(String federateId) {
 						.flatMap(g -> g.getFederateGroupsList().stream())
 						.distinct()
 						.collect(Collectors.toList());
-					
+
 					return groups;
 			}
 		}
-		
+
 		return new ArrayList<String>();
 	}
-}
+}
\ No newline at end of file
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerMetrics.java b/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerMetrics.java
new file mode 100644
index 00000000..219909d5
--- /dev/null
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerMetrics.java
@@ -0,0 +1,182 @@
+package tak.server.federation.hub.broker;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class FederationHubBrokerMetrics {
+
+    @JsonIgnore
+    private final ConcurrentHashMap<String, ConcurrentHashMap<String, ChannelInfo>> channelInfosInternal = new ConcurrentHashMap<>();
+
+
+    private final List<ChannelInfo> channelInfos = new ArrayList<>();
+
+    public ConcurrentHashMap<String, ConcurrentHashMap<String, ChannelInfo>> getChannelInfosInternal() {
+        return new ConcurrentHashMap<>(channelInfosInternal);
+    }
+
+    public List<ChannelInfo> getChannelInfos() {
+        return new ArrayList<ChannelInfo>(channelInfos);
+    }
+
+    public void incrementChannelWrite(String sourceId,
+                                      String sourceCert,
+                                      String targetId,
+                                      String targetCert,
+                                      long messageLength) {
+        if (!channelInfosInternal.containsKey(sourceCert)) {
+            channelInfosInternal.put(sourceCert, new ConcurrentHashMap<>());
+        }
+        ConcurrentHashMap<String, ChannelInfo> channelInfo = channelInfosInternal.get(sourceCert);
+        if (!channelInfo.containsKey(targetCert)) {
+            ChannelInfo newChannelInfo = new ChannelInfo(sourceId, sourceCert, targetId, targetCert);
+            channelInfo.put(targetCert, newChannelInfo);
+            channelInfos.add(newChannelInfo);
+        }
+
+        // update the id's to the latest
+        channelInfo.get(targetCert).setTargetId(targetId);
+        channelInfo.get(targetCert).setSourceId(sourceId);
+
+        channelInfo.get(targetCert).messagesWritten += 1;
+        channelInfo.get(targetCert).bytesWritten += messageLength;
+        channelInfo.get(targetCert).totalMessages += 1;
+    }
+
+    public void incrementChannelRead(String targetId,
+                                     String targetCert,
+                                     String sourceId,
+                                     String sourceCert,
+                                     long messageLength) {
+        if (!channelInfosInternal.containsKey(sourceCert)) {
+            channelInfosInternal.put(sourceCert, new ConcurrentHashMap<>());
+        }
+        ConcurrentHashMap<String, ChannelInfo> channelInfo = channelInfosInternal.get(sourceCert);
+        if (!channelInfo.containsKey(targetCert)) {
+            ChannelInfo newChannelInfo = new ChannelInfo(sourceId, sourceCert, targetId, targetCert);
+            channelInfo.put(targetCert, newChannelInfo);
+            channelInfos.add(newChannelInfo);
+        }
+
+        // update the id's to the latest
+        channelInfo.get(targetCert).setTargetId(targetId);
+        channelInfo.get(targetCert).setSourceId(sourceId);
+
+        channelInfo.get(targetCert).messagesRead += 1;
+        channelInfo.get(targetCert).bytesRead += messageLength;
+        channelInfo.get(targetCert).totalMessages += 1;
+    }
+
+    public static class ChannelInfo {
+
+        public ChannelInfo(String sourceId,
+                           String sourceCert,
+                           String targetId,
+                           String targetCert) {
+            this.sourceId = sourceId;
+            this.targetId = targetId;
+            this.sourceCert = sourceCert;
+            this.targetCert = targetCert;
+        }
+
+        public long getMessagesRead() {
+            return messagesRead;
+        }
+
+        public void setMessagesRead(long messagesRead) {
+            this.messagesRead = messagesRead;
+        }
+
+        public long getTotalMessages() {
+            return totalMessages;
+        }
+
+        public void setTotalMessages(long totalMessages) {
+            this.totalMessages = totalMessages;
+        }
+
+        public long getBytesRead() {
+            return bytesRead;
+        }
+
+        public void setBytesRead(long bytesRead) {
+            this.bytesRead = bytesRead;
+        }
+
+        public String getSourceId() {
+            return sourceId;
+        }
+
+        public void setSourceId(String sourceId) {
+            this.sourceId = sourceId;
+        }
+
+        public String getTargetId() {
+            return targetId;
+        }
+
+        public void setTargetId(String targetId) {
+            this.targetId = targetId;
+        }
+
+        public String getSourceCert() {
+            return sourceCert;
+        }
+
+        public void setSourceCert(String sourceCert) {
+            this.sourceCert = sourceCert;
+        }
+
+        public String getTarget() {
+            return targetCert;
+        }
+
+        public void setTarget(String target) {
+            this.targetCert = target;
+        }
+
+        public long getMessagesWritten() {
+            return messagesWritten;
+        }
+
+        public void setMessagesWritten(long messagesWritten) {
+            this.messagesWritten = messagesWritten;
+        }
+
+        public String sourceId;
+        public String targetId;
+        public String sourceCert;
+        public String targetCert;
+        public long messagesWritten;
+        public long messagesRead;
+        public long totalMessages;
+        public long bytesWritten;
+        public long bytesRead;
+
+        @Override
+        public String toString() {
+            return "ChannelInfo{" +
+                    "sourceId='" + sourceId + '\'' +
+                    ", targetId='" + targetId + '\'' +
+                    ", sourceCert='" + sourceCert + '\'' +
+                    ", targetCert='" + targetCert + '\'' +
+                    ", messagesWritten=" + messagesWritten +
+                    ", messagesRead=" + messagesRead +
+                    ", totalMessages=" + totalMessages +
+                    ", bytesWritten=" + bytesWritten +
+                    ", bytesRead=" + bytesRead +
+                    '}';
+        }
+    }
+
+    @Override
+    public String toString() {
+        return "FederationHubBrokerMetrics{" +
+                "channelWriteInfosInternal=" + channelInfosInternal +
+                ", channelInfos=" + channelInfos +
+                '}';
+    }
+}
\ No newline at end of file
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubServerConfig.java b/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubServerConfig.java
index 38c650b2..9f30fcf8 100644
--- a/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubServerConfig.java
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/broker/FederationHubServerConfig.java
@@ -43,7 +43,7 @@ public FederationHubServerConfig() {
     /* For v2 federation only. */
     private boolean v2Enabled;
     private Integer v2Port;
-    private int maxMessageSizeBytes = 67108864;
+    private int maxMessageSizeBytes = 268435456;
     private int metricsLogIntervalSeconds = 5;
     private int clientTimeoutTime = 15;
     private int clientRefreshTime = 5;
@@ -60,6 +60,18 @@ public FederationHubServerConfig() {
     @JsonIgnore
     private String fullId;
     
+    private String dbUsername = "martiuser";
+    private String dbPassword = "";
+    private int dbPort = 27017;
+    private String dbHost = "localhost";
+    private long dbConnectionTimeoutMS = 5000;
+    
+    private long missionFederationDBRetentionDays = 7;
+    
+    private long missionFederationRecencySeconds = 43200;
+    private long missionFederationDisruptionMaxFileSizeBytes = 268435456;
+    private boolean missionFederationDisruptionEnabled = false;
+    
     public int getOutgoingReconnectSeconds() {
 		return outgoingReconnectSeconds;
 	}
@@ -267,19 +279,95 @@ public void setUseCaGroups(boolean useCaGroups) {
         this.useCaGroups = useCaGroups;
     }
 	
+	public String getDbUsername() {
+		return dbUsername;
+	}
+
+	public void setDbUsername(String dbUsername) {
+		this.dbUsername = dbUsername;
+	}
+
+	public String getDbPassword() {
+		return dbPassword;
+	}
+
+	public void setDbPassword(String dbPassword) {
+		this.dbPassword = dbPassword;
+	}
+
+	public int getDbPort() {
+		return dbPort;
+	}
+
+	public void setDbPort(int dbPort) {
+		this.dbPort = dbPort;
+	}
+
+	public String getDbHost() {
+		return dbHost;
+	}
+
+	public void setDbHost(String dbHost) {
+		this.dbHost = dbHost;
+	}
+
+	public long getDbConnectionTimeoutMS() {
+		return dbConnectionTimeoutMS;
+	}
+
+	public void setDbConnectionTimeoutMS(long dbConnectionTimeoutMS) {
+		this.dbConnectionTimeoutMS = dbConnectionTimeoutMS;
+	}
+
+	public long getMissionFederationRecencySeconds() {
+		return missionFederationRecencySeconds;
+	}
+
+	public void setMissionFederationRecencySeconds(long missionFederationRecencySeconds) {
+		this.missionFederationRecencySeconds = missionFederationRecencySeconds;
+	}
+
+	public boolean isMissionFederationDisruptionEnabled() {
+		return missionFederationDisruptionEnabled;
+	}
+
+	public void setMissionFederationDisruptionEnabled(boolean missionFederationDisruptionEnabled) {
+		this.missionFederationDisruptionEnabled = missionFederationDisruptionEnabled;
+	}
+
+	public long getMissionFederationDBRetentionDays() {
+		return missionFederationDBRetentionDays;
+	}
+
+	public void setMissionFederationDBRetentionDays(long missionFederationDBRetentionDays) {
+		this.missionFederationDBRetentionDays = missionFederationDBRetentionDays;
+	}
+
+	public long getMissionFederationDisruptionMaxFileSizeBytes() {
+		return missionFederationDisruptionMaxFileSizeBytes;
+	}
+
+	public void setMissionFederationDisruptionMaxFileSizeBytes(long missionFederationDisruptionMaxFileSizeBytes) {
+		this.missionFederationDisruptionMaxFileSizeBytes = missionFederationDisruptionMaxFileSizeBytes;
+	}
+
 	@Override
 	public String toString() {
 		return "FederationHubServerConfig [keystoreType=" + keystoreType + ", keystoreFile=" + keystoreFile
-				+ ", keystorePassword=" + keystorePassword + ", truststoreType=" + truststoreType + ", truststoreFile="
-				+ truststoreFile + ", truststorePassword=" + truststorePassword + ", keyManagerType=" + keyManagerType
-				+ ", v1Enabled=" + v1Enabled + ", v1Port=" + v1Port + ", context=" + context + ", useEpoll=" + useEpoll
-				+ ", allow128cipher=" + allow128cipher + ", allowNonSuiteB=" + allowNonSuiteB + ", enableOCSP="
-				+ enableOCSP + ", tlsVersions=" + tlsVersions + ", v2Enabled=" + v2Enabled + ", v2Port=" + v2Port
-				+ ", maxMessageSizeBytes=" + maxMessageSizeBytes + ", metricsLogIntervalSeconds="
+				+ ", truststoreType=" + truststoreType + ", truststoreFile=" + truststoreFile + ", keyManagerType="
+				+ keyManagerType + ", v1Enabled=" + v1Enabled + ", v1Port=" + v1Port + ", context=" + context
+				+ ", useEpoll=" + useEpoll + ", allow128cipher=" + allow128cipher + ", allowNonSuiteB=" + allowNonSuiteB
+				+ ", enableOCSP=" + enableOCSP + ", tlsVersions=" + tlsVersions + ", v2Enabled=" + v2Enabled
+				+ ", v2Port=" + v2Port + ", maxMessageSizeBytes=" + maxMessageSizeBytes + ", metricsLogIntervalSeconds="
 				+ metricsLogIntervalSeconds + ", clientTimeoutTime=" + clientTimeoutTime + ", clientRefreshTime="
 				+ clientRefreshTime + ", maxConcurrentCallsPerConnection=" + maxConcurrentCallsPerConnection
 				+ ", enableHealthCheck=" + enableHealthCheck + ", useCaGroups=" + useCaGroups + ", serverName="
 				+ serverName + ", outgoingReconnectSeconds=" + outgoingReconnectSeconds + ", id=" + id + ", nonce="
-				+ nonce + ", fullId=" + fullId + "]";
+				+ nonce + ", fullId=" + fullId + ", dbUsername=" + dbUsername + ", dbPort=" + dbPort + ", dbHost="
+				+ dbHost + ", dbConnectionTimeoutMS=" + dbConnectionTimeoutMS + ", missionFederationDBRetentionDays="
+				+ missionFederationDBRetentionDays + ", missionFederationRecencySeconds="
+				+ missionFederationRecencySeconds + ", missionFederationDisruptionMaxFileSizeBytes="
+				+ missionFederationDisruptionMaxFileSizeBytes + ", missionFederationDisruptionEnabled="
+				+ missionFederationDisruptionEnabled + "]";
 	}
 }
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/broker/HubConnectionStore.java b/src/federation-common/src/main/java/tak/server/federation/hub/broker/HubConnectionStore.java
index b873c1b1..e3811713 100644
--- a/src/federation-common/src/main/java/tak/server/federation/hub/broker/HubConnectionStore.java
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/broker/HubConnectionStore.java
@@ -1,7 +1,9 @@
 package tak.server.federation.hub.broker;
 
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -15,6 +17,9 @@
 import com.atakmap.Tak.ROL;
 
 import tak.server.federation.GuardedStreamHolder;
+import tak.server.federation.hub.FederationHubDependencyInjectionProxy;
+import tak.server.federation.hub.broker.events.StreamReadyEvent;
+import tak.server.federation.hub.broker.events.UpdatePolicy;
 
 public class HubConnectionStore {
     private static final Logger logger = LoggerFactory.getLogger(HubConnectionStore.class);
@@ -26,10 +31,18 @@ public class HubConnectionStore {
     private final Map<String, SSLSession> sessionMap =  new ConcurrentHashMap<>();
     private final Map<String, HubConnectionInfo> connectionInfos = new ConcurrentHashMap<>();
     
+    private final Map<String, List<ROL>> tempRolCache = new ConcurrentHashMap<>();
+    
+    public void cacheRol( ROL rol, String id) {
+    	if (!tempRolCache.containsKey(id)) 
+    		tempRolCache.put(id, new ArrayList<>());
+    	
+    	tempRolCache.get(id).add(rol);
+    }
+    
     public Collection<HubConnectionInfo> getConnectionInfos() {
     	return connectionInfos.values();
     }
-    
 
     public void addConnectionInfo(String id, HubConnectionInfo info) {
     	connectionInfos.put(id, info);
@@ -42,6 +55,7 @@ public void clearIdFromAllStores(String id) {
     	this.clientToGroups.remove(id);
     	this.sessionMap.remove(id);
     	this.connectionInfos.remove(id);
+    	this.tempRolCache.remove(id);
     }
     
     public void clearStreamMaps() {
@@ -51,6 +65,7 @@ public void clearStreamMaps() {
     	this.clientToGroups.clear();
     	this.sessionMap.clear();
     	this.connectionInfos.clear();
+    	this.tempRolCache.clear();
     }
     
     public Map<String, GuardedStreamHolder<FederatedEvent>> getClientStreamMap() {
@@ -67,6 +82,12 @@ public Map<String, GuardedStreamHolder<ROL>> getClientROLStreamMap() {
     
     public void addRolStream(String id, GuardedStreamHolder<ROL> holder) {
     	this.clientROLStreamMap.put(id, holder);
+    	List<ROL> cachedRol = tempRolCache.get(id);
+    	if (cachedRol != null) {
+    		FederationHubDependencyInjectionProxy.getSpringContext()
+    			.publishEvent(new StreamReadyEvent<ROL>(this, StreamReadyEvent.StreamReadyType.ROL, id, new ArrayList<ROL>(cachedRol)));
+    	}
+    	tempRolCache.remove(id);
     }
     
     public void removeRolStream(String id) {
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/broker/events/StreamReadyEvent.java b/src/federation-common/src/main/java/tak/server/federation/hub/broker/events/StreamReadyEvent.java
new file mode 100644
index 00000000..6477f778
--- /dev/null
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/broker/events/StreamReadyEvent.java
@@ -0,0 +1,34 @@
+package tak.server.federation.hub.broker.events;
+
+import java.util.List;
+
+public class StreamReadyEvent<T> extends BrokerServerEvent {
+	private static final long serialVersionUID = 5023824657075431825L;
+
+	public enum StreamReadyType {
+		EVENT, GROUPS, ROL
+	}
+	
+	private final StreamReadyType type;
+	private final String streamKey;
+	private final List<T> events;
+	
+	public StreamReadyEvent(Object source, StreamReadyType type, String streamKey, List<T> events) {
+		super(source);
+		this.type = type;
+		this.streamKey = streamKey;
+		this.events = events;
+	}
+
+	public StreamReadyType getType() {
+		return type;
+	}
+
+	public String getStreamKey() {
+		return streamKey;
+	}
+
+	public List<T> getEvents() {
+		return events;
+	}
+}
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/db/FederationHubDatabase.java b/src/federation-common/src/main/java/tak/server/federation/hub/db/FederationHubDatabase.java
new file mode 100644
index 00000000..f61af742
--- /dev/null
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/db/FederationHubDatabase.java
@@ -0,0 +1,62 @@
+package tak.server.federation.hub.db;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.data.mongodb.config.AbstractMongoClientConfiguration;
+
+import com.mongodb.BasicDBObject;
+import com.mongodb.client.MongoClient;
+import com.mongodb.client.MongoClients;
+import com.mongodb.client.MongoDatabase;
+
+public class FederationHubDatabase {
+	private static final Logger logger = LoggerFactory.getLogger(FederationHubDatabase.class);
+
+	private AbstractMongoClientConfiguration mongo;
+	private MongoClient mongoClient;
+	private MongoDatabase cotDatabase;
+	private boolean dbIsConnected = false;
+	
+	public FederationHubDatabase(String username, String password, String host, int port) {
+		try {
+			mongo = new AbstractMongoClientConfiguration() {
+
+				@Override
+				protected String getDatabaseName() {
+					return "cot";
+				}
+				
+				@Override
+				public MongoClient mongoClient() {
+				    MongoClient client = MongoClients.create("mongodb://" + username + ":" + password + "@" + host + ":" + port + "/?serverSelectionTimeoutMS=5000&connectTimeoutMS=5000");
+				    
+				    return client;
+				}
+				
+			};
+			
+			mongoClient = mongo.mongoClient();
+			mongoClient.getDatabase("cot").runCommand(new BasicDBObject("ping", "1"));
+			dbIsConnected = true;
+		} catch (Exception e) {
+			dbIsConnected = false;
+			logger.error("Could not initialize mongo connection", e);
+		}
+	}
+	
+	public boolean isDBConnected() {
+		return dbIsConnected;
+	}
+	
+	public MongoDatabase getDB() {
+		if (cotDatabase == null) {
+			cotDatabase = mongoClient.getDatabase("cot");
+		}
+		
+		return cotDatabase;
+	}
+
+	public MongoClient getClient() {
+		return mongoClient;
+	}
+}
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/policy/FederationPolicy.java b/src/federation-common/src/main/java/tak/server/federation/hub/policy/FederationPolicy.java
index 5248dfbd..809253ec 100644
--- a/src/federation-common/src/main/java/tak/server/federation/hub/policy/FederationPolicy.java
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/policy/FederationPolicy.java
@@ -5,7 +5,10 @@
 import tak.server.federation.hub.ui.StringEdge;
 import tak.server.federation.hub.ui.UidHolder;
 
-import java.util.*;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
 
 @JsonInclude(JsonInclude.Include.NON_EMPTY)
 public class FederationPolicy {
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/policy/FederationPolicyGraphImpl.java b/src/federation-common/src/main/java/tak/server/federation/hub/policy/FederationPolicyGraphImpl.java
index 0637ba78..04ffb65f 100644
--- a/src/federation-common/src/main/java/tak/server/federation/hub/policy/FederationPolicyGraphImpl.java
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/policy/FederationPolicyGraphImpl.java
@@ -1,7 +1,14 @@
 package tak.server.federation.hub.policy;
 
 import java.io.Serializable;
-import java.util.*;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
 import org.slf4j.Logger;
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/ui/graph/FilterUtils.java b/src/federation-common/src/main/java/tak/server/federation/hub/ui/graph/FilterUtils.java
index 4a5bc80b..cfc05bd3 100644
--- a/src/federation-common/src/main/java/tak/server/federation/hub/ui/graph/FilterUtils.java
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/ui/graph/FilterUtils.java
@@ -1,6 +1,10 @@
 package tak.server.federation.hub.ui.graph;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -18,9 +22,9 @@ public class FilterUtils {
     public static String filterNodeToString(FilterNode filterNode) {
         if (filterNode.getType().equals(FILTER_TYPE)) {
             return filterToString(filterNode.getFilter());
-        } else if(filterNode.getType().equals(AND_TYPE)) {
+        } else if (filterNode.getType().equals(AND_TYPE)) {
             return andedFiltersToString(filterNode.getNodes());
-        } else if(filterNode.getType().equals(OR_TYPE)) {
+        } else if (filterNode.getType().equals(OR_TYPE)) {
             return oredFiltersToString(filterNode.getNodes());
         }
         return "";
@@ -31,7 +35,7 @@ public static String filterToString(EdgeFilter edgeFilter) {
         filterStringBuilder.append(edgeFilter.name).append("(");
         for(int i = 0; i < edgeFilter.getArgs().size(); i++) {
             filterStringBuilder.append(valueToString(edgeFilter.getArgs().get(i)));
-            if(isNotLastIndex(edgeFilter.getArgs(), i)) {
+            if (isNotLastIndex(edgeFilter.getArgs(), i)) {
                 filterStringBuilder.append(", ");
             }
         }
@@ -100,15 +104,15 @@ private static List<FilterNode> getValidNodeList(List<FilterNode> filterNodes) {
         filterNodes.stream().filter(node -> node.getType().equals(AND_TYPE)).forEach(andList::add);
         filterNodes.stream().filter(node -> node.getType().equals(OR_TYPE)).forEach(orList::add);
 
-        if(!nodeList.isEmpty()) {
+        if (!nodeList.isEmpty()) {
             nodeList.addAll(andList);
             nodeList.addAll(orList);
             return nodeList;
-        } else if(!andList.isEmpty()) {
+        } else if (!andList.isEmpty()) {
             andList.stream().forEach(node -> nodeList.addAll(node.getNodes()));
             nodeList.addAll(orList);
             return getValidNodeList(nodeList);
-        } else if(!orList.isEmpty()) {
+        } else if (!orList.isEmpty()) {
             return orList;
         }
 
@@ -116,7 +120,7 @@ private static List<FilterNode> getValidNodeList(List<FilterNode> filterNodes) {
     }
 
     private static String valueToString(FilterArgument argument) {
-        if(argument.getType().equals("string")) {
+        if (argument.getType().equals("string")) {
             return "\"" + argument.getValue() + "\"";
         }
         return argument.getValue();
diff --git a/src/federation-common/src/main/java/tak/server/federation/hub/ui/graph/NodeProperties.java b/src/federation-common/src/main/java/tak/server/federation/hub/ui/graph/NodeProperties.java
index f5ba0747..f608f07f 100644
--- a/src/federation-common/src/main/java/tak/server/federation/hub/ui/graph/NodeProperties.java
+++ b/src/federation-common/src/main/java/tak/server/federation/hub/ui/graph/NodeProperties.java
@@ -58,11 +58,11 @@ public Map<String, Object> attributesToMap() {
 
     @SuppressWarnings("unchecked")
     private Object nodeToAttributeValue(Map<String, Object> node) {
-        if((node.get("type")).equals("attribute")) {
+        if ((node.get("type")).equals("attribute")) {
             return node.get("value");
-        } else if((node.get("type")).equals("attributes")) {
+        } else if ((node.get("type")).equals("attributes")) {
             return node.get("values");
-        } else if((node.get("type")).equals("nodes")) {
+        } else if ((node.get("type")).equals("nodes")) {
             return attributesToMap((List<Object>) node.get("nodes"));
         }
         return null;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionEnterpriseSyncRolVisitor.java b/src/federation-common/src/main/java/tak/server/federation/rol/MissionEnterpriseSyncRolVisitor.java
similarity index 99%
rename from src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionEnterpriseSyncRolVisitor.java
rename to src/federation-common/src/main/java/tak/server/federation/rol/MissionEnterpriseSyncRolVisitor.java
index 36d52331..200f7042 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionEnterpriseSyncRolVisitor.java
+++ b/src/federation-common/src/main/java/tak/server/federation/rol/MissionEnterpriseSyncRolVisitor.java
@@ -1,4 +1,4 @@
-package com.bbn.marti.sync.federation;
+package tak.server.federation.rol;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-fig-core/rol/src/main/java/mil/af/rl/rol/MissionRolVisitor.java b/src/federation-common/src/main/java/tak/server/federation/rol/MissionRolVisitor.java
similarity index 95%
rename from src/takserver-fig-core/rol/src/main/java/mil/af/rl/rol/MissionRolVisitor.java
rename to src/federation-common/src/main/java/tak/server/federation/rol/MissionRolVisitor.java
index 8fd77546..39811696 100644
--- a/src/takserver-fig-core/rol/src/main/java/mil/af/rl/rol/MissionRolVisitor.java
+++ b/src/federation-common/src/main/java/tak/server/federation/rol/MissionRolVisitor.java
@@ -1,7 +1,10 @@
-package mil.af.rl.rol;
+package tak.server.federation.rol;
 
 import java.io.IOException;
 
+import mil.af.rl.rol.ResourceOperationParameterEvaluator;
+import mil.af.rl.rol.RolBaseVisitor;
+import mil.af.rl.rol.RolParser;
 import mil.af.rl.rol.value.Parameters;
 
 import org.slf4j.Logger;
diff --git a/src/federation-hub-broker/build.gradle b/src/federation-hub-broker/build.gradle
index 77772682..411140da 100644
--- a/src/federation-hub-broker/build.gradle
+++ b/src/federation-hub-broker/build.gradle
@@ -11,7 +11,6 @@ jar {
 apply plugin: 'eclipse'
 apply plugin: 'idea'
 apply plugin: 'org.springframework.boot'
-apply plugin: 'io.spring.dependency-management'
 
 test {
   testLogging.showStandardStreams = true
@@ -56,19 +55,20 @@ dependencies {
   implementation "io.netty:netty-tcnative-boringssl-static:$netty_tcnative_version:osx-aarch_64"
   implementation "io.netty:netty-tcnative-boringssl-static:$netty_tcnative_version:windows-x86_64"
 
-  // exclude from actuator
   implementation ("org.springframework.boot:spring-boot-starter-actuator:$spring_boot_version") {
     exclude group: 'org.apache.logging.log4j'
     exclude group: 'org.slf4j', module: 'log4j-over-slf4j'
   }
 
   implementation group: 'org.springframework.boot', name: 'spring-boot-loader', version: spring_boot_version
-  implementation group: 'org.springframework', name: 'spring-context'
-
+  implementation group: 'org.springframework', name: 'spring-context', version: spring_version
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-cache', version: spring_boot_version
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-mongodb', version: spring_boot_version
+  api group: 'com.github.ben-manes.caffeine', name: 'caffeine', version: caffeine_version
 
   testImplementation group: 'junit', name: 'junit', version: junit_version
   testImplementation group: 'org.mockito', name: 'mockito-core', version: mockito_version
-  testImplementation("org.springframework.boot:spring-boot-starter-test") {
+  testImplementation("org.springframework.boot:spring-boot-starter-test:$spring_boot_version") {
     exclude group: "com.vaadin.external.google", module:"android-json"
   }
 
diff --git a/src/federation-hub-broker/scripts/db/configure.sh b/src/federation-hub-broker/scripts/db/configure.sh
new file mode 100755
index 00000000..2b8ead32
--- /dev/null
+++ b/src/federation-hub-broker/scripts/db/configure.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+echo "Configuring DB"
+
+cd /opt/tak/federation-hub
+
+# stop mongo
+echo "Trying to setup Mongo."
+systemctl stop mongod
+sleep 1
+
+# create data directory, set mongod permissions, remove lock file
+echo "Creating Mongo data directory at /var/lib/mongodb"
+mkdir -p /var/lib/mongodb
+chown -R mongod:mongod /var/lib/mongodb
+chcon -Rv --type=mongod_var_lib_t /var/lib/mongodb
+rm -f /tmp/mongodb-27017.sock
+sleep 1
+cp /opt/tak/federation-hub/scripts/db/mongod-noauth.conf /etc/mongod.conf
+
+echo "Restarting Mongo..."
+systemctl start mongod
+sleep 10
+
+# generate username + password and create user with mongosh
+/opt/tak/federation-hub/scripts/db/setup-db.sh
+
+sleep 1
+rm -f /tmp/mongodb-27017.sock  
+sleep 1
+
+cp /opt/tak/federation-hub/scripts/db/mongod-auth.conf /etc/mongod.conf
+sleep 1
+systemctl restart mongod
+
+echo "Mongo Setup!"
\ No newline at end of file
diff --git a/src/federation-hub-broker/scripts/db/configureInDocker.sh b/src/federation-hub-broker/scripts/db/configureInDocker.sh
new file mode 100755
index 00000000..9e1d7eab
--- /dev/null
+++ b/src/federation-hub-broker/scripts/db/configureInDocker.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+echo "Running configureInDocker.sh"
+
+cd /opt/tak/federation-hub
+
+if [ ! -f "/etc/mongod.conf" ]; then
+	echo "Mongo has not been setup set. Trying now."
+
+	/usr/bin/mongod --bind_ip_all --config /opt/tak/federation-hub/scripts/db/mongod-noauth.conf &
+	mongoPID=$!
+	sleep 5
+	/opt/tak/federation-hub/scripts/db/setup-db.sh
+	
+	sleep 1
+    rm -f /tmp/mongodb-27017.sock
+    sleep 1
+
+	kill -9 $mongoPID
+	sleep 5
+	cp /opt/tak/federation-hub/scripts/db/mongod-auth.conf /etc/mongod.conf
+fi
+
+/usr/bin/mongod --bind_ip_all --config /etc/mongod.conf &
diff --git a/src/federation-hub-broker/scripts/db/mongod-auth.conf b/src/federation-hub-broker/scripts/db/mongod-auth.conf
new file mode 100755
index 00000000..0a557e16
--- /dev/null
+++ b/src/federation-hub-broker/scripts/db/mongod-auth.conf
@@ -0,0 +1,29 @@
+# mongod.conf
+
+# for documentation of all options, see:
+#   http://docs.mongodb.org/manual/reference/configuration-options/
+
+security:
+  authorization: "enabled"
+
+# Where and how to store data.
+storage:
+  dbPath: /var/lib/mongodb
+#  engine:
+#  wiredTiger:
+
+# where to write logging data.
+systemLog:
+  destination: file
+  logAppend: true
+  path: /var/log/mongodb/mongod.log
+
+# network interfaces
+net:
+  port: 27017
+  bindIp: 127.0.0.1
+
+
+# how the process runs
+processManagement:
+  timeZoneInfo: /usr/share/zoneinfo
diff --git a/src/federation-hub-broker/scripts/db/mongod-noauth.conf b/src/federation-hub-broker/scripts/db/mongod-noauth.conf
new file mode 100755
index 00000000..9f202b4d
--- /dev/null
+++ b/src/federation-hub-broker/scripts/db/mongod-noauth.conf
@@ -0,0 +1,26 @@
+# mongod.conf
+
+# for documentation of all options, see:
+#   http://docs.mongodb.org/manual/reference/configuration-options/
+
+# Where and how to store data.
+storage:
+  dbPath: /var/lib/mongodb
+#  engine:
+#  wiredTiger:
+
+# where to write logging data.
+systemLog:
+  destination: file
+  logAppend: true
+  path: /var/log/mongodb/mongod.log
+
+# network interfaces
+net:
+  port: 27017
+  bindIp: 127.0.0.1
+
+
+# how the process runs
+processManagement:
+  timeZoneInfo: /usr/share/zoneinfo
diff --git a/src/federation-hub-broker/scripts/db/mongodb-org.repo b/src/federation-hub-broker/scripts/db/mongodb-org.repo
new file mode 100755
index 00000000..e0c89fc8
--- /dev/null
+++ b/src/federation-hub-broker/scripts/db/mongodb-org.repo
@@ -0,0 +1,6 @@
+[mongodb-org-6.0]
+name=MongoDB Repository
+baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/6.0/x86_64/
+gpgcheck=1
+enabled=1
+gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc
\ No newline at end of file
diff --git a/src/federation-hub-broker/scripts/db/setup-db.sh b/src/federation-hub-broker/scripts/db/setup-db.sh
new file mode 100755
index 00000000..b81e2eef
--- /dev/null
+++ b/src/federation-hub-broker/scripts/db/setup-db.sh
@@ -0,0 +1,40 @@
+setup_mongo () {
+  username=''
+  password=''
+
+  # try to get username from /opt/tak/CoreConfig.xml
+  if [ -f "/opt/tak/federation-hub/configs/federation-hub-broker.yml" ]; then
+    username=$(echo $(grep -m 1 "dbUsername:" /opt/tak/federation-hub/configs/federation-hub-broker.yml) | sed 's/.*dbUsername: *//')
+  fi
+
+  # cant find username - use default
+  if [ -z "$username" ]; then
+    username='martiuser'
+    sed -i "/dbUsername:/d" /opt/tak/federation-hub/configs/federation-hub-broker.yml
+    echo "" >> /opt/tak/federation-hub/configs/federation-hub-broker.yml
+    echo "dbUsername: $username" >> /opt/tak/federation-hub/configs/federation-hub-broker.yml
+  fi
+
+  # try to get password from /opt/tak/CoreConfig.xml
+  if [ -f "/opt/tak/federation-hub/configs/federation-hub-broker.yml" ]; then
+    password=$(echo $(grep -m 1 "dbPassword:" /opt/tak/federation-hub/configs/federation-hub-broker.yml) | sed 's/.*dbPassword: *//')
+  fi
+
+  # cant find password - generate one
+  if [ -z "$password" ]; then
+    password=$(openssl rand -base64 12 | tr -dc 'a-zA-Z0-9')
+    sed -i "/dbPassword:/d" /opt/tak/federation-hub/configs/federation-hub-broker.yml
+    echo "" >> /opt/tak/federation-hub/configs/federation-hub-broker.yml
+    echo "dbPassword: $password" >> /opt/tak/federation-hub/configs/federation-hub-broker.yml
+  fi
+
+  echo "db.createUser({user: '$username', pwd: '$password', roles: [ { role: 'root', db: 'admin' } ]})" > /opt/tak/federation-hub/scripts/db/create_user.js
+  echo "Creating the following admin user within mongo:"
+  cat "/opt/tak/federation-hub/scripts/db/create_user.js"
+  sleep 1
+  $(echo "mongosh admin --file /opt/tak/federation-hub/scripts/db/create_user.js")
+  sleep 1
+  rm "/opt/tak/federation-hub/scripts/db/create_user.js"
+}
+
+setup_mongo
diff --git a/src/federation-hub-broker/scripts/federation-hub-broker.sh b/src/federation-hub-broker/scripts/federation-hub-broker.sh
index 295c6d53..66823690 100755
--- a/src/federation-hub-broker/scripts/federation-hub-broker.sh
+++ b/src/federation-hub-broker/scripts/federation-hub-broker.sh
@@ -3,4 +3,12 @@
 export FEDERATION_HUB=/opt/tak/federation-hub
 export JDK_JAVA_OPTIONS="-Dio.netty.tmpdir=/opt/tak -Djava.io.tmpdir=/opt/tak -Dio.netty.native.workdir=/opt/tak -DIGNITE_UPDATE_NOTIFIER=false"
 
-java -Dlogging.config=${FEDERATION_HUB}/configs/logback-broker.xml --add-opens java.base/jdk.internal.misc=ALL-UNNAMED -Dio.netty.tryReflectionSetAccessible=true -jar ${FEDERATION_HUB}/jars/federation-hub-broker.jar "$@"
+# get total RAM
+TOTALRAMBYTES=`awk '/MemTotal/ {print $2}' /proc/meminfo`
+
+# set BROKER max if not set already
+if [ -z "$BROKER_MAX_HEAP" ]; then
+  export BROKER_MAX_HEAP=$(($TOTALRAMBYTES / 1000 / 100 * 50))
+fi
+
+java -Xmx${BROKER_MAX_HEAP}m -Dlogging.config=${FEDERATION_HUB}/configs/logback-broker.xml --add-opens java.base/jdk.internal.misc=ALL-UNNAMED -Dio.netty.tryReflectionSetAccessible=true -jar ${FEDERATION_HUB}/jars/federation-hub-broker.jar "$@"
diff --git a/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerService.java b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerService.java
index 5dfe2e93..e5ae8c20 100644
--- a/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerService.java
+++ b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubBrokerService.java
@@ -5,6 +5,7 @@
 import java.io.FileInputStream;
 import java.math.BigInteger;
 import java.net.SocketAddress;
+import java.rmi.RemoteException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.cert.Certificate;
@@ -47,8 +48,8 @@
 import org.antlr.v4.runtime.CommonTokenStream;
 import org.antlr.v4.runtime.tree.ParseTree;
 import org.apache.ignite.Ignite;
-import org.apache.ignite.binary.BinaryObjectException;
 import org.apache.ignite.cache.query.ContinuousQuery;
+import org.bson.types.ObjectId;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.ApplicationListener;
@@ -105,7 +106,6 @@
 import io.netty.handler.ssl.SslHandler;
 import io.netty.handler.ssl.SslProvider;
 import mil.af.rl.rol.FederationProcessor;
-import mil.af.rl.rol.MissionRolVisitor;
 import mil.af.rl.rol.ResourceOperationParameterEvaluator;
 import mil.af.rl.rol.RolLexer;
 import mil.af.rl.rol.RolParser;
@@ -118,16 +118,19 @@
 import tak.server.federation.FederationPolicyGraph;
 import tak.server.federation.GuardedStreamHolder;
 import tak.server.federation.hub.FederationHubCache;
+import tak.server.federation.hub.broker.db.FederationHubMissionDisruptionManager;
 import tak.server.federation.hub.broker.events.BrokerServerEvent;
 import tak.server.federation.hub.broker.events.HubClientDisconnectEvent;
 import tak.server.federation.hub.broker.events.RestartServerEvent;
+import tak.server.federation.hub.broker.events.StreamReadyEvent;
 import tak.server.federation.hub.broker.events.UpdatePolicy;
 import tak.server.federation.hub.policy.FederationHubPolicyManager;
 import tak.server.federation.hub.ui.graph.FederationOutgoingCell;
 import tak.server.federation.hub.ui.graph.PolicyObjectCell;
+import tak.server.federation.rol.MissionRolVisitor;
 
 public class FederationHubBrokerService implements ApplicationListener<BrokerServerEvent> {
-	
+
 	private final Ignite ignite;
 
     private static final String SSL_SESSION_ID = "sslSessionId";
@@ -135,11 +138,16 @@ public class FederationHubBrokerService implements ApplicationListener<BrokerSer
 
     private static final Logger logger = LoggerFactory.getLogger(FederationHubBrokerService.class);
 
+    private FederationHubBrokerMetrics fedHubBrokerMetrics;
     private HubConnectionStore hubConnectionStore;
     private FederationHubServerConfig fedHubConfig;
     private FederationHubPolicyManager fedHubPolicyManager;
+    private FederationHubMissionDisruptionManager federationHubMissionDisruptionManager;
     private SSLConfig sslConfig;
 
+    private int numThreads = Runtime.getRuntime().availableProcessors() + 1;
+	private ScheduledExecutorService mfdtScheduler = Executors.newScheduledThreadPool(1);
+
     /* v1 variables. */
     private final Map<String, NioNettyFederationHubServerHandler> v1ClientStreamMap = new ConcurrentHashMap<>();
     private EventLoopGroup workerGroup;
@@ -151,6 +159,7 @@ public class FederationHubBrokerService implements ApplicationListener<BrokerSer
 
     private SyncService syncService = new FileCacheSyncService();
     private final FederationProcessorFactory federationProcessorFactory = new FederationProcessorFactory();
+    private final FederationHubROLHandler federationHubROLHandler;
 
     private final AtomicBoolean keepRunning = new AtomicBoolean(true);
 
@@ -158,7 +167,7 @@ public class FederationHubBrokerService implements ApplicationListener<BrokerSer
             .newBuilder()
             .setStatus(ServerHealth.ServingStatus.SERVING)
             .build();
-    
+
     private static ServerHealth notConnected = ServerHealth
             .newBuilder()
             .setStatus(ServerHealth.ServingStatus.NOT_CONNECTED)
@@ -167,24 +176,34 @@ public class FederationHubBrokerService implements ApplicationListener<BrokerSer
     // Count messages from all clients, over the lifetime of the server.
     private static final AtomicLong clientMessageCounter = new AtomicLong();
     private static final AtomicLong clientByteAccumulator = new AtomicLong();
-    
+
     private static FederationHubBrokerService instance = null;
-    
+
     public static FederationHubBrokerService getInstance() {
     	return instance;
     }
+
+    public ScheduledExecutorService getMfdtScheduler() {
+		return mfdtScheduler;
+	}
     
-    private ContinuousQuery<String, FederationPolicyGraph> continuousConfigurationQuery = new ContinuousQuery<>();
+	private ContinuousQuery<String, FederationPolicyGraph> continuousConfigurationQuery = new ContinuousQuery<>();
 
-    public FederationHubBrokerService(Ignite ignite, SSLConfig sslConfig, FederationHubServerConfig fedHubConfig, FederationHubPolicyManager fedHubPolicyManager, HubConnectionStore hubConnectionStore) {
+    public FederationHubBrokerService(Ignite ignite, SSLConfig sslConfig, FederationHubServerConfig fedHubConfig, FederationHubPolicyManager fedHubPolicyManager, HubConnectionStore hubConnectionStore, FederationHubMissionDisruptionManager federationHubMissionDisruptionManager,
+                                      FederationHubBrokerMetrics fedHubBrokerMetrics) {
     	instance = this;
     	this.ignite = ignite;
     	this.sslConfig = sslConfig;
     	this.fedHubConfig = fedHubConfig;
     	this.fedHubPolicyManager = fedHubPolicyManager;
     	this.hubConnectionStore = hubConnectionStore;
+        this.fedHubBrokerMetrics = fedHubBrokerMetrics;
+    	this.federationHubMissionDisruptionManager = federationHubMissionDisruptionManager;
+
+    	federationHubROLHandler = new FederationHubROLHandler(federationHubMissionDisruptionManager);
+
     	setupFederationServers();
-    	
+
     	// rather than hitting ignite every time we need the policy graph,
     	// use event driven approach to always have the updated graph
     	// available here for instant access
@@ -193,16 +212,16 @@ public FederationHubBrokerService(Ignite ignite, SSLConfig sslConfig, Federation
 	     		federationPolicyGraph = e.getValue();
 	     	}
     	});
-    	
+
     	FederationHubCache.getFederationHubPolicyStoreCache(ignite).query(continuousConfigurationQuery);
     }
-    
+
     private FederationPolicyGraph federationPolicyGraph;
-    
+
     public FederationPolicyGraph getFederationPolicyGraph() {
     	if (federationPolicyGraph == null)
     		federationPolicyGraph = fedHubPolicyManager.getPolicyGraph();
-    	
+
     	return federationPolicyGraph;
     }
 
@@ -217,7 +236,7 @@ private void removeInactiveClientStreams() {
                     logger.debug("Detected FederatedEvent client stream {} inactivity",
                         clientStreamEntry.getValue().getFederateIdentity());
                 }
-                
+
                 clientStreamEntry.getValue().throwDeadlineExceptionToClient();
                 hubConnectionStore.clearIdFromAllStores(clientStreamEntry.getKey());
             }
@@ -239,20 +258,20 @@ public void stopV1Server() {
             channelFuture = null;
         }
     }
-    
+
     public boolean addV1ConnectionInfo(String sessionId, HubConnectionInfo info) {
     	Federate clientNode = getFederationPolicyGraph().getFederate(info.getConnectionId());
         if (clientNode == null) {
         	logger.info("Permission Denied. Federate/CA Group not found in the policy graph: " + info.getConnectionId());
         	return false;
         }
-    	
+
     	info.setGroupIdentities(getFederationPolicyGraph().getFederate(info.getConnectionId()).getGroupIdentities());
         hubConnectionStore.addConnectionInfo(sessionId, info);
-        
+
         return true;
     }
-    
+
     public void removeV1Connection(String sessionId) {
     	v1ClientStreamMap.remove(sessionId);
         hubConnectionStore.clearIdFromAllStores(sessionId);
@@ -394,7 +413,7 @@ public int compare(FederatedEvent a, FederatedEvent b) {
                                 );
 
                                 v1ClientStreamMap.put(sessionId, handler);
-                                
+
                                 channel.pipeline()
                                     .addLast("ssl", sslHandler)
                                     .addLast(new ByteArrayDecoder())
@@ -499,7 +518,7 @@ public void onApplicationEvent(BrokerServerEvent event) {
     	if (event instanceof HubClientDisconnectEvent) {
     		outgoingClientMap.remove(((HubClientDisconnectEvent) event).getHubId());
     	}
-    	
+
     	if (event instanceof RestartServerEvent) {
     		if (fedHubConfig.isV2Enabled()) {
                 logger.info("Restarting V2 federation server after truststore update");
@@ -516,49 +535,49 @@ public void onApplicationEvent(BrokerServerEvent event) {
                 sslConfig.initSslContext(fedHubConfig);
                 setupFederationV2Server();
             }
-    		
+
     		Collection<PolicyObjectCell> cells = fedHubPolicyManager.getPolicyCells();
-    		
+
     		List<FederationOutgoingCell> outgoings = new ArrayList<>();
     		if (cells != null) {
     			cells.stream().filter(cell -> cell instanceof FederationOutgoingCell).forEach( cell -> {
     				outgoings.add((FederationOutgoingCell) cell);
     	        });
        		}
-    		
+
     		updateOutgoingConnections(outgoings);
     	}
-    	
+
         if (event instanceof UpdatePolicy) {
         	// when the policy gets updated, the federate nodes from currently connected spokes will be cleared from the graph
         	// they will not get re-added to the graph until a messages comes over the federate. to get around this,
         	// we can re-add them based on their active sessions
-        	
+
         	hubConnectionStore.getClientStreamMap().entrySet().forEach(entry -> {
         		SSLSession session = hubConnectionStore.getSessionMap().get(entry.getKey());
         		if (session != null && session.isValid()) {
         			addFederateToGroupPolicyIfMissingV2(hubConnectionStore.getSessionMap().get(entry.getKey()) ,entry.getValue());
-        			
+
         			// check if the currently connected spoke is still allowed to be connected after the policy change
         			FederationPolicyGraph fpg = getFederationPolicyGraph();
                     Federate clientNode = checkFederateExistsInPolicy(entry.getValue(), session, fpg);
                     if (clientNode == null) {
                      	logger.info("Permission Denied. Federate/CA Group not found in the policy graph: " + entry.getValue().getFederateIdentity());
                      	entry.getValue().throwPermissionDeniedToClient();
-                     	
+
                      	HubFigClient client = outgoingClientMap.get(entry.getKey());
                      	if (client != null)
                      		client.processDisconnect();
-                     	
+
                      	return;
                     }
-        			
+
         		} else {
         			hubConnectionStore.removeSession(entry.getKey());
         		}
         	});
-        	
-        	v1ClientStreamMap.entrySet().forEach(entry -> {	
+
+        	v1ClientStreamMap.entrySet().forEach(entry -> {
     			// check if the currently connected spoke is still allowed to be connected after the policy change
     			FederationPolicyGraph fpg = getFederationPolicyGraph();
                 Federate clientNode = getFederationPolicyGraph().getFederate(entry.getValue().getFederateIdentity());
@@ -568,10 +587,35 @@ public void onApplicationEvent(BrokerServerEvent event) {
                 }
         	});
 
-        	updateOutgoingConnections(((UpdatePolicy) event).getOutgoings());	
+        	updateOutgoingConnections(((UpdatePolicy) event).getOutgoings());
+        }
+
+        if (event instanceof StreamReadyEvent) {
+        	@SuppressWarnings("rawtypes")
+			StreamReadyEvent streamReadyEvent = (StreamReadyEvent) event;
+
+        	switch (streamReadyEvent.getType()) {
+			case EVENT:
+			{
+				break;
+			}
+			case GROUPS:
+			{
+				break;
+			}
+			case ROL:
+			{
+				@SuppressWarnings("unchecked")
+				List<ROL> rolEvents = streamReadyEvent.getEvents();
+				rolEvents.forEach(r -> this.parseRol(r, streamReadyEvent.getStreamKey()));
+				break;
+			}
+			default:
+				break;
+			}
         }
     }
-    
+
     Map<String, FederationOutgoingCell> outgoingConfigMap = new HashMap<>();
     Map<String, HubFigClient> outgoingClientMap = new HashMap<>();
     Map<String, ScheduledFuture<?>> outgoingClientRetryMap = new HashMap<>();
@@ -584,49 +628,49 @@ private synchronized void updateOutgoingConnections(List<FederationOutgoingCell>
     			.stream()
     			.filter(future -> future != null)
     			.forEach(future -> future.cancel(true));
-    		
+
     		outgoingClientRetryMap.clear();
-            
+
     		// create a temp map for the updated outgoings
     		Map<String, FederationOutgoingCell> updatedOutgoing = new HashMap<>();
     		outgoings.forEach(outgoing -> {
     			updatedOutgoing.put(outgoing.getProperties().getOutgoingName(), outgoing);
     		});
-           
-            
+
+
             // check existing outgoings against updated outgoings for ones that got deleted
             Iterator<Entry<String, FederationOutgoingCell>> itr = outgoingConfigMap.entrySet().iterator();
             while(itr.hasNext()) {
             	Entry<String, FederationOutgoingCell> outgoing = itr.next();
-            	
+
             	if (updatedOutgoing.get(outgoing.getKey()) == null) {
             		HubFigClient client = outgoingClientMap.get(outgoing.getKey());
             		outgoingClientMap.remove(outgoing.getKey());
-            		
+
             		if (client != null) {
             			client.processDisconnect();
             		}
             	}
             }
-            
+
             // replace the old outgoings configs with the new ones
             outgoingConfigMap.clear();
             outgoingConfigMap.putAll(updatedOutgoing);
-            
+
             // if a new outgoing already has a client, lets stop it so it can be restarted with the updated config
             for (String key: outgoingConfigMap.keySet()) {
             	if (outgoingClientMap.containsKey(key)) {
             		outgoingClientMap.get(key).processDisconnectWithoutRetry();
             	}
             }
-            
+
             // start all the outgoings defined in the policy
             outgoingConfigMap.entrySet().forEach(e -> {
             	try {
             		if (e.getValue().getProperties().isOutgoingEnabled()) {
-            			HubFigClient client = new HubFigClient(fedHubConfig, e.getValue());
+            			HubFigClient client = new HubFigClient(fedHubConfig, federationHubMissionDisruptionManager, e.getValue());
                 		client.start();
-                		outgoingClientMap.put(e.getKey(), client);	
+                		outgoingClientMap.put(e.getKey(), client);
             		}
 				} catch (Exception e1) {
 					logger.error("Error creating hub client", e);
@@ -637,7 +681,7 @@ private synchronized void updateOutgoingConnections(List<FederationOutgoingCell>
 			logger.error("Error trying to update outgoing connections", e);
 		}
     }
-    
+
     public void scheduleRetry(String name) {
     	fedHubPolicyManager.getPolicyCells().forEach(cell -> {
     		if (cell instanceof FederationOutgoingCell) {
@@ -648,28 +692,28 @@ public void scheduleRetry(String name) {
     		}
     	});
     }
-    
+
     public void scheduleRetry(String name, FederationOutgoingCell outgoing) {
     	if (outgoingClientRetryMap.get(name) != null)
     		outgoingClientRetryMap.get(name).cancel(true);
-    	
+
     	if (fedHubConfig.getOutgoingReconnectSeconds() > 0 && outgoing.getProperties().isOutgoingEnabled()) {
     		logger.info("Connection for {} failed. Trying again in {} seconds.", name, fedHubConfig.getOutgoingReconnectSeconds());
     		ScheduledFuture<?> future = retryScheduler.scheduleAtFixedRate(() -> {
         		attemptRetry(name, outgoing);
     		}, fedHubConfig.getOutgoingReconnectSeconds(), fedHubConfig.getOutgoingReconnectSeconds(), TimeUnit.SECONDS);
-        	
+
     		outgoingClientRetryMap.put(name, future);
     	} else {
     		logger.info("Not attempting a retry for {} because the Outgoing Reconnect is not > 0", name);
     	}
     }
-    
+
     private void attemptRetry(String name, FederationOutgoingCell outgoing) {
     	try {
-			HubFigClient client = new HubFigClient(fedHubConfig, outgoing);
+			HubFigClient client = new HubFigClient(fedHubConfig, federationHubMissionDisruptionManager, outgoing);
     		client.start();
-    		outgoingClientMap.put(name, client);	
+    		outgoingClientMap.put(name, client);
     		outgoingClientRetryMap.get(name).cancel(true);
     		outgoingClientRetryMap.remove(name);
 		} catch (Exception e) {
@@ -677,7 +721,7 @@ private void attemptRetry(String name, FederationOutgoingCell outgoing) {
 			attemptRetry(name, outgoing);
 		}
     }
-    
+
     public void setupFederationServers() {
         sslConfig.initSslContext(fedHubConfig);
 
@@ -688,7 +732,7 @@ public void setupFederationServers() {
         if (fedHubConfig.isV1Enabled()) {
             setupFederationV1Server();
         }
-        
+
         retryScheduler.schedule(() -> {
         	 // try to initialize outgoing connections from the saved policy
             List<FederationOutgoingCell> outgoings = fedHubPolicyManager.getPolicyCells()
@@ -696,8 +740,8 @@ public void setupFederationServers() {
             		.filter(c -> c instanceof FederationOutgoingCell)
             		.map(c -> (FederationOutgoingCell) c)
             		.collect(Collectors.toList());
-            	            	
-            this.updateOutgoingConnections(outgoings); 
+
+            this.updateOutgoingConnections(outgoings);
         }, 5, TimeUnit.SECONDS);
     }
 
@@ -715,7 +759,7 @@ private void sendCaGroupsToFedManager(KeyStore keyStore) throws KeyStoreExceptio
         }
     }
 
-    public void addCaFederateToPolicyGraph(FederateIdentity federateIdentity, Certificate[] caCertArray) {    	
+    public void addCaFederateToPolicyGraph(FederateIdentity federateIdentity, Certificate[] caCertArray) {
         List<String> caCertNames = new LinkedList<>();
 
         /*
@@ -736,9 +780,8 @@ public void addCaFederateToPolicyGraph(FederateIdentity federateIdentity, Certif
                 if (logger.isDebugEnabled()) {
                     logger.debug("addCaFederateToPolicyGraph issuerName: " + issuerName);
                 }
-                
-                String groupName = issuerName + "-" +
-                    FederationUtils.getBytesSHA256(caCertArray[i].getEncoded());
+
+                String groupName = issuerName + "-" + FederationUtils.getBytesSHA256(caCertArray[i].getEncoded());
                 caCertNames.add(groupName);
             } catch (CertificateEncodingException e) {
                 logger.error("Could not encode certificate", e);
@@ -758,13 +801,13 @@ public void addFederateToGroupPolicyIfMissingV1(Certificate[] certArray,
             addCaFederateToPolicyGraph(federateIdentity, certArray);
         }
     }
-    
+
     public void addFederateToGroupPolicyIfMissingV2(SSLSession session, GuardedStreamHolder holder) {
     	hubConnectionStore.addSession(new BigInteger(session.getId()).toString(), session);
         String fedId = holder.getFederateIdentity().getFedId();
-        
+
         FederationPolicyGraph fpg = getFederationPolicyGraph();
-        
+
         if (fpg.getNode(fedId) == null) {
             try {
                 Certificate[] certArray = session.getPeerCertificates();
@@ -774,18 +817,18 @@ public void addFederateToGroupPolicyIfMissingV2(SSLSession session, GuardedStrea
             }
         }
     }
-    
+
     // collect all groups for federates connected to the hub that can reach the given federate
     public FederateGroups getFederationHubGroups(String selfId) {
     	try {
     		// find receivable federates for the given federate
-			Collection<String> receivableFederates = 
+			Collection<String> receivableFederates =
 					getFederationPolicyGraph()
 						.allReceivableFederates(selfId)
 						.stream()
 						.map(f -> f.getFederateIdentity().getFedId())
 						.collect(Collectors.toCollection(HashSet::new));
-						
+
 	    	List<FederateGroups> federatedGroups = hubConnectionStore.getClientGroupStreamMap().entrySet()
 	    			.stream()
 	    			// ignore self groups
@@ -812,7 +855,7 @@ public FederateGroups getFederationHubGroups(String selfId) {
 	    				if (federateHops != null) {
 	    					long maxHops = federateHops.getMaxHops();
 	    		    		long currentHops = federateHops.getCurrentHops() + 1;
-	    		    		    		
+
 	    		    		if (currentHops >= maxHops && maxHops != -1) {
 	    		    			return false;
 	    		    		}
@@ -826,29 +869,29 @@ public FederateGroups getFederationHubGroups(String selfId) {
 	    						.toBuilder()
 	    						.setCurrentHops(g.getFederateHops().getCurrentHops() + 1)
 	    						.build();
-	    				
+
 	    				builder.setFederateHops(hops);
 	    				return builder.build();
 	    			})
 	    			.collect(Collectors.toList());
-	    	
+
 	    		// the reason we must use nested groups here is to maintain the hop limit of each individual FederateGroups object.
 	    	    // all of the group name strings will still be added to getFederateGroupsList() as usual. TAK Servers will still only look at
-	    	    // the getFederateGroupsList(). but federation hubs will look at getNestedGroupsList() before sending to ensure the 
+	    	    // the getFederateGroupsList(). but federation hubs will look at getNestedGroupsList() before sending to ensure the
 	    	    // hop limit has not been reached. (TAK Servers are end of line, so they don't need to check)
 	    		FederateGroups.Builder builder = FederateGroups.newBuilder();
-	    		
+
 	    		federatedGroups.forEach(g -> builder.addNestedGroups(g));
-	    		
-	    		Set<String> federatedGroupsNameSet = 
+
+	    		Set<String> federatedGroupsNameSet =
 	    				federatedGroups
 	    					.stream()
 	    					.map(g->g.getFederateGroupsList())
 	    					.flatMap(list -> list.stream())
 	    					.collect(Collectors.toCollection(HashSet::new));
-	    		
+
 	    		builder.addAllFederateGroups(federatedGroupsNameSet);
-	    			    			
+
 	    		return builder.build();
 		} catch (FederationException e) {
 			logger.error("Could not get Federation Hub Groups", e);
@@ -860,8 +903,8 @@ private class FederatedChannelService extends FederatedChannelGrpc.FederatedChan
 
 		private final FederationHubBrokerService broker = FederationHubBrokerService.this;
         AtomicReference<Long> start = new AtomicReference<>();
-        
-        
+
+
 
 		@Override
 		public void serverFederateGroupsStream(Subscription request, StreamObserver<FederateGroups> responseObserver) {
@@ -874,7 +917,7 @@ public void serverFederateGroupsStream(Subscription request, StreamObserver<Fede
 				if (clientCertArray.length == 0) {
 					throw new IllegalArgumentException("Client certificate not available");
 				}
-				
+
 				GuardedStreamHolder<FederateGroups> streamHolder = new GuardedStreamHolder<FederateGroups>(
 						responseObserver, request.getIdentity().getName(),
 						FederationUtils.getBytesSHA256(clientCertArray[0].getEncoded()), session, request,
@@ -884,27 +927,27 @@ public int compare(FederateGroups a, FederateGroups b) {
 								return ComparisonChain.start().compare(a.hashCode(), b.hashCode()).result();
 							}
 						}, true);
-				
+
 				addFederateToGroupPolicyIfMissingV2(session, streamHolder);
-								
+
                 FederationPolicyGraph fpg = getFederationPolicyGraph();
-	            requireNonNull(fpg, "federation policy graph object");                  
-                
+	            requireNonNull(fpg, "federation policy graph object");
+
 	            Federate clientNode = checkFederateExistsInPolicy(streamHolder, session, fpg);
                 if (clientNode == null) {
                 	responseObserver.onError(new StatusRuntimeException(Status.PERMISSION_DENIED));
                 	return;
                 }
-                
+
 				hubConnectionStore.addGroupStream(id, streamHolder);
 
 				// when a client connects to the hub, indicate a serving status and send it the
 				// current list of groups
-				FederateGroups federateGroups = 
+				FederateGroups federateGroups =
 						 getFederationHubGroups(streamHolder.getFederateIdentity().getFedId()).toBuilder()
 						.setStreamUpdate(ServerHealth.newBuilder().setStatus(ServerHealth.ServingStatus.SERVING).build())
 						.build();
-								
+
 				// do not use the stream holder to send the initial groups.
 				// since this is a handshake, we are expecting groups back,
 				// and the stream holder will attach the provenance, causing
@@ -922,17 +965,17 @@ public StreamObserver<FederateGroups> clientFederateGroupsStream(StreamObserver<
 				public void onNext(FederateGroups fedGroups) {
 					SSLSession session = (SSLSession)sslSessionKey.get(Context.current());
 					String id = new BigInteger(session.getId()).toString();
-					
+
 					GuardedStreamHolder<FederatedEvent> holder = hubConnectionStore.getClientStreamMap().get(id);
                 	if (holder != null) {
                 		addFederateToGroupPolicyIfMissingV2(session, hubConnectionStore.getClientStreamMap().get(id));
                 	}
-                	
+
                 	GuardedStreamHolder<FederateGroups> groupHolder = hubConnectionStore.getClientGroupStreamMap().get(id);
                 	if (groupHolder != null) {
                 		addFederateToGroupPolicyIfMissingV2(session, hubConnectionStore.getClientGroupStreamMap().get(id));
                 	}
-                	
+
 					addFederateGroups(id, fedGroups);
 				}
 
@@ -947,10 +990,10 @@ public void onError(Throwable t) {
 
 				@Override
 				public void onCompleted() { }
-				
+
 			};
 		}
-        
+
         @Override
         public void sendOneEvent(FederatedEvent clientEvent, io.grpc.stub.StreamObserver<Empty> emptyReseponse) {
             if (logger.isDebugEnabled()) {
@@ -1041,7 +1084,7 @@ public void clientEventStream(Subscription subscription, StreamObserver<Federate
             int streamCount = clientEventStreamCounter.incrementAndGet();
 
             SSLSession session = (SSLSession) sslSessionKey.get(Context.current());
-            
+
             GuardedStreamHolder<FederatedEvent> streamHolder = null;
 
             if (!Strings.isNullOrEmpty(subscription.getFilter())) {
@@ -1062,7 +1105,7 @@ public void clientEventStream(Subscription subscription, StreamObserver<Federate
                 if (clientCertArray.length == 0) {
                     throw new IllegalArgumentException("Client certificate not available");
                 }
-                
+
                 streamHolder = new GuardedStreamHolder<FederatedEvent>(clientStream,
                     clientName, FederationUtils.getBytesSHA256(clientCertArray[0].getEncoded()),
                     session, subscription, new Comparator<FederatedEvent>() {
@@ -1072,19 +1115,19 @@ public int compare(FederatedEvent a, FederatedEvent b) {
                         }
                     }, true
                 );
-                
+
 				addFederateToGroupPolicyIfMissingV2(session, streamHolder);
-                
+
                 FederationPolicyGraph fpg = getFederationPolicyGraph();
-	            requireNonNull(fpg, "federation policy graph object");                  
-                
+	            requireNonNull(fpg, "federation policy graph object");
+
                 Federate clientNode = checkFederateExistsInPolicy(streamHolder, session, fpg);
                 if (clientNode == null) {
                 	logger.info("Permission Denied. Federate/CA Group not found in the policy graph: " + streamHolder.getFederateIdentity());
                 	clientStream.onError(new StatusRuntimeException(Status.PERMISSION_DENIED));
                 	return;
                 }
-                
+
                 // Send contact messages from other clients back to this new client.
                 for (GuardedStreamHolder<FederatedEvent> otherClient : hubConnectionStore.getClientStreamMap().values()) {
 
@@ -1100,7 +1143,7 @@ public int compare(FederatedEvent a, FederatedEvent b) {
                     FederateEdge edge = fpg.getEdge(otherClientNode, clientNode);
                     if (otherClientNode != null && edge != null) {
                         for (FederatedEvent event : otherClient.getCache()) {
-                        	if (isDestinationReachableByGroupFilter(edge, event.getFederateGroupsList())) {
+                        	if (isDestinationEdgeReachableByGroupFilter(edge, event.getFederateGroupsList())) {
 	                            streamHolder.send(event);
 	                            if (logger.isDebugEnabled()) {
 	                                logger.debug("Sending v2 cached " + event +
@@ -1125,7 +1168,7 @@ public int compare(FederatedEvent a, FederatedEvent b) {
                  * a new session id.
                  */
             	String sessionId = new BigInteger(session.getId()).toString();
-            	
+
             	HubConnectionInfo info = new HubConnectionInfo();
             	info.setConnectionId(streamHolder.getFederateIdentity().getFedId());
             	info.setRemoteServerId(subscription.getIdentity().getServerId());
@@ -1133,21 +1176,21 @@ public int compare(FederatedEvent a, FederatedEvent b) {
             	info.setLocalConnectionType(Identity.ConnectionType.FEDERATION_HUB_SERVER.toString());
             	info.setFederationProtocolVersion(2);
             	info.setGroupIdentities(getFederationPolicyGraph().getFederate(streamHolder.getFederateIdentity().getFedId()).getGroupIdentities());
-            	
+
             	SocketAddress socketAddress = getCurrentSocketAddress();
-				
+
 				if (socketAddress != null) {
 					info.setRemoteAddress(socketAddress.toString().replace("/", ""));
 				} else {
 					info.setRemoteAddress("");
 				}
-            	
+
                 hubConnectionStore.addConnectionInfo(sessionId, info);
             	hubConnectionStore.addClientStreamHolder(sessionId, streamHolder);
-                
+
                 // send a dummy message to make sure things are initialized
                 streamHolder.send(FederatedEvent.newBuilder().build());
-                
+
                 // if groups for this connection exist, send them here as well incase it failed
                 if (hubConnectionStore.getClientToGroupsMap().get(sessionId) != null) {
                     addFederateGroups(sessionId, hubConnectionStore.getClientToGroupsMap().get(sessionId));
@@ -1202,22 +1245,47 @@ public int compare(ROL a, ROL b) {
                         }
                     }, true
                 );
-                
+
 				addFederateToGroupPolicyIfMissingV2(session, rolStreamHolder);
-                
+
                 FederationPolicyGraph fpg = getFederationPolicyGraph();
-	            requireNonNull(fpg, "federation policy graph object");                  
-                
+	            requireNonNull(fpg, "federation policy graph object");
+
 	            Federate clientNode = checkFederateExistsInPolicy(rolStreamHolder, session, fpg);
                 if (clientNode == null) {
                 	clientStream.onError(new StatusRuntimeException(Status.PERMISSION_DENIED));
                 	return;
                 }
-                
+
+                // get the changes, but don't send till we add the rolStream because the stream will get used
+                // down the line for getting the session id
+                FederationHubMissionDisruptionManager.OfflineMissionChanges changes = null;
+
+                if (fedHubConfig.isMissionFederationDisruptionEnabled()) {
+                	changes = federationHubMissionDisruptionManager.getMissionChangesAndTrackConnectEvent(
+                    		rolStreamHolder.getFederateIdentity().getFedId(), session.getPeerCertificates());
+                }
+
                 /* Keep track of client stream and its associated federate identity. */
                 String id = new BigInteger(session.getId()).toString();
                 hubConnectionStore.addRolStream(id, rolStreamHolder);
 
+                AtomicLong delayMs = new AtomicLong(0L);
+                if (changes != null) {
+        			
+        			for(final Entry<ObjectId, ROL.Builder> entry: changes.getResourceRols().entrySet()) {
+        				mfdtScheduler.schedule(() -> {
+        					ROL rol = federationHubMissionDisruptionManager.hydrateResourceROL(entry.getKey(), entry.getValue());
+        					rolStreamHolder.send(rol);
+        				}, delayMs.getAndAdd(500), TimeUnit.MILLISECONDS);
+        			}
+        			for(final ROL rol: changes.getRols()) {
+        				mfdtScheduler.schedule(() -> {
+        					rolStreamHolder.send(rol);
+        				}, delayMs.getAndAdd(100), TimeUnit.MILLISECONDS);
+        			}
+        		}
+
                 logger.info("Client ROL stream added. Count: " + broker.hubConnectionStore.getClientROLStreamMap().size());
 
             } catch (SSLPeerUnverifiedException | CertificateEncodingException e) {
@@ -1228,23 +1296,29 @@ public int compare(ROL a, ROL b) {
         @Override
         public StreamObserver<ROL> serverROLStream(StreamObserver<Subscription> responseObserver) {
             return new StreamObserver<ROL>() {
-
                 @Override
                 public void onNext(ROL clientROL) {
                 	try {
                         if (logger.isDebugEnabled()) {
                             logger.debug("ROL from client: " + clientROL.getProgram());
                         }
-                                                
+
                         requireNonNull(clientROL, "ROL message from client");
                         requireNonNull(clientROL.getProgram(), "ROL program from client");
-                        
+
                         SSLSession session = (SSLSession) sslSessionKey.get(Context.current());
 
                         String sessionId = new BigInteger(session.getId()).toString();
                         addFederateToGroupPolicyIfMissingV2(session, hubConnectionStore.getClientStreamMap().get(sessionId));
-                        
-                        parseRol(clientROL, sessionId);
+
+                        GuardedStreamHolder<ROL> streamHolder = hubConnectionStore.getClientROLStreamMap().get(sessionId);
+                        // sometimes rol comes in before we're completely ready.
+                        // temporarily cache rol until the stream holder gets added
+                        if (streamHolder == null) {
+                        	hubConnectionStore.cacheRol(clientROL, sessionId);
+                        } else {
+                        	parseRol(clientROL, sessionId);
+                        }
                 	} catch (Exception e) {
 						logger.error("Error with Rol read",e);
 					}
@@ -1272,12 +1346,12 @@ public void onCompleted() {
         public StreamObserver<FederatedEvent> serverEventStream(StreamObserver<Subscription> responseObserver) {
         	SSLSession session = (SSLSession)sslSessionKey.get(Context.current());
             String id = new BigInteger(session.getId()).toString();
-                        
+
         	Subscription subscription = Subscription.newBuilder()
         			.setFilter("")
         			.setIdentity(Identity.newBuilder().setServerId(fedHubConfig.getFullId()).setType(Identity.ConnectionType.FEDERATION_HUB_SERVER).setName(id).setUid(id).build())
         			.build();
-        	
+
         	responseObserver.onNext(subscription);
 
             return new StreamObserver<FederatedEvent>() {
@@ -1286,7 +1360,7 @@ public StreamObserver<FederatedEvent> serverEventStream(StreamObserver<Subscript
                 public void onNext(FederatedEvent fe) {
                     clientMessageCounter.incrementAndGet();
                     clientByteAccumulator.addAndGet(fe.getSerializedSize());
-                    
+
                     // Add federate to group in case policy was updated during connection
                     GuardedStreamHolder<FederatedEvent> holder = hubConnectionStore.getClientStreamMap().get(id);
                 	if (holder != null) {
@@ -1354,14 +1428,14 @@ public void healthCheck(ClientHealth request, StreamObserver<ServerHealth> respo
             }
         }
     }
-    
+
     public Federate checkFederateExistsInPolicy(GuardedStreamHolder<?> streamHolder, SSLSession session, FederationPolicyGraph fpg) {
     	Federate clientNode = null;
         try {
             String fedId = streamHolder.getFederateIdentity().getFedId();
-            
+
             clientNode = fpg.getFederate(fedId);
-            
+
             if (logger.isDebugEnabled()) {
                 logger.debug("New client federated event stream client node id: " +
                     streamHolder.getFederateIdentity().getFedId() + " " +
@@ -1387,16 +1461,16 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
 
                 SSLSession sslSession = call.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION);
                 SocketAddress socketAddress = call.getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR);
-                
+
                 Context context = Context.current()
                 		.withValue(sslSessionKey, sslSession)
                 		.withValue(remoteAddressKey, socketAddress);
-                
+
                 return Contexts.interceptCall(context, call, requestHeaders, next);
             }
         };
     }
-    
+
     private SocketAddress getCurrentSocketAddress() {
     	return remoteAddressKey.get(Context.current());
 	}
@@ -1411,31 +1485,43 @@ public void assignMessageSourceAndDestinationsFromPolicy(Message message,
             message.getDestinations().add(new AddressableEntity<>(node.getFederateIdentity()))
         );
     }
-    
+
     public void assignGroupFilteredMessageSourceAndDestinationsFromPolicy(Message message, List<String> groups,
             FederateIdentity federateIdentity) throws FederationException{
     	assignGroupFilteredMessageSourceAndDestinationsFromPolicy(message, groups, federateIdentity,
                 getFederationPolicyGraph());
     }
-    
+
     private void assignGroupFilteredMessageSourceAndDestinationsFromPolicy(Message message, List<String> groups,
             FederateIdentity federateIdentity, FederationPolicyGraph policyGraph)
-            throws FederationException {    	    	
-    	
+            throws FederationException {
+
         message.setSource(new AddressableEntity<FederateIdentity>(federateIdentity));
-        
+
+        getGroupFilteredDestinations(groups, federateIdentity, policyGraph).forEach(node -> {
+        	message.getDestinations().add(new AddressableEntity<>(node.getFederateIdentity()));
+        });
+
+    }
+
+    public static Set<Federate> getGroupFilteredDestinations(List<String> groups,
+            FederateIdentity federateIdentity, FederationPolicyGraph policyGraph)
+            throws FederationException {
+
+    	Set<Federate> reachableGroupFilteredFederates = new HashSet<>();
+
         Set<Federate> destinationNodes = policyGraph.allReachableFederates(federateIdentity.getFedId()).federates;
         Map<FederationNode, FederateEdge> destinationToFederateEdges = policyGraph.allReachableFederates(federateIdentity.getFedId()).getDestinationToFederateEdgeMappings();
         Map<FederationNode, Set<FederateEdge>> destinationToFederateGroupEdges = policyGraph.allReachableFederates(federateIdentity.getFedId()).getDestinationToFederateGroupEdgeMappings();
-        
+
         destinationNodes.stream().forEach(node -> {
-        	// direct edge between two nodes takes top priority for group filtereing
+        	// direct edge between two nodes takes top priority for group filtering
         	if (destinationToFederateEdges.containsKey(node)) {
         		FederateEdge edge = destinationToFederateEdges.get(node);
-        		if (!isDestinationReachableByGroupFilter(edge, groups))
+        		if (!isDestinationEdgeReachableByGroupFilter(edge, groups))
         			return;
         	}
-        	
+
         	// edge between nodes where the source is a CA group takes second priority
         	// if there are multiple CA groups for some reason (intermediate certs?)
         	// make sure all the edges pass
@@ -1443,20 +1529,21 @@ else if (destinationToFederateGroupEdges.containsKey(node)) {
         		// if any edges are false, fail the check
         		boolean isNotReachableByGroupsForAllEdges = destinationToFederateGroupEdges.get(node)
         			.stream()
-        			.map(edge -> isDestinationReachableByGroupFilter(edge, groups))
+        			.map(edge -> isDestinationEdgeReachableByGroupFilter(edge, groups))
         			.anyMatch(isDestinationReachableByGroupFilter -> !isDestinationReachableByGroupFilter);
 
         		if (isNotReachableByGroupsForAllEdges)
         			return;
         	}
-        	        	
+
         	// if no edges, they must be interconnected, so skip group filtering
-        	message.getDestinations().add(new AddressableEntity<>(node.getFederateIdentity()));
-        	
+        	reachableGroupFilteredFederates.add(node);
         });
+
+        return reachableGroupFilteredFederates;
     }
-    
-    public static boolean isDestinationReachableByGroupFilter(FederateEdge edge, List<String> groups) {
+
+    public static boolean isDestinationEdgeReachableByGroupFilter(FederateEdge edge, List<String> groups) {
     	// if no groups are attached, and the group filtering isn't set to
     	// allow all messages through, drop the message
     	if (groups == null || groups.isEmpty()) {
@@ -1466,9 +1553,9 @@ public static boolean isDestinationReachableByGroupFilter(FederateEdge edge, Lis
     			return false;
     		}
     	}
-    	
+
     	Set<String> groupSet = new HashSet<>(groups);
-    	
+
 		switch (edge.getFilterType()) {
 		case ALL: {
 			return true;
@@ -1480,7 +1567,7 @@ public static boolean isDestinationReachableByGroupFilter(FederateEdge edge, Lis
 			return Sets.intersection(groupSet, edge.getDisallowedGroups()).isEmpty();
 		}
 		case ALLOWED_AND_DISALLOWED: {
-			return !Sets.intersection(groupSet, edge.getAllowedGroups()).isEmpty() && 
+			return !Sets.intersection(groupSet, edge.getAllowedGroups()).isEmpty() &&
 					Sets.intersection(groupSet, edge.getDisallowedGroups()).isEmpty();
 		}
 		default:
@@ -1519,6 +1606,8 @@ private void sendRolMessage(Message message) {
                 FederateIdentity src = (FederateIdentity)message.getSource().getEntity();
                 FederateIdentity dest = (FederateIdentity)entity.getEntity();
 
+                if (src == dest) continue;
+
                 FederationPolicyGraph policyGraph = getFederationPolicyGraph();
 
                 Federate srcNode = policyGraph.getFederate(src.getFedId());
@@ -1608,6 +1697,8 @@ private void deliver(Message message, FederateIdentity src, FederateIdentity des
 
                     /* Track message sends for metrics. */
                     clientMessageCounter.incrementAndGet();
+                    recordBrokerMetrics(src, dest, message);
+
                     clientByteAccumulator.addAndGet(event.getSerializedSize());
                 } catch (Exception ex) {
                     logger.error("Exception sending message to client stream", ex);
@@ -1666,12 +1757,12 @@ private void sendFederatedEvent(Message message) {
                 /* Validate src/dest and nodes. */
                 FederateEdge edge = policyGraph.getEdge(srcNode, destNode);
 
-                
+
                 deliver(message, src, dest);
             }
         }
     }
-    
+
     private void deliverGroup(Message message, FederateIdentity src, FederateIdentity dest) {
         for (Entry<String, GuardedStreamHolder<FederateGroups>> entry : hubConnectionStore.getClientGroupStreamMap().entrySet()) {
             if (entry.getValue().getFederateIdentity().equals(dest)) {
@@ -1691,7 +1782,7 @@ private void deliverGroup(Message message, FederateIdentity src, FederateIdentit
             }
         }
     }
-    
+
     private void sendFederatedGroup(Message message) {
         for (AddressableEntity<?> entity : message.getDestinations()) {
             if (entity.getEntity() instanceof FederateIdentity) {
@@ -1709,8 +1800,8 @@ private void sendFederatedGroup(Message message) {
 
 				FederateGroups updatedGroups = getFederationHubGroups(dest.getFedId()).toBuilder()
 						.addAllFederateProvenance(groups.getFederateProvenanceList())
-						.build();	
-				
+						.build();
+
 				deliverGroup(new Message(new HashMap<>(), new FederatedGroupPayload(updatedGroups)), src, dest);
             }
         }
@@ -1731,7 +1822,7 @@ private void sendMessage(Message message) {
             sendRolMessage(message);
         } else if (message.getPayload().getContent() instanceof FederateGroups) {
         	sendFederatedGroup(message);
-        } 
+        }
         else {
             logger.info("Not handling send to client of " +
                 message.getPayload().getContent().getClass().getSimpleName() +
@@ -1746,7 +1837,7 @@ public void handleRead(BinaryBlob event, String streamKey) {
         	}
     		return;
         }
-    	
+
         Message federatedMessage = new Message(new HashMap<>(),
             new BinaryBlobPayload(event));
         federatedMessage.setMetadataValue(SSL_SESSION_ID, streamKey);
@@ -1764,6 +1855,7 @@ public void handleRead(BinaryBlob event, String streamKey) {
                     getFederationPolicyGraph());
 
                 sendMessage(federatedMessage);
+
             } catch (FederationException e) {
                 logger.error("Could not get destinations from policy graph", e);
             }
@@ -1771,21 +1863,12 @@ public void handleRead(BinaryBlob event, String streamKey) {
     }
 
     public void handleRead(ROL event, String streamKey) {
-    	if (hasAlreadySeenMessage(event)) {
-    		if (logger.isDebugEnabled()) {
-        		logger.debug("Stopping circular event " + event);
-        	}
-
-    		return;
-        }
-        
         Message federatedMessage = new Message(new HashMap<>(),
             new ROLPayload(event));
         federatedMessage.setMetadataValue(SSL_SESSION_ID, streamKey);
         GuardedStreamHolder<ROL> streamHolder = hubConnectionStore.getClientROLStreamMap().get(streamKey);
         if (streamHolder != null) {
-            federatedMessage.setMetadataValue(FEDERATED_ID_KEY,
-                streamHolder.getFederateIdentity());
+            federatedMessage.setMetadataValue(FEDERATED_ID_KEY, streamHolder.getFederateIdentity());
             try {
             	assignGroupFilteredMessageSourceAndDestinationsFromPolicy(federatedMessage, event.getFederateGroupsList(),
                     streamHolder.getFederateIdentity(),
@@ -1795,10 +1878,10 @@ public void handleRead(ROL event, String streamKey) {
                 logger.error("Could not get destinations from policy graph", e);
             }
         } else {
-            logger.error("Could not find stream holder for streamkey: {}", streamKey);   
+            logger.error("Could not find stream holder for streamkey: {}", streamKey);
         }
     }
-    
+
     public void handleRead(FederatedEvent event, String streamKey) {
     	if (hasAlreadySeenMessage(event)) {
     		if (logger.isDebugEnabled()) {
@@ -1806,10 +1889,10 @@ public void handleRead(FederatedEvent event, String streamKey) {
         	}
     		return;
         }
-    	
+
         Message federatedMessage = new Message(new HashMap<>(),
             new FederatedEventPayload(event));
-        
+
         federatedMessage.setMetadataValue(SSL_SESSION_ID, streamKey);
 
         GuardedStreamHolder<FederatedEvent> streamHolder = hubConnectionStore.getClientStreamMap().get(streamKey);
@@ -1824,7 +1907,7 @@ public void handleRead(FederatedEvent event, String streamKey) {
                             getFederationPolicyGraph());
 
                     sendMessage(federatedMessage);
-                	
+
                     streamHolder.getCache().add(event);
                     if (logger.isDebugEnabled()) {
                         logger.debug("caching " + event +
@@ -1843,45 +1926,45 @@ public void handleRead(FederatedEvent event, String streamKey) {
                 logger.error("Exception sending message", e);
             }
         } else {
-        	if (logger.isDebugEnabled()) 
+        	if (logger.isDebugEnabled())
         		logger.debug("StreamHolder is null");
         }
     }
-    
+
     private boolean hasAlreadySeenMessage(Object event) {
     	try {
     		List<FederateProvenance> federateProvenances = null;
-        	
-        	
+
+
         	if (event instanceof FederatedEvent) {
         		federateProvenances = ((FederatedEvent) event).getFederateProvenanceList();
         	}
-        	
+
         	if (event instanceof FederateGroups) {
         		federateProvenances = ((FederateGroups) event).getFederateProvenanceList();
         	}
-        	
+
         	if (event instanceof BinaryBlob) {
         		federateProvenances = ((BinaryBlob) event).getFederateProvenanceList();
         	}
-        	
+
         	if (event instanceof ROL) {
         		federateProvenances = ((ROL) event).getFederateProvenanceList();
         	}
-        	
+
         	if (federateProvenances == null) return false;
-        	
+
         	Set<String> visitedHubs = federateProvenances
             		.stream()
             		.map(prov -> prov.getFederationServerId())
             		.collect(Collectors.toSet());
-            
+
            	return visitedHubs.contains(fedHubConfig.getFullId());
     	} catch (Exception e) {
 			return false;
 		}
     }
-    
+
     public void addFederateGroups(String sourceId, FederateGroups groups) {
     	if (hasAlreadySeenMessage(groups)) {
     		if (logger.isDebugEnabled()) {
@@ -1890,12 +1973,12 @@ public void addFederateGroups(String sourceId, FederateGroups groups) {
 
     		return;
         }
-    	
+
     	hubConnectionStore.putFederateGroups(sourceId, groups);
-        
+
         Message federatedMessage = new Message(new HashMap<>(),new FederatedGroupPayload(groups));
         federatedMessage.setMetadataValue(SSL_SESSION_ID, sourceId);
-        
+
         GuardedStreamHolder<?> holder = hubConnectionStore.getClientGroupStreamMap().containsKey(sourceId) ?
         		hubConnectionStore.getClientGroupStreamMap().get(sourceId) : hubConnectionStore.getClientStreamMap().get(sourceId);
         FederateIdentity ident = holder.getFederateIdentity();
@@ -1909,8 +1992,22 @@ public void addFederateGroups(String sourceId, FederateGroups groups) {
             logger.error("Could not get destinations from policy graph", e);
         }
     }
-    
-    public void parseRol(ROL clientROL, String id) {
+
+    public void parseRol(ROL clientROL, String streamKey) {
+    	if (hasAlreadySeenMessage(clientROL)) {
+    		if (logger.isDebugEnabled()) {
+        		logger.debug("Stopping circular event " + clientROL);
+        	}
+
+    		return;
+        }
+
+    	handleRead(clientROL, streamKey);
+
+    	// no need to process rol any further if mfd is disabled
+    	if (!fedHubConfig.isMissionFederationDisruptionEnabled())
+    		return;
+
 		try {
             /* Interpret and execute the ROL program. */
             RolLexer lexer = new RolLexer(new ANTLRInputStream(clientROL.getProgram()));
@@ -1935,8 +2032,8 @@ public String evaluate(String res, String op, Parameters params) {
                     resource.set(res);
                     operation.set(op);
                     parameters.set(params);
-                    
-                    logger.info("Evaluating " + op + " on " + resource + " given " + params);
+
+                    logger.info("Evaluating " + op + " on " + resource);
 
                     return res;
                 }
@@ -1945,9 +2042,11 @@ public String evaluate(String res, String op, Parameters params) {
             requireNonNull(resource.get(), "resource");
             requireNonNull(operation.get(), "operation");
 
+            GuardedStreamHolder<ROL> streamHolder = hubConnectionStore.getClientROLStreamMap().get(streamKey);
+
             /* Create a federation processor for this ROL type, and process the ROL program. */
             federationProcessorFactory.newProcessor(resource.get(), operation.get(),
-                parameters.get(), id).process(clientROL);
+                parameters.get(), streamKey, streamHolder.getFederateIdentity().getFedId()).process(clientROL);
 
         } catch (Exception e) {
         	logger.error("Exception in ROL parsing " + e.getClass().getName(), e);
@@ -1955,26 +2054,67 @@ public String evaluate(String res, String op, Parameters params) {
 	}
 
     private class FederationProcessorFactory {
-        FederationProcessor<ROL> newProcessor(String resource, String operation, Parameters parameters, String sessionId) {
-        	return new FederationDefaultProcessor(resource, operation, sessionId);
-        }
-        
-        
-        private class FederationDefaultProcessor implements FederationProcessor<ROL> {
-            private final String res;
-            private final String op;
-            private final String sessionId;
-
-            FederationDefaultProcessor(String res, String op, String sessionId) {
-                this.res = res;
-                this.op = op;
-                this.sessionId = sessionId;
-            }
+		FederationProcessor<ROL> newProcessor(String resource, String operation, Parameters parameters, String streamKey, String federateServerId) {
+			return new FederationMissionProcessor(streamKey, federateServerId);
+		}
+	}
 
-            @Override
-            public void process(ROL rol) {
-            	handleRead(rol, sessionId);
+    private class FederationMissionProcessor implements FederationProcessor<ROL> {
+    	private final String streamKey;
+		private final String federateServerId;
+
+		FederationMissionProcessor(String streamKey, String federateServerId) {
+			this.streamKey = streamKey;
+			this.federateServerId = federateServerId;
+		}
+
+		@Override
+		public void process(ROL rol) {
+			try {
+
+				if (federationHubROLHandler != null) {
+					federationHubROLHandler.onNewEvent(rol, streamKey, federateServerId);
+				}
+
+			} catch (RemoteException e) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("exception submitting ROL", e);
+				}
+			}
+		}
+	}
+
+    private void recordBrokerMetrics(FederateIdentity src, FederateIdentity dest, Message message) {
+        FederationPolicyGraph fpg = getFederationPolicyGraph();
+        Federate srcFederate = fpg.getFederate(src.getFedId());
+        Federate destFederate = fpg.getFederate(dest.getFedId());
+        Set<FederateIdentity> srcFederateIdentities = srcFederate.getGroupIdentities();
+        Set<FederateIdentity> destFederateIdentities = destFederate.getGroupIdentities();
+        String srcCert = null;
+        if (!srcFederateIdentities.isEmpty()) {
+            Iterator<FederateIdentity> it = srcFederateIdentities.iterator();
+            srcCert = it.next().getFedId();
+        } else {
+            logger.warn("Failed to get cert for src.");
+        }
+        String destCert = null;
+        if (!destFederateIdentities.isEmpty()) {
+            Iterator<FederateIdentity> it = destFederateIdentities.iterator();
+            destCert = it.next().getFedId();
+        } else {
+            logger.warn("Failed to get cert for dest.");
+        }
+        Payload<?> messagePayload = message.getPayload();
+        long messageLength = -1;
+        if (messagePayload != null) {
+            byte[] messageBytes = messagePayload.getBytes();
+            if (messageBytes != null) {
+                messageLength = messageBytes.length;
             }
         }
+        if (srcCert != null && destCert != null && messageLength != -1) {
+            fedHubBrokerMetrics.incrementChannelWrite(src.getFedId(), srcCert, dest.getFedId(), destCert, messageLength);
+            fedHubBrokerMetrics.incrementChannelRead(src.getFedId(), srcCert, dest.getFedId(), destCert, messageLength);
+        }
     }
-}
+}
\ No newline at end of file
diff --git a/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubMissionDisruptionManager.java b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubMissionDisruptionManager.java
new file mode 100644
index 00000000..bdb7c9c4
--- /dev/null
+++ b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubMissionDisruptionManager.java
@@ -0,0 +1,272 @@
+package tak.server.federation.hub.broker.db;
+
+import java.io.ByteArrayInputStream;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.stream.Collectors;
+
+import org.bson.Document;
+import org.bson.types.Binary;
+import org.bson.types.ObjectId;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.atakmap.Tak.BinaryBlob;
+import com.atakmap.Tak.FederateHops;
+import com.atakmap.Tak.FederateProvenance;
+import com.atakmap.Tak.ROL;
+import com.bbn.roger.fig.FederationUtils;
+import com.google.protobuf.ByteString;
+import com.mongodb.BasicDBObject;
+
+import tak.server.federation.Federate;
+import tak.server.federation.FederateIdentity;
+import tak.server.federation.FederationPolicyGraph;
+import tak.server.federation.hub.FederationHubDependencyInjectionProxy;
+import tak.server.federation.hub.broker.FederationHubBrokerService;
+
+public class FederationHubMissionDisruptionManager {
+	private static final Logger logger = LoggerFactory.getLogger(FederationHubMissionDisruptionManager.class);
+	
+	private FederationHubDatabaseService federationHubDatabaseService;
+	
+	public FederationHubMissionDisruptionManager (FederationHubDatabaseService federationHubDatabaseService) {
+		this.federationHubDatabaseService = federationHubDatabaseService;
+	}
+	
+	@SuppressWarnings("unchecked")
+	// get all the federates that this new connection is allowed to receive from
+	private Collection<String> getReceivableFederates(String sourceServerId) throws Exception {
+		// make sure all of the persisted federates are in the policy graph
+		for(Document document : federationHubDatabaseService.getFederateMetadatas()) {
+			String federateId = document.getString("federate_id");
+			
+			List<Binary> certs = (List<Binary>) document.get("cert_array");
+			CertificateFactory cf = CertificateFactory.getInstance("X.509");
+			for (Binary cert : certs) {
+				ByteArrayInputStream bais = new ByteArrayInputStream(cert.getData());
+				X509Certificate x509Cert = (X509Certificate) cf.generateCertificate(bais);
+				
+				String issuerDN = x509Cert.getIssuerX500Principal().getName();
+				String group = issuerDN + "-" + FederationUtils.getBytesSHA256(x509Cert.getEncoded());
+				Federate federate = new Federate(new FederateIdentity(federateId));
+				federate.addGroupIdentity(new FederateIdentity(group));
+				List<String> federateGroups = new ArrayList<>();
+				federateGroups.add(group);
+				
+				FederationHubDependencyInjectionProxy.getInstance().fedHubPolicyManager().addCaFederate(federate, federateGroups);
+			}
+		}
+
+		Collection<String> receivableFederates = 
+				FederationHubDependencyInjectionProxy.getInstance().fedHubPolicyManager().getPolicyGraph()
+					.allReceivableFederates(sourceServerId)
+					.stream()
+					.map(f -> f.getFederateIdentity().getFedId())
+					.collect(Collectors.toCollection(HashSet::new));
+		
+		return receivableFederates;
+	}
+
+	@SuppressWarnings("unchecked")
+	public OfflineMissionChanges getMissionChangesAndTrackConnectEvent(String federateServerId, Certificate[] certificates) {
+		OfflineMissionChanges changes = new OfflineMissionChanges();
+	
+		try {
+			Document metadata = federationHubDatabaseService.getFederateMetadata(federateServerId);
+			
+			// if this federate previously connected, only pull changes from last update time
+			Date lastUpdate = new Date(0L);
+			if (metadata != null) {
+				lastUpdate = (Date) metadata.get("last_update");
+			}
+						
+			Date now = new Date();
+			
+			long recencySecs = FederationHubDependencyInjectionProxy.getInstance().fedHubServerConfig().getMissionFederationRecencySeconds();
+			long maxRecencyMillis;
+			if (recencySecs == -1) {
+			    maxRecencyMillis = lastUpdate.getTime();
+			} else {
+			    maxRecencyMillis = now.getTime() - (recencySecs * 1000);
+			}
+
+			long bestRecencyMillis = lastUpdate.getTime() > maxRecencyMillis ? lastUpdate.getTime() : maxRecencyMillis;
+									
+			Collection<String> receivableFederates = getReceivableFederates(federateServerId);
+			// must get updated policy after we check for receivable federates
+			// because getReceivableFederates(...) will modify the graph
+			FederationPolicyGraph policyGraph = FederationHubDependencyInjectionProxy.getInstance().fedHubPolicyManager().getPolicyGraph();
+			
+			for (String receivableFederate: receivableFederates) {
+				// for every federate this newly connected federate can receive from,
+				// pull the offline changes 
+				List<Document> updates = federationHubDatabaseService.getOfflineUpdates(receivableFederate, new Date(bestRecencyMillis));
+				for (Document update: updates) {
+					ROL.Builder rolBuilder = ROL.newBuilder();
+					Document eventRol = update.get("event_rol", Document.class);
+					rolBuilder.setProgram(eventRol.getString("rol_program"));				
+					
+					if (eventRol.containsKey("federate_groups")) {
+						List<String> federateGroups = eventRol.getList("federate_groups", String.class);
+						rolBuilder.addAllFederateGroups(federateGroups);
+					}
+					
+					if (eventRol.containsKey("federate_provenance")) {
+						List<Document> federateProvenances = eventRol.getList("federate_provenance", Document.class);
+						for (Document federateProvenance: federateProvenances) {
+							rolBuilder.addFederateProvenance(FederateProvenance.newBuilder()
+									.setFederationServerName(federateProvenance.getString("federation_server_name"))
+									.setFederationServerId(federateProvenance.getString("federation_server_id")));
+						}
+					}
+					
+					if (eventRol.containsKey("federate_hops")) {
+						Document federateHops = eventRol.get("federate_hops", Document.class);
+						rolBuilder.setFederateHops(FederateHops.newBuilder()
+								.setMaxHops(federateHops.getLong("max_hops"))
+								.setCurrentHops(federateHops.getLong("current_hops")));
+					}
+					
+					ROL rol = rolBuilder.build();
+					
+					// make sure we check reachability if group filtering is active
+					Set<Federate> reachableFederates = FederationHubBrokerService.getGroupFilteredDestinations(rol.getFederateGroupsList(), new FederateIdentity(receivableFederate), policyGraph);
+					boolean isReachable = reachableFederates
+						.stream()
+						.map(f -> f.getFederateIdentity().getFedId())
+						.anyMatch(id -> id.equals(federateServerId));
+					
+					if (isReachable) {
+						if (eventRol.containsKey("resource_object_id")) 
+							changes.addResourceROL(eventRol.getObjectId("resource_object_id"), rolBuilder);
+						else
+							changes.addROL(rol);
+					}
+				}
+			}
+			
+			federationHubDatabaseService.addFederateMetadata(federateServerId, certificates);
+		} catch (Exception e) {
+			logger.error("getMissionChangesAndTrackConnectEvent error", e);
+		}
+		
+		logger.info("Found " + (changes.getRols().size() + changes.getResourceRols().size()) + " mission changes for " + federateServerId);
+		
+		return changes;
+	}
+	
+	public ROL hydrateResourceROL(ObjectId resourceObjectId, ROL.Builder rol) {
+		try {
+			byte[] resource = federationHubDatabaseService.getResource(resourceObjectId);
+			
+			if (resource == null) return rol.build();
+			
+			BinaryBlob blob = BinaryBlob.newBuilder().setData(ByteString.readFrom(new ByteArrayInputStream(resource))).build();
+			rol.addPayload(blob);
+		} catch (Exception e) {
+			logger.error("hydrateResourceROL error", e);
+		}	
+		
+		return rol.build();
+	}
+	
+	public ObjectId addResource(byte[] data, Map<String, Object>  parameters) {
+		try {			
+			return federationHubDatabaseService.addResource(data, parameters);
+		} catch (Exception e) {
+			logger.error("Error adding resource to DB", e);
+			return null;
+		}
+	}
+	
+	public void storeRol(ROL event, String res, String op, Map<String, Object>  parameters, String federateServerId) {	
+		this.storeRol(event, res, op, parameters, federateServerId, null);
+	}
+	
+	public void storeRol(ROL event, String res, String op, Map<String, Object>  parameters, String federateServerId, ObjectId resourceObjectId) {		
+		try {
+			BasicDBObject rolParameters = new BasicDBObject();
+			rolParameters.putAll(parameters);
+					
+			List<BasicDBObject> federateProvenances = null;
+			if (event.getFederateProvenanceList() != null) {
+				federateProvenances = event.getFederateProvenanceList()
+						.stream()
+						.map(p -> {
+							BasicDBObject prov = new BasicDBObject();
+							prov.append("federation_server_id", p.getFederationServerId());
+							prov.append("federation_server_name", p.getFederationServerName());
+							return prov;
+						}).collect(Collectors.toList());
+			}
+			
+			BasicDBObject federateHops = null;
+			if (event.getFederateHops() != null) {
+				federateHops = new BasicDBObject();
+				federateHops.append("max_hops", event.getFederateHops().getMaxHops());
+				federateHops.append("current_hops", event.getFederateHops().getCurrentHops());
+			}
+			
+			BasicDBObject eventRol = new BasicDBObject();
+			eventRol.put("rol_program", event.getProgram());
+			eventRol.put("rol_resource", res);
+			eventRol.put("rol_operation", op);
+			eventRol.put("rol_parameters", rolParameters);
+			eventRol.put("federate_groups", event.getFederateGroupsList());
+			eventRol.put("federate_provenance", federateProvenances);
+			eventRol.put("federate_hops", federateHops);
+			
+			if (resourceObjectId != null) {
+				eventRol.put("resource_object_id", resourceObjectId);
+			}
+			
+			Document doc = new Document();
+			doc.append("federate_id", federateServerId);
+			doc.append("federate_metadata_id", federationHubDatabaseService.getFederateMetadata(federateServerId).get("_id"));
+			doc.append("event_kind", "send-changes");
+			doc.append("received_time", Instant.now());
+			doc.append("event_rol", eventRol);
+
+			federationHubDatabaseService.storeRol(doc);
+		} catch (Exception e) {
+			logger.error("Error storing ROL in DB", e);
+		}
+	}
+	
+	private void isDBAvailable() {
+		
+	}
+	
+	public static final class OfflineMissionChanges {
+		Map<ObjectId, ROL.Builder> resourceRols = new HashMap<>();
+		List<ROL> rols = new ArrayList<>();
+		
+		public Map<ObjectId, ROL.Builder> getResourceRols() {
+			return resourceRols;
+		}
+		
+		public List<ROL> getRols() {
+			return rols;
+		}
+		
+		public void addResourceROL(ObjectId key, ROL.Builder value) {
+			resourceRols.put(key, value);
+		}
+		
+		public void addROL(ROL e) {
+			rols.add(e);
+		}
+	}
+}
diff --git a/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubROLHandler.java b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubROLHandler.java
new file mode 100644
index 00000000..44b140d2
--- /dev/null
+++ b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubROLHandler.java
@@ -0,0 +1,209 @@
+package tak.server.federation.hub.broker;
+
+import static java.util.Objects.requireNonNull;
+
+import java.rmi.RemoteException;
+import java.util.Locale;
+import java.util.Map;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.atomic.AtomicReference;
+
+import org.antlr.v4.runtime.ANTLRInputStream;
+import org.antlr.v4.runtime.BailErrorStrategy;
+import org.antlr.v4.runtime.CommonTokenStream;
+import org.antlr.v4.runtime.tree.ParseTree;
+import org.bson.types.ObjectId;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.atakmap.Tak.ROL;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.base.Predicates;
+import com.google.common.collect.Iterables;
+
+import mil.af.rl.rol.FederationProcessor;
+import mil.af.rl.rol.Resource;
+import mil.af.rl.rol.ResourceOperationParameterEvaluator;
+import mil.af.rl.rol.RolLexer;
+import mil.af.rl.rol.RolParser;
+import tak.server.federation.hub.broker.db.FederationHubMissionDisruptionManager;
+import tak.server.federation.rol.MissionEnterpriseSyncRolVisitor;
+
+public class FederationHubROLHandler {
+	
+	private static final Logger logger = LoggerFactory.getLogger(FederationHubROLHandler.class);
+	private int numThreads = Runtime.getRuntime().availableProcessors() + 1;
+	private ExecutorService executor = Executors.newFixedThreadPool(numThreads);
+	
+	private FederationHubMissionDisruptionManager federationHubMissionDisruptionManager;
+	
+	public FederationHubROLHandler(FederationHubMissionDisruptionManager federationHubMissionDisruptionManager) {
+		this.federationHubMissionDisruptionManager = federationHubMissionDisruptionManager;
+	}
+	
+	public void onNewEvent(ROL rol, String streamKey, String federateServerId) throws RemoteException {
+		executor.execute(() -> {
+			if (rol == null) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping null ROL message");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("Got ROL message: " + rol.getProgram() + " for federateServerId " + federateServerId);
+			}
+			
+			// interpret and execute the ROL program
+			RolLexer lexer = new RolLexer(new ANTLRInputStream(rol.getProgram()));
+
+			CommonTokenStream tokens = new CommonTokenStream(lexer);
+
+			RolParser parser = new RolParser(tokens);
+			parser.setErrorHandler(new BailErrorStrategy());
+
+			// parse the ROL program
+			ParseTree rolParseTree = parser.program();
+
+			requireNonNull(rolParseTree, "parsed ROL program");
+
+			final AtomicReference<String> res = new AtomicReference<>();
+			final AtomicReference<String> op = new AtomicReference<>();
+			final AtomicReference<Object> parameters = new AtomicReference<>();
+
+			new MissionEnterpriseSyncRolVisitor(new ResourceOperationParameterEvaluator<Object, String>() {
+				@Override
+				public String evaluate(String resource, String operation, Object params) {
+					if (logger.isDebugEnabled()) {
+						logger.debug(" evaluating " + operation + " on " + resource + " given " + params);
+					}
+
+					res.set(resource);
+					op.set(operation);
+					parameters.set(params);
+
+					return resource;
+				}
+			}).visit(rolParseTree);
+
+			try {
+				new FederationProcessorFactory().newProcessor(res.get(), op.get(), parameters.get(), streamKey, federateServerId).process(rol);
+			} catch (Exception e) {
+				logger.warn("exception processing incoming ROL", e);
+			}
+		});
+	}
+	
+	class FederationProcessorFactory {
+		FederationProcessor<ROL> newProcessor(String resource, String operation, Object parameters, String streamKey, String federateServerId) {			
+			switch (Resource.valueOf(resource.toUpperCase())) {
+			case PACKAGE:
+				throw new UnsupportedOperationException(
+						"federated mission package processing occurs in core - this ROL should not have been sent");
+			case MISSION:
+				return new FederationMissionProcessor(resource, operation, parameters, streamKey, federateServerId);
+			case DATA_FEED:
+				return new FederationDataFeedProcessor(resource, operation, parameters, streamKey, federateServerId);
+			case RESOURCE:
+				return new FederationSyncResourceProcessor(resource, operation, parameters, streamKey,
+						federateServerId);
+			default:
+				throw new IllegalArgumentException("invalid federation processor kind " + resource);
+			}
+		}
+	}
+
+	private class FederationMissionProcessor implements FederationProcessor<ROL> {
+
+		private final String res;
+		private final String op;
+		private Map<String, Object> parameters;
+		private final String streamKey;
+		private final String federateServerId;
+
+		FederationMissionProcessor(String res, String op, Object parameters, String streamKey, String federateServerId) {
+			this.res = res;
+			this.op = op;
+			this.parameters = objectMapper().convertValue(parameters, Map.class);
+			Iterables.removeIf(this.parameters.values(), Predicates.isNull());
+			this.streamKey = streamKey;
+			this.federateServerId = federateServerId;
+		}
+
+		@Override
+		public void process(ROL source) {
+			federationHubMissionDisruptionManager.storeRol(source, res, op, parameters, federateServerId);
+		}
+	}
+
+	private class FederationDataFeedProcessor implements FederationProcessor<ROL> {
+
+		private final String res;
+		private final String op;
+		private Map<String, Object> parameters;
+		private final String streamKey;
+		private final String federateServerId;
+
+		FederationDataFeedProcessor(String res, String op, Object parameters, String streamKey, String federateServerId) {
+			this.res = res;
+			this.op = op;
+			this.parameters = objectMapper().convertValue(parameters, Map.class);
+			Iterables.removeIf(this.parameters.values(), Predicates.isNull());
+			this.streamKey = streamKey;
+			this.federateServerId = federateServerId;
+		}
+
+		@Override
+		public void process(ROL source) {
+			federationHubMissionDisruptionManager.storeRol(source, res, op, parameters, federateServerId);
+		}
+	}
+
+	private class FederationSyncResourceProcessor implements FederationProcessor<ROL> {
+
+		private final String res;
+		private final String op;
+		private Map<String, Object> parameters;
+		private final String streamKey;
+		private final String federateServerId;
+
+		FederationSyncResourceProcessor(String res, String op, Object parameters, String streamKey, String federateServerId) {
+			this.res = res;
+			this.op = op;
+			this.parameters = objectMapper().convertValue(parameters, Map.class);
+			Iterables.removeIf(this.parameters.values(), Predicates.isNull());
+			this.streamKey = streamKey;
+			this.federateServerId = federateServerId;
+		}
+
+		@Override
+		public void process(ROL source) {
+			switch (op.toLowerCase(Locale.ENGLISH)) {
+			case "create": {
+				if (source.getPayloadList().isEmpty()) {
+					logger.info("empty resource payload");
+					return;
+				}
+
+				byte[] content = source.getPayload(0).getData().toByteArray();
+				ObjectId resId = federationHubMissionDisruptionManager.addResource(content, parameters);
+				federationHubMissionDisruptionManager.storeRol(source, res, op, parameters, federateServerId, resId);
+			}
+				break;
+			default:
+				federationHubMissionDisruptionManager.storeRol(source, res, op, parameters, federateServerId);
+			}
+		}
+	}
+    
+    private ThreadLocal<ObjectMapper> objectMapper = new ThreadLocal<>();
+	
+	private ObjectMapper objectMapper() {
+		if (objectMapper.get() == null) {
+			objectMapper.set(new ObjectMapper());
+		}
+		
+		return objectMapper.get();
+	}
+}
diff --git a/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubServer.java b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubServer.java
index ed57f880..66d3159e 100644
--- a/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubServer.java
+++ b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/FederationHubServer.java
@@ -5,6 +5,7 @@
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.util.UUID;
+import java.util.concurrent.TimeUnit;
 
 import org.apache.ignite.Ignite;
 import org.apache.ignite.Ignition;
@@ -14,134 +15,187 @@
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration;
+import org.springframework.cache.CacheManager;
+import org.springframework.cache.annotation.EnableCaching;
+import org.springframework.cache.caffeine.CaffeineCacheManager;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
+import org.springframework.data.mongodb.core.MongoTemplate;
 
 import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import com.github.benmanes.caffeine.cache.Caffeine;
 import com.google.common.base.Strings;
 
 import tak.server.federation.hub.FederationHubConstants;
 import tak.server.federation.hub.FederationHubDependencyInjectionProxy;
 import tak.server.federation.hub.FederationHubUtils;
+import tak.server.federation.hub.broker.db.FederationHubDatabaseService;
+import tak.server.federation.hub.broker.db.FederationHubDatabaseServiceImpl;
+import tak.server.federation.hub.broker.db.FederationHubMissionDisruptionManager;
+import tak.server.federation.hub.db.FederationHubDatabase;
 import tak.server.federation.hub.policy.FederationHubPolicyManager;
 import tak.server.federation.hub.policy.FederationHubPolicyManagerProxyFactory;
 
-@SpringBootApplication
+@SpringBootApplication(exclude = {MongoAutoConfiguration.class})
+@EnableCaching
 public class FederationHubServer implements CommandLineRunner {
 
-    private static final String DEFAULT_CONFIG_FILE = "/opt/tak/federation-hub/configs/federation-hub-broker.yml";
-
-    private static final Logger logger = LoggerFactory.getLogger(FederationHubServer.class);
-
-    private static Ignite ignite = null;
-
-    private static String configFile;
-
-    public static void main(String[] args) {
-    	
-        if (args.length > 1) {
-            System.err.println("Usage: java -jar federation-hub-broker.jar [CONFIG_FILE_PATH]");
-            return;
-        } else if (args.length == 1) {
-            configFile = args[0];
-        } else if (!Strings.isNullOrEmpty(System.getProperty("FEDERATION_HUB_BROKER_CONFIG"))) {
-        	configFile = System.getProperties().getProperty("FEDERATION_HUB_BROKER_CONFIG");
-        } else {
-            configFile = DEFAULT_CONFIG_FILE;
-        }
-
-        SpringApplication application = new SpringApplication(FederationHubServer.class);
-
-        ignite = Ignition.getOrStart(FederationHubUtils.getIgniteConfiguration(
-           FederationHubConstants.FEDERATION_HUB_BROKER_IGNITE_PROFILE,
-           true));
-        if (ignite == null) {
-            System.exit(1);
-        }
-
-        ApplicationContext context = application.run(args);
-    }
-    
-    @Override
-    public void run(String... args) throws Exception {}
-
-    @Bean
-    public FederationHubDependencyInjectionProxy dependencyProxy() {
-        return new FederationHubDependencyInjectionProxy();
-    }
-    
-    @Bean
-    public FederationHubBroker federationHubBroker(Ignite ignite) {
-    	FederationHubBrokerImpl hb = new FederationHubBrokerImpl();
-        ClusterGroup cg = ignite.cluster().forAttribute(
-            FederationHubConstants.FEDERATION_HUB_IGNITE_PROFILE_KEY,
-            FederationHubConstants.FEDERATION_HUB_BROKER_IGNITE_PROFILE);
-        ignite.services(cg).deployClusterSingleton(
-            FederationHubConstants.FED_HUB_BROKER_SERVICE, hb);
-        
-        return hb;
-    }
-
-    @Bean
-    public Ignite getIgnite() {
-        return ignite;
-    }
-
-    @Bean
-    public FederationHubPolicyManagerProxyFactory fedHubPolicyManagerProxyFactory() {
-        return new FederationHubPolicyManagerProxyFactory();
-    }
-
-    @Bean
-    public SSLConfig getSslConfig() {
-        return new SSLConfig();
-    }
-    
-    @Bean
-    public HubConnectionStore hubConnectionStore() {
-    	return new HubConnectionStore();
-    }
-
-    @Bean
-    public FederationHubServerConfig getFedHubConfig()
-            throws JsonParseException, JsonMappingException, IOException {
-    	FederationHubServerConfig config = loadConfig(configFile);
-    	if (Strings.isNullOrEmpty(config.getId())) {
-    		config.setId(UUID.randomUUID().toString().replace("-", ""));
-    		saveConfig(configFile, config);
-    	}
-    	    	
-        return loadConfig(configFile);
-    }
-    
-    @Bean
-    @Order(Ordered.LOWEST_PRECEDENCE)
-    public FederationHubBrokerService FederationHubBrokerService(Ignite ignite, SSLConfig getSslConfig, FederationHubServerConfig fedHubConfig, FederationHubPolicyManager fedHubPolicyManager, HubConnectionStore hubConnectionStore) {
-    	return new FederationHubBrokerService(ignite, getSslConfig, fedHubConfig, fedHubPolicyManager, hubConnectionStore);
-    }
-    
-    private FederationHubServerConfig loadConfig(String configFile)
-            throws JsonParseException, JsonMappingException, FileNotFoundException, IOException {
-        if (getClass().getResource(configFile) != null) {
-            // It's a resource.
-            return new ObjectMapper(new YAMLFactory()).readValue(getClass().getResourceAsStream(configFile),
-                FederationHubServerConfig.class);
-        }
-
-        // It's a file.
-        return new ObjectMapper(new YAMLFactory()).readValue(new FileInputStream(configFile),
-            FederationHubServerConfig.class);
-    }
-    
-    private void saveConfig(String configFile, FederationHubServerConfig config)
-            throws JsonParseException, JsonMappingException, FileNotFoundException, IOException {
-    	
-    	ObjectMapper om = new ObjectMapper(new YAMLFactory());
-    	om.writeValue(new File(configFile), config);
-    }
-}
+	private static final String DEFAULT_CONFIG_FILE = "/opt/tak/federation-hub/configs/federation-hub-broker.yml";
+
+	private static final Logger logger = LoggerFactory.getLogger(FederationHubServer.class);
+
+	private static Ignite ignite = null;
+
+	private static String configFile;
+
+	public static void main(String[] args) throws FileNotFoundException, IOException {
+		if (args.length > 1) {
+			System.err.println("Usage: java -jar federation-hub-broker.jar [CONFIG_FILE_PATH]");
+			return;
+		} else if (args.length == 1) {
+			configFile = args[0];
+		} else if (!Strings.isNullOrEmpty(System.getProperty("FEDERATION_HUB_BROKER_CONFIG"))) {
+			configFile = System.getProperties().getProperty("FEDERATION_HUB_BROKER_CONFIG");
+		} else {
+			configFile = DEFAULT_CONFIG_FILE;
+		}
+
+		SpringApplication application = new SpringApplication(FederationHubServer.class);
+
+		ignite = Ignition.getOrStart(FederationHubUtils
+				.getIgniteConfiguration(FederationHubConstants.FEDERATION_HUB_BROKER_IGNITE_PROFILE, true));
+		if (ignite == null) {
+			System.exit(1);
+		}
+
+		ApplicationContext context = application.run(args);
+	}
+
+	@Override
+	public void run(String... args) throws Exception {
+	}
+
+	@Bean
+	public FederationHubDependencyInjectionProxy dependencyProxy() {
+		return new FederationHubDependencyInjectionProxy();
+	}
+
+	@Bean
+	public FederationHubBroker federationHubBroker(Ignite ignite) {
+		FederationHubBrokerImpl hb = new FederationHubBrokerImpl();
+		ClusterGroup cg = ignite.cluster().forAttribute(FederationHubConstants.FEDERATION_HUB_IGNITE_PROFILE_KEY,
+				FederationHubConstants.FEDERATION_HUB_BROKER_IGNITE_PROFILE);
+		ignite.services(cg).deployClusterSingleton(FederationHubConstants.FED_HUB_BROKER_SERVICE, hb);
+
+		return hb;
+	}
+
+	@Bean
+	public Ignite getIgnite() {
+		return ignite;
+	}
+
+	@Bean
+	public FederationHubPolicyManagerProxyFactory fedHubPolicyManagerProxyFactory() {
+		return new FederationHubPolicyManagerProxyFactory();
+	}
+
+	@Bean
+	public SSLConfig getSslConfig() {
+		return new SSLConfig();
+	}
+
+	@Bean
+	public HubConnectionStore hubConnectionStore() {
+		return new HubConnectionStore();
+	}
+
+	@Bean
+	public FederationHubBrokerMetrics federationHubBrokerMetrics() {
+		return new FederationHubBrokerMetrics();
+	}
+
+	@Bean
+	public FederationHubServerConfig getFedHubConfig() throws JsonParseException, JsonMappingException, IOException {
+		FederationHubServerConfig config = loadConfig(configFile);
+		if (Strings.isNullOrEmpty(config.getId())) {
+			config.setId(UUID.randomUUID().toString().replace("-", ""));
+			saveConfig(configFile, config);
+		}
+
+		return loadConfig(configFile);
+	}
+
+	@Bean
+	@Order(Ordered.LOWEST_PRECEDENCE)
+	public FederationHubBrokerService FederationHubBrokerService(Ignite ignite, SSLConfig getSslConfig,
+			FederationHubServerConfig fedHubConfig, FederationHubPolicyManager fedHubPolicyManager,
+			HubConnectionStore hubConnectionStore, FederationHubMissionDisruptionManager federationHubMissionDisruptionManager,
+		 	FederationHubBrokerMetrics fedHubBrokerMetrics) {
+
+		return  new FederationHubBrokerService(ignite, getSslConfig, fedHubConfig,
+				fedHubPolicyManager, hubConnectionStore, federationHubMissionDisruptionManager,
+				fedHubBrokerMetrics);
+	}
+
+	@Bean
+	public CacheManager cacheManager() {
+		Caffeine<Object, Object>  caffeine = Caffeine.newBuilder()
+				.initialCapacity(100)
+				.maximumSize(150)
+				.expireAfterAccess(5, TimeUnit.MINUTES)
+				.recordStats();
+
+		CaffeineCacheManager cacheManager = new CaffeineCacheManager("federate-connect-disconnect", "federate_metadata");
+		cacheManager.setAllowNullValues(true); // can happen if you get a value from a @Cachable that returns null
+		cacheManager.setCaffeine(caffeine);
+		return cacheManager;
+	}
+
+	@Bean
+	public FederationHubMissionDisruptionManager federationHubMissionDisruptionManager(FederationHubDatabaseService federationHubDatabaseService) {
+		return new FederationHubMissionDisruptionManager(federationHubDatabaseService);
+	}
+
+	@Bean
+	public FederationHubDatabaseService HubDataBaseService(FederationHubDatabase federationHubDatabase, CacheManager cacheManager) {
+		return new FederationHubDatabaseServiceImpl(federationHubDatabase, cacheManager);
+	}
+
+	@Bean
+	public FederationHubDatabase federationHubDatabase(FederationHubServerConfig fedHubConfig) {
+		return new FederationHubDatabase(fedHubConfig.getDbUsername(), fedHubConfig.getDbPassword(),
+				fedHubConfig.getDbHost(), fedHubConfig.getDbPort());
+	}
+
+	@Bean
+	public MongoTemplate mongoTemplate(FederationHubDatabase hubDatabase) throws Exception {
+		return new MongoTemplate(hubDatabase.getClient(), "cot");
+	}
+
+	private FederationHubServerConfig loadConfig(String configFile)
+			throws JsonParseException, JsonMappingException, FileNotFoundException, IOException {
+		if (getClass().getResource(configFile) != null) {
+			// It's a resource.
+			return new ObjectMapper(new YAMLFactory()).readValue(getClass().getResourceAsStream(configFile),
+					FederationHubServerConfig.class);
+		}
+
+		// It's a file.
+		return new ObjectMapper(new YAMLFactory()).readValue(new FileInputStream(configFile),
+				FederationHubServerConfig.class);
+	}
+
+	private void saveConfig(String configFile, FederationHubServerConfig config)
+			throws JsonParseException, JsonMappingException, FileNotFoundException, IOException {
+
+		ObjectMapper om = new ObjectMapper(new YAMLFactory());
+		om.writeValue(new File(configFile), config);
+	}
+}
\ No newline at end of file
diff --git a/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/HubFigClient.java b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/HubFigClient.java
index 934abd37..77684093 100644
--- a/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/HubFigClient.java
+++ b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/HubFigClient.java
@@ -3,12 +3,15 @@
 import static io.grpc.MethodDescriptor.generateFullMethodName;
 import static java.util.Objects.requireNonNull;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.Serializable;
+import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Comparator;
 import java.util.List;
+import java.util.Map.Entry;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.concurrent.BlockingQueue;
@@ -21,11 +24,15 @@
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicLong;
 import java.util.stream.Collectors;
 
+import org.bson.types.ObjectId;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 
+import com.atakmap.Tak.BinaryBlob;
 import com.atakmap.Tak.ClientHealth;
 import com.atakmap.Tak.FederateGroups;
 import com.atakmap.Tak.FederatedChannelGrpc;
@@ -34,6 +41,7 @@
 import com.atakmap.Tak.FederatedEvent;
 import com.atakmap.Tak.Identity;
 import com.atakmap.Tak.ROL;
+import com.atakmap.Tak.ROL.Builder;
 import com.atakmap.Tak.ServerHealth;
 import com.atakmap.Tak.ServerHealth.ServingStatus;
 import com.atakmap.Tak.Subscription;
@@ -42,6 +50,7 @@
 import com.bbn.roger.fig.Propagator;
 import com.google.common.collect.ComparisonChain;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
+import com.google.protobuf.ByteString;
 
 import io.grpc.ClientCall;
 import io.grpc.ManagedChannel;
@@ -65,6 +74,7 @@
 import tak.server.federation.FederationPolicyGraph;
 import tak.server.federation.GuardedStreamHolder;
 import tak.server.federation.hub.FederationHubDependencyInjectionProxy;
+import tak.server.federation.hub.broker.db.FederationHubMissionDisruptionManager;
 import tak.server.federation.hub.broker.events.HubClientDisconnectEvent;
 import tak.server.federation.hub.ui.graph.FederationOutgoingCell;
 
@@ -75,11 +85,13 @@
  */
 public class HubFigClient implements Serializable {
 
+	private static final long serialVersionUID = 1L;
+
 	private static final Logger logger = LoggerFactory.getLogger(HubFigClient.class);
 
 	private static final int NUM_AVAIL_CORES = Runtime.getRuntime().availableProcessors();
 
-	private static ScheduledExecutorService scheduler = Executors.newSingleThreadScheduledExecutor();
+	private ScheduledExecutorService scheduler = Executors.newSingleThreadScheduledExecutor();
 
 	// shared executor
 	public static final ExecutorService federationGrpcExecutor = newGrpcThreadPoolExecutor("grpc-federation-executor",1, NUM_AVAIL_CORES);
@@ -106,6 +118,7 @@ private static EventLoopGroup newGrpcEventLoopGroup(String name, int maxPoolSize
 	private FederationHubServerConfig fedHubConfig;
 	private String host;
 	private int port;
+	private X509Certificate[] sessionCerts;
 	private String fedName;
 	private String clientUid = UUID.randomUUID().toString().replace("-", "");
 
@@ -132,8 +145,11 @@ private static EventLoopGroup newGrpcEventLoopGroup(String name, int maxPoolSize
 	private Subscription serverSubscription;
 	private HubConnectionInfo info;
 	
-	public HubFigClient(FederationHubServerConfig fedHubConfig, FederationOutgoingCell federationOutgoingCell) {
+	private FederationHubMissionDisruptionManager federationHubMissionDisruptionManager;
+	
+	public HubFigClient(FederationHubServerConfig fedHubConfig, FederationHubMissionDisruptionManager federationHubMissionDisruptionManager, FederationOutgoingCell federationOutgoingCell) {
 		this.fedHubConfig = fedHubConfig;
+		this.federationHubMissionDisruptionManager = federationHubMissionDisruptionManager;
 		this.host = federationOutgoingCell.getProperties().getHost();
 		this.port = federationOutgoingCell.getProperties().getPort();
 		this.fedName = federationOutgoingCell.getProperties().getOutgoingName();
@@ -192,7 +208,7 @@ public void onCompleted() {}
 				new StreamObserver<FederateGroups>() {
 
 					@Override
-					public void onNext(FederateGroups value) {						
+					public void onNext(FederateGroups value) {
 						// once the group stream is established, we are ready to setup event streaming
 						if (value.getStreamUpdate() != null && value.getStreamUpdate().getStatus() == ServingStatus.SERVING) {
 							setupEventStreamSender();
@@ -295,8 +311,10 @@ private ManagedChannel openFigConnection(final String host, final int port, SslC
 					@Override
 					public X509Certificate[] propogate(X509Certificate[] certs) {
 						try {
+							sessionCerts = certs;
 							X509Certificate clientCert = certs[0];
 							X509Certificate caCert = certs[1];
+
 							String fingerprint = FederationUtils.getBytesSHA256(clientCert.getEncoded());
 							String issuerDN = clientCert.getIssuerX500Principal().getName();
 							String issuerCN = Optional.ofNullable(FederationHubBrokerImpl.getCN(issuerDN)).map(cn -> cn.toLowerCase()).orElse("");							
@@ -472,7 +490,7 @@ public int compare(FederatedEvent a, FederatedEvent b) {
             FederateEdge edge = fpg.getEdge(otherClientNode, clientNode);
             if (otherClientNode != null && edge != null) {
                 for (FederatedEvent event : otherClient.getCache()) {
-                	if(FederationHubBrokerService.isDestinationReachableByGroupFilter(edge, event.getFederateGroupsList())) {
+                	if (FederationHubBrokerService.isDestinationEdgeReachableByGroupFilter(edge, event.getFederateGroupsList())) {
 	                	eventStreamHolder.send(event);
 	                    if (logger.isDebugEnabled()) {
 	                        logger.debug("Sending v2 cached " + event +
@@ -524,7 +542,31 @@ public int compare(ROL a, ROL b) {
                 }, true
             );
 		
+		// get the changes, but don't send till we add the rolStream because the stream will get used
+        // down the line for getting the session id        
+		FederationHubMissionDisruptionManager.OfflineMissionChanges changes = null;
+        if (fedHubConfig.isMissionFederationDisruptionEnabled()) {
+        	changes = federationHubMissionDisruptionManager.getMissionChangesAndTrackConnectEvent(
+            		rolStreamHolder.getFederateIdentity().getFedId(), sessionCerts);
+        }
+		
 		FederationHubDependencyInjectionProxy.getInstance().hubConnectionStore().addRolStream(fedName, rolStreamHolder);
+		
+		AtomicLong delayMs = new AtomicLong(5000l);
+		
+		if (changes != null) {
+			for(final Entry<ObjectId, ROL.Builder> entry: changes.getResourceRols().entrySet()) {
+				FederationHubBrokerService.getInstance().getMfdtScheduler().schedule(() -> {
+					ROL rol = federationHubMissionDisruptionManager.hydrateResourceROL(entry.getKey(), entry.getValue());
+					rolStreamHolder.send(rol);
+				}, delayMs.getAndAdd(500), TimeUnit.MILLISECONDS);
+			}
+			for(final ROL rol: changes.getRols()) {
+				FederationHubBrokerService.getInstance().getMfdtScheduler().schedule(() -> {
+					rolStreamHolder.send(rol);
+				}, delayMs.getAndAdd(100), TimeUnit.MILLISECONDS);
+			}
+		}
 	}
 
 	private final AtomicBoolean hasDisconnected = new AtomicBoolean(false);
diff --git a/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/db/FederationHubDatabaseService.java b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/db/FederationHubDatabaseService.java
new file mode 100644
index 00000000..dce96abb
--- /dev/null
+++ b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/db/FederationHubDatabaseService.java
@@ -0,0 +1,25 @@
+package tak.server.federation.hub.broker.db;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.bson.Document;
+import org.bson.types.ObjectId;
+
+public interface FederationHubDatabaseService {
+	
+	void storeRol(Document rol);
+
+	Document addFederateMetadata(String id, Certificate[] certificates);
+	Document getFederateMetadata(String id);
+	List<Document> getFederateMetadatas();
+
+	void trackFederateConnect(String id);
+
+	ObjectId addResource(byte[] data, Map<String, Object> parameters);
+	byte[] getResource(ObjectId resourceObjectId);
+
+	List<Document> getOfflineUpdates(String id, Date lastUpdate);
+}
diff --git a/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/db/FederationHubDatabaseServiceImpl.java b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/db/FederationHubDatabaseServiceImpl.java
new file mode 100644
index 00000000..7af5b37e
--- /dev/null
+++ b/src/federation-hub-broker/src/main/java/tak/server/federation/hub/broker/db/FederationHubDatabaseServiceImpl.java
@@ -0,0 +1,289 @@
+package tak.server.federation.hub.broker.db;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.Certificate;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+
+import org.bson.Document;
+import org.bson.conversions.Bson;
+import org.bson.types.ObjectId;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.cache.CacheManager;
+import org.springframework.cache.annotation.CachePut;
+import org.springframework.cache.annotation.Cacheable;
+
+import com.github.benmanes.caffeine.cache.Cache;
+import com.github.benmanes.caffeine.cache.stats.CacheStats;
+import com.google.common.io.ByteSource;
+import com.mongodb.MongoException;
+import com.mongodb.client.MongoCollection;
+import com.mongodb.client.gridfs.GridFSBucket;
+import com.mongodb.client.gridfs.GridFSBuckets;
+import com.mongodb.client.gridfs.GridFSDownloadStream;
+import com.mongodb.client.gridfs.GridFSFindIterable;
+import com.mongodb.client.gridfs.model.GridFSUploadOptions;
+import com.mongodb.client.model.Filters;
+import com.mongodb.client.model.Sorts;
+import com.mongodb.client.model.UpdateOptions;
+import com.mongodb.client.model.Updates;
+import com.mongodb.client.result.DeleteResult;
+import com.mongodb.client.result.InsertOneResult;
+import com.mongodb.client.result.UpdateResult;
+
+import tak.server.federation.hub.FederationHubDependencyInjectionProxy;
+import tak.server.federation.hub.db.FederationHubDatabase;
+
+public class FederationHubDatabaseServiceImpl implements FederationHubDatabaseService {
+	private static final Logger logger = LoggerFactory.getLogger(FederationHubDatabaseService.class);
+	
+	private static final String FEDERATE_EVENT_COLLECTION_NAME = "federate_event";
+	private static final String FEDERATE_METADATA_COLLECTION_NAME = "federate_metadata";
+	private static final String FEDERATE_RESOURCES_COLLECTION_NAME = "mission_resources";
+	
+	private ScheduledExecutorService scheduler = Executors.newSingleThreadScheduledExecutor();
+
+	private FederationHubDatabase federationHubDatabase;
+	private CacheManager cacheManager;
+	
+	public FederationHubDatabaseServiceImpl(FederationHubDatabase federationHubDatabase, CacheManager cacheManager) {
+		this.federationHubDatabase = federationHubDatabase;
+		this.cacheManager = cacheManager;
+		
+		scheduler.scheduleWithFixedDelay(() -> {
+			try {
+				if (!isDBConnected())
+					return;
+				
+				long retentionDays = FederationHubDependencyInjectionProxy.getInstance().fedHubServerConfig().getMissionFederationDBRetentionDays();
+				
+				// delete expired events based on received_time
+				Bson receivedTimeFilter = Filters.lt("received_time", new Date(Instant.now().toEpochMilli() - retentionDays*24*60*60 * 1000));
+				DeleteResult eventDeleteResult = federateEventCollection().deleteMany(receivedTimeFilter);
+				
+				if (logger.isDebugEnabled()) {
+					logger.debug("Deleted " + eventDeleteResult.getDeletedCount() + " events from the database");
+				}
+				
+				// delete expired resources based on uploadDate
+				Bson uploadDateFilter = Filters.lt("uploadDate", new Date(Instant.now().toEpochMilli() - retentionDays*24*60*60 * 1000));
+				GridFSFindIterable filesToDelete = resourceCollection().find(uploadDateFilter);
+				
+				filesToDelete.forEach(file -> {
+					resourceCollection().delete(file.getObjectId());
+				});
+	        } catch (MongoException me) {
+	        	logger.error("retention scheduler error: ", me);
+	        }
+			
+		}, 10, 60, TimeUnit.SECONDS);
+	}
+	
+	@Override
+	public List<Document> getOfflineUpdates(String id, Date lastUpdate) {
+		List<Document> updates = new ArrayList<>();
+		
+		if (!isDBConnected())
+			return updates;
+		
+        try {
+        	Bson sort = Sorts.ascending("received_time");
+        	Bson dateFilter = Filters.gte("received_time", lastUpdate);
+        	Bson findFilter = Filters.eq("federate_id", id);
+        	
+        	updates.addAll(federateEventCollection()
+        			.find(findFilter)
+        			.filter(dateFilter)
+        			.sort(sort)
+        			.into(new ArrayList<Document>()));
+        } catch (MongoException me) {
+        	logger.error("getOfflineUpdates error: ", me);
+        }
+        
+        return updates;
+	}
+	
+	@Override
+	public void trackFederateConnect(String id) {
+		if (!isDBConnected())
+			return;
+		
+        try {
+            InsertOneResult result = federateEventCollection().insertOne(new Document()
+                    .append("_id", new ObjectId())
+                    .append("federate_id", id)
+                    .append("event_kind", "connect")
+                    .append("event_time", Instant.now())
+                    .append("remote", true));            
+        } catch (MongoException me) {
+        	logger.error("trackFederateConnect error: ", me);
+        }
+	}
+	
+	@Override
+	public void storeRol(Document rol) {
+		if (!isDBConnected())
+			return;
+		
+		try {
+			InsertOneResult result = federateEventCollection().insertOne(rol);
+		} catch (MongoException me) {
+			logger.error("storeRol error: ", me);
+		}
+	}
+	
+	@Override
+	public ObjectId addResource(byte[] data, Map<String, Object>  parameters) {
+		if (!isDBConnected())
+			return null;
+		
+         try {
+        	Document metadata = new Document();
+        	metadata.putAll(parameters);
+			InputStream streamToUploadFrom = ByteSource.wrap(data).openStream();
+			GridFSUploadOptions options = new GridFSUploadOptions()
+                    .chunkSizeBytes(1048576)
+                    .metadata(metadata);
+            ObjectId fileId = resourceCollection().uploadFromStream((String) parameters.get("filename"), streamToUploadFrom, options);
+            return fileId;
+		} catch (IOException e) {
+			logger.error("Error writing resource", e);
+		}
+		return null;
+	}
+	
+	@Override
+	public byte[] getResource(ObjectId resourceObjectId) {
+		if (!isDBConnected())
+			return null;
+		
+         try {
+             try (GridFSDownloadStream downloadStream = resourceCollection().openDownloadStream(resourceObjectId)) {
+                 int fileLength = (int) downloadStream.getGridFSFile().getLength();
+                 
+     			long maxSizeBytes = FederationHubDependencyInjectionProxy.getInstance().fedHubServerConfig().getMissionFederationDisruptionMaxFileSizeBytes();
+    			if (fileLength > maxSizeBytes) {
+    				logger.info("File size of " + fileLength + " exceeds config limit of " + maxSizeBytes + "MB. Skipping " + downloadStream.getGridFSFile().getMetadata());
+    				return null;
+    			}
+                 
+                 byte[] bytesToWriteTo = new byte[fileLength];
+                 downloadStream.read(bytesToWriteTo);
+                 return bytesToWriteTo;
+             }
+		} catch (Exception e) {
+			logger.error("Error reading resource", e);
+		}
+		return null;
+	}
+
+	@Override
+	@Cacheable(value = "federate_metadata", key = "{#root.args[0]}", sync = true)
+	public Document getFederateMetadata(String federateServerId) {
+		if (!isDBConnected())
+			return null;
+		
+		try {
+			Bson filter = Filters.eq("federate_id", federateServerId);
+			Document result = federateMetadataCollection().find(filter).first();
+			return result;
+		} catch (MongoException me) {
+			logger.error("getFederateMetadata error", me);
+			return null;
+		}
+	}
+	
+	@Override
+	public List<Document> getFederateMetadatas() {
+		List<Document> results = new ArrayList<>();
+
+		if (!isDBConnected())
+			return results;
+		
+		try {
+			results.addAll(federateMetadataCollection().find().into(new ArrayList<Document>()));
+		} catch (MongoException me) {
+			logger.error("getFederateMetadatas error", me);
+		}
+		return results;
+	}
+
+	@Override
+	@CachePut(value = "federate_metadata", key = "{#root.args[0]}")
+	public Document addFederateMetadata(String id, Certificate[] certificates) {
+		if (!isDBConnected())
+			return null;
+		
+        try {
+        	List<byte[]> binaryCerts = new ArrayList<>();
+        	for (int i = 1; i < certificates.length; i++) {
+        		if (certificates[i] == null) {
+                    break;
+                }
+        		binaryCerts.add(certificates[i].getEncoded());
+        	}
+        	
+        	Bson filter = Filters.eq("federate_id", id);
+        	Bson update = Updates.combine(
+        			Updates.set("federate_id", id), 
+        			Updates.set("cert_array", binaryCerts), 
+        			Updates.set("last_update", Instant.now()));
+        	
+        	UpdateOptions options = new UpdateOptions().upsert(true);
+        	
+        	UpdateResult result = federateMetadataCollection().updateOne(filter, update, options);
+            
+            return federateMetadataCollection().find(filter).first();
+        } catch (Exception e) {
+        	logger.error("addFederateMetadata error", e);
+        	return null;
+        }
+	}
+	
+	private MongoCollection<Document> federateEventCollection;
+	private MongoCollection<Document> federateEventCollection() {
+		if (federateEventCollection == null)
+			federateEventCollection = federationHubDatabase.getDB().getCollection(FEDERATE_EVENT_COLLECTION_NAME);
+		
+		return federateEventCollection;
+	}
+	
+	private MongoCollection<Document> federateMetadataCollection;
+	private MongoCollection<Document> federateMetadataCollection() {
+		if (federateMetadataCollection == null)
+			federateMetadataCollection = federationHubDatabase.getDB().getCollection(FEDERATE_METADATA_COLLECTION_NAME);
+		
+		return federateMetadataCollection;
+	}
+	
+	private GridFSBucket gridFSBucket;
+	private GridFSBucket resourceCollection() {
+		if (gridFSBucket == null)
+			gridFSBucket = GridFSBuckets.create(federationHubDatabase.getDB(), FEDERATE_RESOURCES_COLLECTION_NAME);
+		
+		return gridFSBucket;
+	}
+	
+	private CacheStats getCoffeeCacheStats(String cacheName) {
+		try {
+			 org.springframework.cache.Cache cache = cacheManager.getCache(cacheName);
+		        Cache nativeCoffeeCache = (Cache) cache.getNativeCache();
+		        return nativeCoffeeCache.stats();
+		} catch(Exception e) {
+			logger.error("getCoffeeCacheStats: " + cacheName, e);
+		}
+		return null;
+    }
+	
+	private boolean isDBConnected() {
+		return federationHubDatabase.isDBConnected();
+	}
+}
diff --git a/src/federation-hub-broker/src/main/resources/federation-hub-broker-docker.yml b/src/federation-hub-broker/src/main/resources/federation-hub-broker-docker.yml
new file mode 100644
index 00000000..9d5e36e9
--- /dev/null
+++ b/src/federation-hub-broker/src/main/resources/federation-hub-broker-docker.yml
@@ -0,0 +1,46 @@
+keystoreType: JKS
+keystoreFile: /opt/tak/federation-hub/certs/files/takserver.jks
+keystorePassword: atakatak
+
+truststoreType: JKS
+truststoreFile: /opt/tak/federation-hub/certs/files/fed-truststore.jks
+truststorePassword: atakatak
+
+keyManagerType: SunX509
+
+# v1 federation only.
+v1Enabled: true
+v1Port: 9101
+useEpoll: true
+context: TLSv1.2
+allow128cipher: true
+allowNonSuiteB: true
+enableOCSP: false
+tlsVersions:
+ - TLSv1.2
+ - TLSv1.3
+
+# v2 federation only.
+v2Enabled: true
+v2Port: 9102
+maxMessageSizeBytes: 268435456
+metricsLogIntervalSeconds: 5
+clientTimeoutTime: 15
+clientRefreshTime: 5
+enableHealthCheck: true
+useCaGroups: true
+
+dbUsername: martiuser
+dbPassword:
+
+dbPort: 27017
+dbHost: hub-db
+dbConnectionTimeoutMS: 5000
+
+# mission federation DB retention days - how long to keep mission events in the database before permanently deleting them 
+missionFederationDBRetentionDays: 7
+# mission federation recency seconds - how far back to look for offline changes (default 12 hours)
+missionFederationRecencySeconds: 43200
+missionFederationDisruptionEnabled: false
+missionFederationDisruptionMaxFileSizeBytes: 200
+
diff --git a/src/federation-hub-broker/src/main/resources/federation-hub-broker.yml b/src/federation-hub-broker/src/main/resources/federation-hub-broker.yml
index 107e2d69..832bffe1 100644
--- a/src/federation-hub-broker/src/main/resources/federation-hub-broker.yml
+++ b/src/federation-hub-broker/src/main/resources/federation-hub-broker.yml
@@ -1,9 +1,9 @@
 keystoreType: JKS
-keystoreFile: /opt/tak/certs/files/takserver.jks
+keystoreFile: /opt/tak/federation-hub/certs/files/takserver.jks
 keystorePassword: atakatak
 
 truststoreType: JKS
-truststoreFile: /opt/tak/certs/files/fed-truststore.jks
+truststoreFile: /opt/tak/federation-hub/certs/files/fed-truststore.jks
 truststorePassword: atakatak
 
 keyManagerType: SunX509
@@ -23,9 +23,24 @@ tlsVersions:
 # v2 federation only.
 v2Enabled: true
 v2Port: 9102
-maxMessageSizeBytes: 67108864
+maxMessageSizeBytes: 268435456
 metricsLogIntervalSeconds: 5
 clientTimeoutTime: 15
 clientRefreshTime: 5
 enableHealthCheck: true
 useCaGroups: true
+
+dbUsername: martiuser
+dbPassword:
+
+dbPort: 27017
+dbHost: localhost
+dbConnectionTimeoutMS: 5000
+
+# mission federation DB retention days - how long to keep mission events in the database before permanently deleting them 
+missionFederationDBRetentionDays: 7
+# mission federation recency seconds - how far back to look for offline changes (default 12 hours)
+missionFederationRecencySeconds: 43200
+missionFederationDisruptionEnabled: false
+missionFederationDisruptionMaxFileSizeBytes: 200
+
diff --git a/src/federation-hub-policy/build.gradle b/src/federation-hub-policy/build.gradle
index a2cca44f..42c79ffa 100644
--- a/src/federation-hub-policy/build.gradle
+++ b/src/federation-hub-policy/build.gradle
@@ -11,7 +11,6 @@ jar {
 apply plugin: 'eclipse'
 apply plugin: 'idea'
 apply plugin: 'org.springframework.boot'
-apply plugin: 'io.spring.dependency-management'
 
 jar {
     enabled = false
@@ -36,7 +35,6 @@ dependencies {
   implementation group: 'xerces', name: 'xercesImpl', version: xerces_version
   implementation group: 'org.slf4j', name: 'slf4j-api', version: slf4j_version
 
-  // exclude log4j from fed common
    implementation(project(':federation-common')) {
     exclude group: 'log4j', module: 'log4j'
     exclude group: 'org.apache.logging.log4j'
@@ -50,13 +48,13 @@ dependencies {
   implementation group: 'org.apache.ignite', name: 'ignite-kubernetes', version: ignite_version
   implementation group: 'org.apache.ignite', name: 'ignite-slf4j', version: ignite_version
 
-  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: spring_boot_version
   implementation group: 'org.springframework.boot', name: 'spring-boot-loader', version: spring_boot_version
-  implementation group: 'org.springframework', name: 'spring-context'
+  implementation group: 'org.springframework', name: 'spring-context', version: spring_version
 
   testImplementation group: 'junit', name: 'junit', version: junit_version
   testImplementation group: 'org.mockito', name: 'mockito-core', version: mockito_version
-  testImplementation("org.springframework.boot:spring-boot-starter-test") {
+  testImplementation("org.springframework.boot:spring-boot-starter-test:$spring_boot_version") {
     exclude group: "com.vaadin.external.google", module:"android-json"
   }
 
diff --git a/src/federation-hub-policy/scripts/federation-hub-policy.sh b/src/federation-hub-policy/scripts/federation-hub-policy.sh
index 361ce6fa..b4dcfdec 100755
--- a/src/federation-hub-policy/scripts/federation-hub-policy.sh
+++ b/src/federation-hub-policy/scripts/federation-hub-policy.sh
@@ -3,4 +3,12 @@
 export FEDERATION_HUB=/opt/tak/federation-hub
 export JDK_JAVA_OPTIONS="-Dio.netty.tmpdir=/opt/tak -Djava.io.tmpdir=/opt/tak -Dio.netty.native.workdir=/opt/tak -DIGNITE_UPDATE_NOTIFIER=false"
 
-java -Dlogging.config=${FEDERATION_HUB}/configs/logback-policy.xml -jar ${FEDERATION_HUB}/jars/federation-hub-policy.jar
+# get total RAM
+TOTALRAMBYTES=`awk '/MemTotal/ {print $2}' /proc/meminfo`
+
+# set POLICY max if not set already
+if [ -z "$POLICY_MAX_HEAP" ]; then
+  export POLICY_MAX_HEAP=$(($TOTALRAMBYTES / 1000 / 100 * 15))
+fi
+
+java -Xmx${POLICY_MAX_HEAP}m -Dlogging.config=${FEDERATION_HUB}/configs/logback-policy.xml -jar ${FEDERATION_HUB}/jars/federation-hub-policy.jar
diff --git a/src/federation-hub-policy/src/main/java/tak/server/federation/hub/policy/FederationHubPolicyManagerService.java b/src/federation-hub-policy/src/main/java/tak/server/federation/hub/policy/FederationHubPolicyManagerService.java
index d7fed286..d3aded3e 100644
--- a/src/federation-hub-policy/src/main/java/tak/server/federation/hub/policy/FederationHubPolicyManagerService.java
+++ b/src/federation-hub-policy/src/main/java/tak/server/federation/hub/policy/FederationHubPolicyManagerService.java
@@ -8,6 +8,8 @@
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration;
+import org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 
@@ -18,7 +20,7 @@
 import tak.server.federation.hub.broker.FederationHubBroker;
 import tak.server.federation.hub.broker.FederationHubBrokerProxyFactory;
 
-@SpringBootApplication
+@SpringBootApplication(exclude = {MongoAutoConfiguration.class, MongoDataAutoConfiguration.class})
 public class FederationHubPolicyManagerService implements CommandLineRunner {
 
     private static final Logger logger = LoggerFactory.getLogger(FederationHubPolicyManagerService.class);
diff --git a/src/federation-hub-ui/build.gradle b/src/federation-hub-ui/build.gradle
index 437018b3..610f7d2f 100644
--- a/src/federation-hub-ui/build.gradle
+++ b/src/federation-hub-ui/build.gradle
@@ -11,7 +11,6 @@ jar {
 apply plugin: 'eclipse'
 apply plugin: 'idea'
 apply plugin: 'org.springframework.boot'
-apply plugin: 'io.spring.dependency-management'
 
 apply plugin: 'war'
 
@@ -75,14 +74,8 @@ dependencies {
   implementation group: 'org.springframework.security', name: 'spring-security-config', version: spring_security_version
   implementation group: 'org.springframework.security', name: 'spring-security-messaging', version: spring_security_version
   implementation group: 'org.springframework.security', name: 'spring-security-web', version: spring_security_version
-
-  api group: 'org.springframework.security.oauth', name: 'spring-security-oauth2', version: spring_security_oauth_version
-  
-  implementation ("org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:$spring_security_oauth2_autoconfigure_version") {
-    exclude group: 'log4j', module: 'log4j'
-    exclude group: 'org.apache.logging.log4j'
-    exclude group: 'org.slf4j', module: 'log4j-over-slf4j'
-  }
+  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-authorization-server', version: spring_security_oauth2_authorization_server_version
+  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-core', version: spring_security_version
 
   implementation(project(':federation-common')) {
     exclude group: 'log4j', module: 'log4j'
@@ -101,28 +94,35 @@ dependencies {
   implementation group: 'org.apache.ignite', name: 'ignite-kubernetes', version: ignite_version
   implementation group: 'org.apache.ignite', name: 'ignite-slf4j', version: ignite_version
 
-  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: spring_boot_version
+  implementation group: 'io.micrometer', name: 'micrometer-core', version: micrometer_version
 
   implementation ("org.springframework.boot:spring-boot-loader:$spring_boot_version") {
     exclude group: 'log4j', module: 'log4j'
     exclude group: 'org.apache.logging.log4j', module: 'log4j-to-slf4j'
   }
-  
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: spring_boot_version
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jetty', version: spring_boot_version
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: spring_boot_version
   implementation group: 'org.springframework', name: 'spring-web', version: spring_version
+  
+  implementation group: 'org.eclipse.jetty', name: 'jetty-server', version: jetty_server_version
+  implementation group: 'jakarta.servlet', name: 'jakarta.servlet-api', version: jakarta_servlet_api_version
 
   testImplementation group: 'junit', name: 'junit', version: junit_version
   testImplementation group: 'org.mockito', name: 'mockito-core', version: mockito_version
-  testImplementation("org.springframework.boot:spring-boot-starter-test") {
+  testImplementation("org.springframework.boot:spring-boot-starter-test:$spring_boot_version") {
     exclude group: "com.vaadin.external.google", module:"android-json"
   }
 
-  implementation group: 'commons-fileupload', name: 'commons-fileupload', version: commons_fileupload_version
+  //implementation group: 'commons-fileupload', name: 'commons-fileupload', version: commons_fileupload_version
   implementation group: 'com.squareup.okhttp3', name: 'okhttp', version: okhttp3_version
 
   testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: logback_version
+  
+  // This one is used in MartiValidator. We should find a way to remove this and use jakarta.servlet instead
+  compileOnly group: 'javax.servlet', name: 'servlet-api', version: javax_servlet_version
+  
 }
 
 compileJava {
diff --git a/src/federation-hub-ui/scripts/federation-hub-ui.sh b/src/federation-hub-ui/scripts/federation-hub-ui.sh
index 7dd35c6a..fcb31480 100755
--- a/src/federation-hub-ui/scripts/federation-hub-ui.sh
+++ b/src/federation-hub-ui/scripts/federation-hub-ui.sh
@@ -3,4 +3,12 @@
 export FEDERATION_HUB=/opt/tak/federation-hub
 export JDK_JAVA_OPTIONS="-Dio.netty.tmpdir=/opt/tak -Djava.io.tmpdir=/opt/tak -Dio.netty.native.workdir=/opt/tak -DIGNITE_UPDATE_NOTIFIER=false"
 
-java -Dlogging.config=${FEDERATION_HUB}/configs/logback-ui.xml -jar ${FEDERATION_HUB}/jars/federation-hub-ui.war "$@"
+# get total RAM
+TOTALRAMBYTES=`awk '/MemTotal/ {print $2}' /proc/meminfo`
+
+# set UI max if not set already
+if [ -z "$UI_MAX_HEAP" ]; then
+  export UI_MAX_HEAP=$(($TOTALRAMBYTES / 1000 / 100 * 25))
+fi
+
+java -Xmx${UI_MAX_HEAP}m -Dlogging.config=${FEDERATION_HUB}/configs/logback-ui.xml -jar ${FEDERATION_HUB}/jars/federation-hub-ui.war "$@"
diff --git a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubBrokerMetricsPoller.java b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubBrokerMetricsPoller.java
new file mode 100644
index 00000000..ffa37019
--- /dev/null
+++ b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubBrokerMetricsPoller.java
@@ -0,0 +1,62 @@
+package tak.server.federation.hub.ui;
+
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.concurrent.*;
+
+import io.micrometer.core.instrument.Counter;
+import io.micrometer.core.instrument.Tag;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.micrometer.core.instrument.Metrics;
+import org.springframework.beans.factory.DisposableBean;
+import tak.server.federation.hub.broker.FederationHubBroker;
+import tak.server.federation.hub.broker.FederationHubBrokerMetrics;
+import tak.server.federation.hub.broker.FederationHubBrokerMetrics.ChannelInfo;
+
+public class FederationHubBrokerMetricsPoller implements DisposableBean {
+
+    private static final Logger logger = LoggerFactory.getLogger(FederationHubBrokerMetricsPoller.class);
+
+	private final ScheduledExecutorService scheduler = Executors.newSingleThreadScheduledExecutor();
+
+    private FederationHubBroker fedHubBroker;
+
+	private final ScheduledFuture<?> scheduleFuture;
+
+    public FederationHubBrokerMetricsPoller(FederationHubBroker fedHubBroker) {
+    	this.fedHubBroker = fedHubBroker;
+        logger.info("Initializing federation hub broker metrics poller.");
+
+        // scheduleAtFixedRate will run every x seconds no matter what
+        // scheduleWithFixedDelay will run every x seconds starting AFTER the logic has completed
+        scheduleFuture = scheduler.scheduleWithFixedDelay(() -> {
+
+            FederationHubBrokerMetrics latestBrokerMetrics = fedHubBroker.getFederationHubBrokerMetrics();
+
+            ConcurrentHashMap<String, ConcurrentHashMap<String, ChannelInfo>> channelWriteCounters = latestBrokerMetrics.getChannelInfosInternal();
+            for (Map.Entry<String, ConcurrentHashMap<String, ChannelInfo>> senderEntries : channelWriteCounters.entrySet()) {
+                String source = senderEntries.getKey();
+                ConcurrentHashMap<String, ChannelInfo> receiverCounters = senderEntries.getValue();
+                for (String target : receiverCounters.keySet()) {
+                    long writtenCount = receiverCounters.get(target).messagesWritten;
+                    ArrayList<Tag> tags = new ArrayList<>();
+                    tags.add(Tag.of("source", source));
+                    tags.add(Tag.of("target", target));
+                    Counter counter = Metrics.counter("messages.written", tags);
+                    counter.increment(writtenCount - counter.count());
+                }
+            }
+
+
+		}, 1, 1, TimeUnit.SECONDS);
+
+    }
+
+    @Override
+    public void destroy() throws Exception {
+        // to stop
+        scheduleFuture.cancel(true);
+    }
+}
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubUIServer.java b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubUIServer.java
index 97e84d75..41264fa8 100644
--- a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubUIServer.java
+++ b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubUIServer.java
@@ -23,14 +23,14 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration;
+import org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration;
 import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer;
 import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
 import org.springframework.boot.web.server.ErrorPage;
 import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -42,12 +42,13 @@
 
 import tak.server.federation.hub.FederationHubConstants;
 import tak.server.federation.hub.FederationHubUtils;
+import tak.server.federation.hub.broker.FederationHubBroker;
 import tak.server.federation.hub.broker.FederationHubBrokerProxyFactory;
 import tak.server.federation.hub.policy.FederationHubPolicyManagerProxyFactory;
 import tak.server.federation.hub.ui.keycloak.KeycloakTokenParser;
 import tak.server.federation.hub.ui.manage.AuthorizationFileWatcher;
 
-@SpringBootApplication
+@SpringBootApplication(exclude = {MongoAutoConfiguration.class, MongoDataAutoConfiguration.class})
 public class FederationHubUIServer {
 
     private static final String DEFAULT_CONFIG_FILE = "/opt/tak/federation-hub/configs/federation-hub-ui.yml";
@@ -58,7 +59,6 @@ public class FederationHubUIServer {
 
     private static String configFile;
 
-
     public static void main(String[] args) {
         if (args.length > 1) {
             System.err.println("Usage: java -jar federation-hub-ui.jar [CONFIG_FILE_PATH]");
@@ -107,7 +107,7 @@ public FederationHubBrokerProxyFactory fedHubBrokerProxyFactory() {
     public FederationHubPolicyManagerProxyFactory fedHubPolicyManagerProxyFactory() {
         return new FederationHubPolicyManagerProxyFactory();
     }
-    
+
 	private void makeConnector(FederationHubUIConfig fedHubConfig, Server server, int port, boolean clientAuth) {
 		HttpConfiguration httpConfig = new HttpConfiguration();
 		httpConfig.setSecureScheme("https");
@@ -118,7 +118,7 @@ private void makeConnector(FederationHubUIConfig fedHubConfig, Server server, in
 		httpConfig.setSendServerVersion(true);
 		httpConfig.setSendDateHeader(false);
 
-		SslContextFactory sslContextFactory = new SslContextFactory.Server();
+		SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
 		sslContextFactory.setKeyStorePath(fedHubConfig.getKeystoreFile());
 		sslContextFactory.setKeyStorePassword(fedHubConfig.getKeystorePassword());
 		sslContextFactory.setKeyStoreType(fedHubConfig.getKeystoreType());
@@ -131,7 +131,9 @@ private void makeConnector(FederationHubUIConfig fedHubConfig, Server server, in
 
 		// SSL HTTP Configuration
 		HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
-		httpsConfig.addCustomizer(new SecureRequestCustomizer());
+		SecureRequestCustomizer src = new SecureRequestCustomizer();
+      	src.setSniHostCheck(false);
+		httpsConfig.addCustomizer(src);
 
 		// SSL Connector
 		ServerConnector sslConnector = new ServerConnector(server,
@@ -144,9 +146,11 @@ private void makeConnector(FederationHubUIConfig fedHubConfig, Server server, in
     @Bean
     public ConfigurableServletWebServerFactory jettyServletFactory(FederationHubUIConfig fedHubConfig) {
       	JettyServletWebServerFactory factory = new JettyServletWebServerFactory();
-    	
+
     	factory.addServerCustomizers(new JettyServerCustomizer() {
 
+
+
 			@Override
 			public void customize(Server server) {
 				try {
@@ -154,9 +158,9 @@ public void customize(Server server) {
 					logger.info("Stopping default Jetty Connector: " + defaultConnector);
 					server.getConnectors()[0].stop();
 				} catch (Exception e) {}
-				
+
 				makeConnector(fedHubConfig, server, fedHubConfig.getPort(), true);
-								
+
 				if (fedHubConfig.isAllowOauth() && Strings.isNotEmpty(fedHubConfig.getKeycloakAccessTokenName()) &&
 						Strings.isNotEmpty(fedHubConfig.getKeycloakAdminClaimValue()) &&
 						Strings.isNotEmpty(fedHubConfig.getKeycloakAuthEndpoint()) &&
@@ -170,11 +174,11 @@ public void customize(Server server) {
 						Strings.isNotEmpty(fedHubConfig.getKeycloakTokenEndpoint()))
 					makeConnector(fedHubConfig, server, fedHubConfig.getOauthPort(), false);
 			}
-    		
+
     	});
-    	
+
     	factory.addErrorPages(new ErrorPage(HttpStatus.UNAUTHORIZED, "/login"), new ErrorPage(HttpStatus.FORBIDDEN, "/login"));
-    	
+
         return factory;
     }
 
@@ -196,11 +200,11 @@ public FederationHubUIConfig getFedHubConfig()
             throws JsonParseException, JsonMappingException, IOException {
         return loadConfig(configFile);
     }
-    
+
     @Bean
     public PasswordEncoder passwordEncoder() {
     	return new BCryptPasswordEncoder();
-    }  
+    }
 
     @Bean
     public AuthorizationFileWatcher authFileWatcher(FederationHubUIConfig fedHubConfig) {
@@ -214,15 +218,14 @@ public AuthorizationFileWatcher authFileWatcher(FederationHubUIConfig fedHubConf
         Runtime.getRuntime().addShutdownHook(new Thread(authFileWatcher::stop));
         return authFileWatcher;
     }
-    
+
     @Bean
     public KeycloakTokenParser keycloakTokenParser(FederationHubUIConfig getFedHubConfig) {
     	return new KeycloakTokenParser(getFedHubConfig);
     }
 
     @Bean
-    @Order(Ordered.LOWEST_PRECEDENCE)
-    public FederationHubUIService federationHubUIService() {
-    	return new FederationHubUIService();
+    public FederationHubBrokerMetricsPoller federationHubBrokerMetricsPoller(FederationHubBroker fedHubBroker) {
+        return new FederationHubBrokerMetricsPoller(fedHubBroker);
     }
-}
+}
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubUIService.java b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubUIService.java
index 7dcac895..003bcfe7 100644
--- a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubUIService.java
+++ b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/FederationHubUIService.java
@@ -16,25 +16,23 @@
 import java.util.List;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import org.owasp.esapi.Validator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
@@ -47,6 +45,7 @@
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RequestPart;
 import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.view.InternalResourceView;
@@ -57,10 +56,13 @@
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
 import com.google.common.base.Strings;
 
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import tak.server.federation.FederateGroup;
 import tak.server.federation.FederationException;
 import tak.server.federation.FederationPolicyGraph;
 import tak.server.federation.hub.broker.FederationHubBroker;
+import tak.server.federation.hub.broker.FederationHubBrokerMetrics;
 import tak.server.federation.hub.broker.HubConnectionInfo;
 import tak.server.federation.hub.policy.FederationHubPolicyManager;
 import tak.server.federation.hub.policy.FederationPolicy;
@@ -75,30 +77,36 @@
 import tak.server.federation.hub.ui.keycloak.AuthCookieUtils;
 
 @RequestMapping("/")
-public class FederationHubUIService {
+@RestController
+@Order(Ordered.LOWEST_PRECEDENCE)
+public class FederationHubUIService implements ApplicationListener<ContextRefreshedEvent> {
 
     private static final Logger logger = LoggerFactory.getLogger(FederationHubUIService.class);
-    
+
     private static final int CERT_FILE_UPLOAD_SIZE = 1048576;
 
     private String activePolicyName = null;
     private Map<String, FederationPolicyModel> cachedPolicies = new HashMap<>();
 
     private Validator validator = new MartiValidator();
-    
     @Autowired
     private FederationHubPolicyManager fedHubPolicyManager;
-
     @Autowired
     private FederationHubBroker fedHubBroker;
-    
+
     @Autowired AuthenticationManager authManager;
-	
+
     @Autowired JwtTokenUtil jwtUtil;
-    
+
     @Autowired
     FederationHubUIConfig fedHubConfig;
     
+    @Override
+    public void onApplicationEvent(ContextRefreshedEvent event) {
+    	// hydrate cache
+    	getActivePolicy();
+    }
+
     @RequestMapping(value = "/login", method = RequestMethod.GET)
 	public ModelAndView getLoginPage() {
 		return new ModelAndView(new InternalResourceView("/login/index.html"));
@@ -106,21 +114,21 @@ public ModelAndView getLoginPage() {
 
     @RequestMapping(value = "/login/authserver", method = RequestMethod.GET)
     public ResponseEntity<String>  getAuthServerName() {
-        
+
         if (fedHubConfig.isAllowOauth()) {
         	return new ResponseEntity<>("{\"data\":\"" + fedHubConfig.getKeycloakServerName() + "\"}", new HttpHeaders(), HttpStatus.OK);
         } else {
         	return new ResponseEntity<>(null, new HttpHeaders(), HttpStatus.NOT_FOUND);
         }
     }
-    
+
     @RequestMapping(value = "/login/auth", method = RequestMethod.GET)
     public void handleAuthRequest(HttpServletResponse response) {
         try {
             // get the auth server config
-            if (!fedHubConfig.isAllowOauth() || 
-            		Strings.isNullOrEmpty(fedHubConfig.getKeycloakAuthEndpoint()) || 
-            		 Strings.isNullOrEmpty(fedHubConfig.getKeycloakTokenEndpoint()) || 
+            if (!fedHubConfig.isAllowOauth() ||
+            		Strings.isNullOrEmpty(fedHubConfig.getKeycloakAuthEndpoint()) ||
+            		 Strings.isNullOrEmpty(fedHubConfig.getKeycloakTokenEndpoint()) ||
             		 Strings.isNullOrEmpty(fedHubConfig.getKeycloakrRedirectUri())) {
             	throw  new IllegalStateException("missing auth server config");
             }
@@ -157,7 +165,7 @@ public void handleAuthRequest(HttpServletResponse response) {
             response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
         }
     }
-    
+
     @RequestMapping(value = "/login/redirect", method = RequestMethod.GET)
     public ModelAndView handleRedirect(
             @RequestParam(value = "code", required = true) String code,
@@ -206,7 +214,7 @@ public ModelAndView handleRedirect(
             return null;
         }
     }
-		
+
     // TODO use this if we ever support plain username + password auth from a db or file
     @PostMapping("/oauth/token")
     public ResponseEntity<?> login(@RequestBody AuthRequest request) {
@@ -214,23 +222,23 @@ public ResponseEntity<?> login(@RequestBody AuthRequest request) {
             Authentication authentication = authManager.authenticate(
                     new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword())
             );
-             
+
             User user = (User) authentication.getPrincipal();
             String accessToken = jwtUtil.generateAccessToken(request.getUsername());
             AuthResponse authResponse = new AuthResponse(user.getUsername(), accessToken);
-            
+
             ResponseCookie.ResponseCookieBuilder responseCookieBuilder = ResponseCookie
                     .from("hubState", authResponse.getAccessToken())
                     .secure(true)
                     .httpOnly(true)
                     .path("/")
                     .maxAge(86400);
-            
+
             HttpHeaders responseHeaders = new HttpHeaders();
             responseHeaders.set(HttpHeaders.SET_COOKIE, responseCookieBuilder.build().toString());
-                         
+
             return ResponseEntity.ok().headers(responseHeaders).body(authResponse);
-             
+
         } catch (BadCredentialsException ex) {
         	logger.error("Bad credentials", ex);
             return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
@@ -241,12 +249,6 @@ public ResponseEntity<?> login(@RequestBody AuthRequest request) {
 		}
     }
 
-
-    @RequestMapping(value = "/home", method = RequestMethod.GET)
-    public String getHome() {
-        return "home";
-    }
-
     @RequestMapping(value = "/fig/saveFederation", method = RequestMethod.POST)
     @ResponseBody
     public FederationPolicyModel saveFederation(RequestEntity<FederationPolicyModel> requestEntity) {
@@ -254,7 +256,7 @@ public FederationPolicyModel saveFederation(RequestEntity<FederationPolicyModel>
         if (policy != null) {
         	this.cachedPolicies.put(policy.getName(), policy);
         }
-        
+
         return policy;
     }
 
@@ -327,7 +329,7 @@ public ResponseEntity<Void> updateFederationManager(@PathVariable String federat
                         fedHubPolicyManager.setPolicyGraph(policyModel, null);
                         activePolicyName = policyModel.getName();
                     }
-                    
+
                     fedHubBroker.updatePolicy(policyModel);
 
                     return new ResponseEntity<>(new HttpHeaders(), HttpStatus.OK);
@@ -356,9 +358,9 @@ public ResponseEntity<Void> updateFederationManagerAndFile(@PathVariable String
                             policyModel.getFederationPolicyObjectFromModel());
                         activePolicyName = policyModel.getName();
                     }
-                    
+
                     fedHubBroker.updatePolicy(policyModel);
-                    
+
                     return new ResponseEntity<>(new HttpHeaders(), HttpStatus.OK);
                 } catch (FederationException e) {
                     logger.error("Could not save the policy graph to the federation manager", e);
@@ -371,7 +373,7 @@ public ResponseEntity<Void> updateFederationManagerAndFile(@PathVariable String
     }
 
     @RequestMapping(value = "/fig/getKnownCaGroups", method = RequestMethod.GET)
-    public ResponseEntity<List<GroupHolder>> getKnownCaGroups(HttpServletRequest request) {	
+    public ResponseEntity<List<RemoteGroup>> getKnownCaGroups(HttpServletRequest request) {
         if (isUpdateActiveFederation()) {
             return new ResponseEntity<>(
                 federateGroupsToGroupHolders(fedHubPolicyManager.getCaGroups()),
@@ -380,12 +382,12 @@ public ResponseEntity<List<GroupHolder>> getKnownCaGroups(HttpServletRequest req
         }
         return new ResponseEntity<>(new HttpHeaders(), HttpStatus.FORBIDDEN);
     }
-    
+
     @RequestMapping(value = "/fig/getKnownGroupsForGraphNode/{graphNodeId}", method = RequestMethod.GET)
     @ResponseBody
     public ResponseEntity<List<String>> getKnownGroupsForGraphNode(@PathVariable String graphNodeId) {
     	List<String> groupsForNode = new ArrayList<>();
-    	
+
     	FederationPolicyModel activePolicy = getActivePolicyAsPolicyModel();
     	activePolicy.getCells().forEach(cell -> {
     		if (cell.getId().equals(graphNodeId)) {
@@ -403,15 +405,20 @@ public ResponseEntity<List<String>> getKnownGroupsForGraphNode(@PathVariable Str
     			}
     		}
     	});
-    	
+
         return new ResponseEntity<List<String>>(groupsForNode, new HttpHeaders(), HttpStatus.OK);
     }
-    
+
     @RequestMapping(value = "/fig/getActiveConnections", method = RequestMethod.GET)
     public ResponseEntity<List<HubConnectionInfo>> getActiveConnections() {
     	return new ResponseEntity<List<HubConnectionInfo>>(fedHubBroker.getActiveConnections(), new HttpHeaders(), HttpStatus.OK);
     }
 
+    @RequestMapping(value = "/fig/getBrokerMetrics", method = RequestMethod.GET)
+    public ResponseEntity<FederationHubBrokerMetrics> getFederationHubBrokerMetrics() {
+        return new ResponseEntity<FederationHubBrokerMetrics>(fedHubBroker.getFederationHubBrokerMetrics(), new HttpHeaders(), HttpStatus.OK);
+    }
+
     @RequestMapping(value = "/fig/addNewGroupCa", method = RequestMethod.POST)
     public ResponseEntity<Void> addNewGroupCa(@RequestPart("file") MultipartFile certificateFile) {
         if (isUpdateActiveFederation()) {
@@ -436,7 +443,7 @@ public ResponseEntity<Void> addNewGroupCa(@RequestPart("file") MultipartFile cer
         }
         return new ResponseEntity<>(new HttpHeaders(), HttpStatus.FORBIDDEN);
     }
-    
+
     @RequestMapping(value = "/fig/deleteGroupCa/{uid}", method = RequestMethod.DELETE)
     public ResponseEntity<Void> deleteGroupCa(@PathVariable("uid") String uid) {
     	try {
@@ -454,13 +461,13 @@ public ResponseEntity<Void> deleteGroupCa(@PathVariable("uid") String uid) {
     		return new ResponseEntity<>(new HttpHeaders(), HttpStatus.BAD_REQUEST);
 		}
     }
-    
+
     private String sha256(String input) throws UnsupportedEncodingException, NoSuchAlgorithmException {
         byte[] bytes = input.getBytes("US-ASCII");
         MessageDigest md = MessageDigest.getInstance("SHA-256");
         return Base64.getUrlEncoder().withoutPadding().encodeToString(md.digest(bytes));
     }
-    
+
     private boolean isUpdateActiveFederation() {
         /* TODO do we really need to configure this? */
         return true;
@@ -474,8 +481,8 @@ private FederationPolicyModel getActivePolicyAsPolicyModel() {
         // Production code.
         FederationPolicyGraph activePolicy = fedHubPolicyManager.getPolicyGraph();
         Map<String, Object> additionalData = activePolicy.getAdditionalData();
-        
-   
+
+
         // UI Test code.
         //FederationPolicyGraph testActualPolicy = cachedPolicys.values().iterator().next().getPolicyGraphFromModel();
         //Map<String, Object> additionalData =  testActualPolicy.getAdditionalData();
@@ -484,12 +491,49 @@ private FederationPolicyModel getActivePolicyAsPolicyModel() {
         return mapper.convertValue(additionalData.get("uiData"), FederationPolicyModel.class);
     }
 
-    private List<GroupHolder> federateGroupsToGroupHolders(Collection<FederateGroup> groups) {
-        List<GroupHolder> groupList = new LinkedList<>();
+    private List<RemoteGroup> federateGroupsToGroupHolders(Collection<FederateGroup> groups) {
+    	Map<String, X509Certificate> cas = fedHubBroker.getCAsFromFile();
+        List<RemoteGroup> groupList = new LinkedList<>();
         for (FederateGroup group : groups) {
-            GroupHolder groupHolder = new GroupHolder(group.getFederateIdentity().getFedId());
-            groupList.add(groupHolder);
+            String fedId = group.getFederateIdentity().getFedId();
+
+            RemoteGroup remoteGroup = new RemoteGroup();
+        	remoteGroup.setUid(fedId);
+            if (cas.containsKey(fedId)) {
+            	X509Certificate ca = cas.get(fedId);
+            	remoteGroup.setIssuer(ca.getIssuerX500Principal().getName());
+            	remoteGroup.setSubject(ca.getSubjectX500Principal().getName());
+            }
+
+            groupList.add(remoteGroup);
         }
         return groupList;
     }
-}
+
+    private class RemoteGroup {
+    	private String uid;
+    	private String issuer;
+    	private String subject;
+
+    	public String getUid() {
+			return uid;
+		}
+		public void setUid(String uid) {
+			this.uid = uid;
+		}
+		public String getIssuer() {
+			return issuer;
+		}
+		public void setIssuer(String issuer) {
+			this.issuer = issuer;
+		}
+		public String getSubject() {
+			return subject;
+		}
+		public void setSubject(String subject) {
+			this.subject = subject;
+		}
+
+
+    }
+}
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/JwtTokenFilter.java b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/JwtTokenFilter.java
index fd1778cd..c072e769 100644
--- a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/JwtTokenFilter.java
+++ b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/JwtTokenFilter.java
@@ -5,11 +5,11 @@
 import java.util.Collection;
 import java.util.List;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.json.simple.parser.ParseException;
 import org.slf4j.Logger;
@@ -22,7 +22,7 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
+import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
@@ -85,7 +85,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 						String refreshToken = (String) request.getSession().getAttribute(fedHubConfig.getKeycloakRefreshTokenName());
 						if (Strings.isNullOrEmpty(refreshToken)) {
 							SecurityContextHolder.clearContext();
-							AuthCookieUtils.logout(request, response, null);
+							AuthCookieUtils.logout(request, response);
 							return;
 						}
 
@@ -106,7 +106,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 					}
 
 					if (claims == null) {
-						throw new InvalidTokenException("Unable to parse claims from token : " + cookieToken);
+						throw new InvalidBearerTokenException("Unable to parse claims from token : " + cookieToken);
 					}
 										
 					// make sure the keycloak token has an email and contains the admin claim
diff --git a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/JwtTokenUtil.java b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/JwtTokenUtil.java
index 560e53f1..a744e5ab 100644
--- a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/JwtTokenUtil.java
+++ b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/JwtTokenUtil.java
@@ -19,8 +19,8 @@
 import java.util.Enumeration;
 
 import javax.crypto.spec.SecretKeySpec;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.json.simple.JSONObject;
 import org.json.simple.parser.JSONParser;
@@ -35,7 +35,7 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.client.OkHttp3ClientHttpRequestFactory;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
 import org.springframework.stereotype.Component;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.RestTemplate;
@@ -148,7 +148,7 @@ public String processAuthServerRequest(
         // store the access token in a cookie
         String access_token = (String)tokenJson.get(fedHubConfig.getKeycloakAccessTokenName());
         response.addHeader(HttpHeaders.SET_COOKIE, AuthCookieUtils.createCookie(
-                OAuth2AccessToken.ACCESS_TOKEN, access_token, -1, true).toString());
+                OAuth2TokenType.ACCESS_TOKEN.getValue(), access_token, -1, true).toString());
 
         // store the refresh token in the session, if we have one
         if (tokenJson.containsKey(fedHubConfig.getKeycloakRefreshTokenName())) {
diff --git a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/SecurityConfig.java b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/SecurityConfig.java
index 094e9ffe..431b4b75 100644
--- a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/SecurityConfig.java
+++ b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/SecurityConfig.java
@@ -5,36 +5,39 @@
 import java.security.cert.X509Certificate;
 
 import javax.naming.InvalidNameException;
-import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
+import jakarta.servlet.http.HttpServletResponse;
 import tak.server.federation.hub.ui.jwt.UserService;
 import tak.server.federation.hub.ui.manage.AuthManager;
 import tak.server.federation.hub.ui.manage.AuthorizationFileWatcher;
 
+@Configuration
 @EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
 	private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
 
-	@Autowired
-	private UserService userService;
+//	@Autowired
+//	private UserService userService;
 
 	@Autowired
 	private JwtTokenFilter jwtTokenFilter;
@@ -42,22 +45,33 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Autowired
 	private AuthorizationFileWatcher authFileWatcher;
 
-	@Override
-	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-		auth.userDetailsService(username -> {
-			return userService.loadUserByUsername(username);
-		});
+//	@Override
+//	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+//		auth.userDetailsService(username -> {
+//			return userService.loadUserByUsername(username);
+//		});
+//	}
+	
+	@Bean
+	public AuthenticationManager authenticationManager(UserService userService) {
+		
+		 DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
+		 authenticationProvider.setUserDetailsService(userService);
+		 return new ProviderManager(authenticationProvider);
 	}
 
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
+	@Bean
+	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+		
 		http.csrf().disable();
 		
 		http.x509().authenticationUserDetailsService(new X509AuthenticatedUserDetailsService());
 
 		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
 
-		http.authorizeRequests().antMatchers("/error","/oauth/**", "/login**", "/login/**", "/bowerDependencies/**", "/favicon.ico").permitAll()
+//		http.authorizeRequests().antMatchers("/error","/oauth/**", "/login**", "/login/**", "/bowerDependencies/**", "/favicon.ico").permitAll()
+//			.anyRequest().authenticated();
+		http.authorizeHttpRequests().requestMatchers("/error","/oauth/**", "/login**", "/login/**", "/bowerDependencies/**", "/favicon.ico").permitAll()
 			.anyRequest().authenticated();
 
 		http.exceptionHandling().authenticationEntryPoint((request, response, ex) -> {
@@ -65,14 +79,10 @@ protected void configure(HttpSecurity http) throws Exception {
 		});
 
 		http.addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class);
+		
+		return http.build();
 	}
-
-	@Override
-	@Bean
-	public AuthenticationManager authenticationManagerBean() throws Exception {
-		return super.authenticationManagerBean();
-	}
-
+	
 	private class X509AuthenticatedUserDetailsService implements AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {
 
 		@Override
diff --git a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/WebMvcConfig.java b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/WebMvcConfig.java
index ee086ee8..12ef4a6c 100644
--- a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/WebMvcConfig.java
+++ b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/WebMvcConfig.java
@@ -3,8 +3,11 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.multipart.commons.CommonsMultipartResolver;
+import org.springframework.web.multipart.MultipartResolver;
+//import org.springframework.web.multipart.commons.CommonsMultipartResolver;
+import org.springframework.web.multipart.support.StandardServletMultipartResolver;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.ViewResolverRegistry;
@@ -16,6 +19,11 @@
 public class WebMvcConfig implements WebMvcConfigurer {
     private int maxUploadSize = 5 * 1024 * 1024; // 5 MB.
 
+    @Override
+    public void configurePathMatch(PathMatchConfigurer configurer) {
+        configurer.setUseTrailingSlashMatch(true);
+    }
+    
     @Override
     public void addViewControllers(ViewControllerRegistry registry) {
         registry.addViewController("/").setViewName("forward:index.html");
@@ -32,9 +40,9 @@ public void addResourceHandlers(ResourceHandlerRegistry registry) {
     }
 
     @Bean(name="multipartResolver")
-    public CommonsMultipartResolver multipartResolver() {
-        CommonsMultipartResolver resolver = new CommonsMultipartResolver();
-        resolver.setMaxUploadSize(maxUploadSize);
+    public MultipartResolver multipartResolver() {
+    	StandardServletMultipartResolver resolver = new StandardServletMultipartResolver();
+        // resolver.setMaxUploadSize(maxUploadSize); // FIXME:
         return resolver;
     }
 }
diff --git a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/keycloak/AuthCookieUtils.java b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/keycloak/AuthCookieUtils.java
index 85fbc000..8e634455 100644
--- a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/keycloak/AuthCookieUtils.java
+++ b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/keycloak/AuthCookieUtils.java
@@ -1,9 +1,9 @@
 package tak.server.federation.hub.ui.keycloak;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.ValidationException;
@@ -11,8 +11,7 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseCookie;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
 
 import tak.server.federation.hub.ui.MartiValidator;
 import tak.server.federation.hub.ui.MartiValidator.Regex;
@@ -56,7 +55,7 @@ public static ResponseCookie createCookie(final String name, final String value,
         return createCookie(name, value, maxAge, sameSiteStrict, "/");
     }
 
-    public static void logout(HttpServletRequest request, HttpServletResponse response, DefaultTokenServices defaultTokenServices) {
+    public static void logout(HttpServletRequest request, HttpServletResponse response) {
         Cookie[] cookies = request.getCookies();
         if (cookies == null) {
             return;
@@ -68,19 +67,15 @@ public static void logout(HttpServletRequest request, HttpServletResponse respon
         }
 
         for (Cookie cookie : cookies) {
-            if (cookie.getName().compareToIgnoreCase(OAuth2AccessToken.ACCESS_TOKEN) == 0) {
+            if (cookie.getName().compareToIgnoreCase(OAuth2TokenType.ACCESS_TOKEN.getValue()) == 0) {
 
                 String token = cookie.getValue();
 
-                if (defaultTokenServices != null) {
-                    defaultTokenServices.revokeToken(token);
-                }
-
                 response.setHeader("Location", "/");
                 response.setHeader("Cache-Control", "no-store");
                 response.setHeader("Pragma", "no-cache");
                 response.setHeader(HttpHeaders.SET_COOKIE, createCookie(
-                        OAuth2AccessToken.ACCESS_TOKEN, token, 0, true).toString());
+                        OAuth2TokenType.ACCESS_TOKEN.getValue(), token, 0, true).toString());
 
                 response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
                 return;
diff --git a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/manage/AuthManager.java b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/manage/AuthManager.java
index 1d2c8ae7..fa71ed03 100644
--- a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/manage/AuthManager.java
+++ b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/manage/AuthManager.java
@@ -8,7 +8,11 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.nio.file.*;
+import java.nio.file.FileSystem;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.security.NoSuchAlgorithmException;
 import java.security.MessageDigest;
 import java.security.cert.CertificateException;
@@ -20,7 +24,7 @@
 import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
-import javax.xml.bind.DatatypeConverter;
+import jakarta.xml.bind.DatatypeConverter;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
diff --git a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/manage/AuthorizationFileWatcher.java b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/manage/AuthorizationFileWatcher.java
index cac490ff..700fcf90 100644
--- a/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/manage/AuthorizationFileWatcher.java
+++ b/src/federation-hub-ui/src/main/java/tak/server/federation/hub/ui/manage/AuthorizationFileWatcher.java
@@ -3,7 +3,13 @@
 import java.io.File;
 import java.io.IOException;
 import java.net.URL;
-import java.nio.file.*;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardWatchEventKinds;
+import java.nio.file.WatchEvent;
+import java.nio.file.WatchKey;
+import java.nio.file.WatchService;
 import java.util.List;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
diff --git a/src/federation-hub-ui/src/main/resources/application.properties b/src/federation-hub-ui/src/main/resources/application.properties
new file mode 100644
index 00000000..705d36ce
--- /dev/null
+++ b/src/federation-hub-ui/src/main/resources/application.properties
@@ -0,0 +1 @@
+management.endpoints.web.exposure.include=*
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/resources/federation-hub-ui.yml b/src/federation-hub-ui/src/main/resources/federation-hub-ui.yml
index f1fccba5..c1afc908 100644
--- a/src/federation-hub-ui/src/main/resources/federation-hub-ui.yml
+++ b/src/federation-hub-ui/src/main/resources/federation-hub-ui.yml
@@ -1,9 +1,9 @@
 keystoreType: JKS
-keystoreFile: /opt/tak/certs/files/takserver.jks
+keystoreFile: /opt/tak/federation-hub/certs/files/takserver.jks
 keystorePassword: atakatak
 
 truststoreType: JKS
-truststoreFile: /opt/tak/certs/files/fed-truststore.jks
+truststoreFile: /opt/tak/federation-hub/certs/files/fed-truststore.jks
 truststorePassword: atakatak
 
 keyAlias: takserver
diff --git a/src/federation-hub-ui/src/main/webapp/home.html b/src/federation-hub-ui/src/main/webapp/home.html
index 2889ad15..69f18f42 100644
--- a/src/federation-hub-ui/src/main/webapp/home.html
+++ b/src/federation-hub-ui/src/main/webapp/home.html
@@ -42,7 +42,7 @@
     <!-- endbuild -->
 
 </head>
-<body ng-app="fed" data-ng-controller="ApplicationController" >
+<body ng-app="fed" >
 
 <nav class="navbar navbar-default navbar-fixed-top">
     <div class="container-fluid">
@@ -56,100 +56,6 @@
             <div ncy-breadcrumb></div>
         </div>
         <ul class="nav navbar-top-links navbar-right">
-            <!--<li class="dropdown">-->
-                <!--<a class="dropdown-toggle" data-toggle="dropdown" title="Commander Dashboard" ui-sref="commander-dashboard.editor">-->
-                    <!--<i class="fa fa-tachometer fa-fw"></i>-->
-                <!--</a>-->
-            <!--</li>-->
-            <!-- /.dropdown -->
-            <!--<li class="dropdown">-->
-            <!--<a class="dropdown-toggle" data-toggle="dropdown" title="Diagrams">-->
-            <!--<i class="fa fa-file-o fa-fw"></i>-->
-            <!--<i class="fa fa-caret-down"></i>-->
-            <!--</a>-->
-            <!--<ul class="dropdown-menu dropdown-user">-->
-            <!--<li class="dropdown-header">Diagrams</li>-->
-            <!--<li><a ui-sref="diagrams-new">New</a></li>-->
-            <!--<li><a ui-sref="diagrams-load">Load</a></li>-->
-            <!--<li><a ui-sref="manage.diagrams">Manage</a></li>-->
-            <!--</ul> &lt;!&ndash; /.dropdown-template &ndash;&gt;-->
-            <!--</li>-->
-            <!--&lt;!&ndash; /.dropdown &ndash;&gt;-->
-
-            <!--&lt;!&ndash; /.dropdown &ndash;&gt;-->
-            <!--<li class="dropdown">-->
-            <!--<a class="dropdown-toggle" data-toggle="dropdown" title="Instances">-->
-            <!--<i class="fa fa-line-chart fa-fw"></i>-->
-            <!--<i class="fa fa-caret-down"></i>-->
-            <!--</a>-->
-            <!--<ul class="dropdown-menu dropdown-user">-->
-            <!--<li class="dropdown-header">Instances</li>-->
-            <!--<li><a ui-sref="instances-new">New</a></li>-->
-            <!--<li><a ui-sref="instances-load">Load</a></li>-->
-            <!--<li><a ui-sref="manage.instances">Manage</a></li>-->
-            <!--</ul> &lt;!&ndash; /.dropdown-instances &ndash;&gt;-->
-            <!--</li>-->
-            <!--&lt;!&ndash; /.dropdown &ndash;&gt;-->
-
-            <!--&lt;!&ndash; /.dropdown &ndash;&gt;-->
-            <!--<li class="dropdown">-->
-            <!--<a class="dropdown-toggle" data-toggle="dropdown" title="Role/Product Sets">-->
-            <!--<i class="fa fa-tree fa-fw"></i>-->
-            <!--<i class="fa fa-caret-down"></i>-->
-            <!--</a>-->
-            <!--<ul class="dropdown-menu dropdown-user">-->
-            <!--<li class="dropdown-header">Role/Product Sets</li>-->
-            <!--<li><a ui-sref="role-product-set-new">New</a>-->
-            <!--<li><a ui-sref="role-product-set-load">Load</a>-->
-            <!--<li><a ui-sref="manage.role-sets">Manage</a>-->
-            <!--</ul> &lt;!&ndash; /.dropdown-instances &ndash;&gt;-->
-            <!--</li>-->
-            <!--&lt;!&ndash; /.dropdown &ndash;&gt;-->
-
-
-            <!-- /.dropdown -->
-            <!--
-                            <li class="dropdown">
-                                <a class="dropdown-toggle" data-toggle="dropdown" title="Monitor">
-                                    <i class="fa fa-line-chart fa-fw"></i>
-                                    <i class="fa fa-caret-down"></i>
-                                </a>
-                                <ul class="dropdown-menu dropdown-user">
-                                    <li class="dropdown-header">Monitor</li>
-                                    <li><a ui-sref="monitor">Coming Soon</a></li>
-                                </ul>
-                            </li>
-            -->
-            <!-- /.dropdown -->
-
-            <!--&lt;!&ndash; /.dropdown &ndash;&gt;-->
-            <!--<li class="dropdown">-->
-            <!--<a class="dropdown-toggle" data-toggle="dropdown" title="Manage">-->
-            <!--<i class="fa fa-cogs fa-fw"></i>-->
-            <!--<i class="fa fa-caret-down"></i>-->
-            <!--</a>-->
-            <!--<ul class="dropdown-menu dropdown-user">-->
-            <!--<li class="dropdown-header">Manage</li>-->
-            <!--<li><a ui-sref="manage.assets">Assets</a></li>-->
-            <!--<li><a ui-sref="manage.defaults">Defaults</a></li>-->
-            <!--</ul> &lt;!&ndash; /.dropdown-instance &ndash;&gt;-->
-            <!--</li>-->
-            <!--&lt;!&ndash; /.dropdown &ndash;&gt;-->
-
-            <!-- /.dropdown -->
-            <li class="dropdown">
-                <a class="dropdown-toggle" data-toggle="dropdown" title="Information">
-                    <i class="fa fa-info fa-fw"></i>
-                    <i class="fa fa-caret-down"></i>
-                </a>
-                <ul class="dropdown-menu dropdown-user">
-                    <!--<li><a ui-sref="config">Config</a></li>-->
-                    <!--<li><a ui-sref="about">About</a></li>-->
-                    <li><a ui-sref="help">Help</a></li>
-                </ul> <!-- /.dropdown-info -->
-            </li>
-            <!-- /.dropdown -->
-
         </ul>
     </div>
 </nav>
@@ -219,29 +125,17 @@
 
 <!-- build:js({.tmp,src/webapp}) scripts/scripts.js -->
 <script src="scripts/app.js"></script>
-<script src="modules/core/core_module.js"></script>
-<script src="modules/core/application_controller.js"></script>
 <script src="modules/config/config_module.js"></script>
 <script src="modules/config/config_service.js"></script>
 <script src="modules/config/config_controller.js"></script>
-<script src="modules/authentication/auth_module.js"></script>
-<script src="modules/authentication/auth_controller.js"></script>
-<script src="modules/authentication/auth_services.js"></script>
-<script src="modules/authentication/session_services.js"></script>
-<script src="modules/manage/manage_module.js"></script>
-<script src="modules/manage/manage_controller.js"></script>
-<script src="modules/logout/logout_module.js"></script>
-<script src="modules/logout/logout_controller.js"></script>
 <script src="modules/workflows/workflows_module.js"></script>
 <script src="modules/workflows/workflow_services.js"></script>
-<script src="modules/workflows/asset_services.js"></script>
 <script src="modules/workflows/defaults_services.js"></script>
 <script src="modules/workflows/semantics_service.js"></script>
 <script src="modules/workflows/workflow_critic.js"></script>
 <script src="modules/workflows/workflows_controller.js"></script>
 <script src="modules/workflows/workflows_factory.js"></script>
 <script src="modules/workflows/joint_paper_factory.js"></script>
-<script src="modules/workflows/display_tc_controller.js"></script>
 <script src="modules/workflows/add_bpmn_federate_controller.js"></script>
 <script src="modules/workflows/add_federate_group_controller.js"></script>
 <script src="modules/workflows/add_federation_outgoing_controller.js"></script>
@@ -251,16 +145,9 @@
 <script src="modules/workflows/add_ontology_element_controller.js"></script>
 <script src="modules/workflows/new_workflow_controller.js"></script>
 <script src="modules/workflows/load_workflow_controller.js"></script>
+<script src="modules/workflows/home_controller.js"></script>
 <script src="modules/workflows/add_bpmn_subprocess_controller.js"></script>
-<script src="modules/workflows/add_bpmn_transition_controller.js"></script>
-<script src="modules/workflows/edit_attributes_controller.js"></script>
-<script src="modules/workflows/select_asset_controller.js"></script>
-<script src="modules/workflows/lifecycle_command_controller.js"></script>
-<script src="modules/workflows/attribute_expression_editor_controller.js"></script>
-<script src="modules/workflows/add_policy_filter_controller.js"></script>
 <script src="modules/ontology/ontology_service.js"></script>
-<script src="modules/commander-dashboard/commander_dashboard_module.js"></script>
-<script src="modules/commander-dashboard/commander_dashboard_controller.js"></script>
 <script src="lib/queryBuilder/querybuilder.js"></script>
 <!-- endbuild -->
 <script src="lib/require.js"></script>
diff --git a/src/federation-hub-ui/src/main/webapp/index.html b/src/federation-hub-ui/src/main/webapp/index.html
index 5772601e..723cb8af 100644
--- a/src/federation-hub-ui/src/main/webapp/index.html
+++ b/src/federation-hub-ui/src/main/webapp/index.html
@@ -6,7 +6,7 @@
 
       window.onload = function() {
 	  if (confirm("Distribution Statement A: Approved for public release; distribution is unlimited.")) {
-          window.location.replace("/home");
+          window.location.replace("home.html");
 	  }
 	  else {
 	      // we did not accept the consent banner, so we do nothing!
diff --git a/src/federation-hub-ui/src/main/webapp/login/js/controllers.js b/src/federation-hub-ui/src/main/webapp/login/js/controllers.js
index 1befba39..feaf7f24 100644
--- a/src/federation-hub-ui/src/main/webapp/login/js/controllers.js
+++ b/src/federation-hub-ui/src/main/webapp/login/js/controllers.js
@@ -31,7 +31,7 @@ loginControllers.controller('loginController', ['$scope', '$location', '$window'
         $scope.onSubmit = async function () {
             console.log(username.value, password.value)
 
-            $http.post('/oauth/token', {
+            $http.post('/oauth2/token', {
                 username: username.value,
                 password: password.value
             })
diff --git a/src/federation-hub-ui/src/main/webapp/modules/authentication/auth_controller.js b/src/federation-hub-ui/src/main/webapp/modules/authentication/auth_controller.js
deleted file mode 100644
index a902be6f..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/authentication/auth_controller.js
+++ /dev/null
@@ -1,75 +0,0 @@
-
-'use strict';
-
-angular.module('roger_federation.Authentication')
-
-.controller('AuthenticationController', ["$scope", "$rootScope", "$state", '$modalInstance', "$cookieStore", "AuthenticationService", "AUTH_EVENTS", 'ConfigService',
-  function($scope, $rootScope, $state, $modalInstance, $cookieStore, AuthenticationService, AUTH_EVENTS, ConfigService) {
-
-    $scope.credentials = {};
-
-    AuthenticationService.logout();
-
-    var isServerInfoSet = false;
-    var heartBeatTimer;
-
-    $scope.initialize = function() {
-      $scope.serverInfo = ConfigService.getroger_federationServerInfo();
-      $scope.credentials = {
-        username: 'roger_federation',
-        password: 'roger_federation'
-      };
-
-      var heartBeat = function() {
-        ConfigService.getServerStatus().then(
-          function(res) {
-            heartBeatTimer = setTimeout(heartBeat, 2000);
-            $scope.serverStatus = res;
-            if ($scope.serverStatus.roger_federationOK) {
-              if (isServerInfoSet === false) {
-                ConfigService.setServerInfoFromHAL();
-                isServerInfoSet = true;
-              }
-            } else {
-              isServerInfoSet = false;
-            }
-          },
-          function(reason) {
-            throw reason;
-          });
-      };
-      heartBeat();
-    };
-
-    $scope.$on('$destroy', function() {
-      clearTimeout(heartBeatTimer); //destroy heartBeat timer
-    });
-
-    $scope.$on(AUTH_EVENTS.loginFailed, function(event, data) {
-      $scope.error = data;
-    });
-
-    //	    $scope.$on(AUTH_EVENTS.loginSuccess, function() {
-    //		$state.go('home');
-    //	    });
-
-    $scope.submit = function(credentials) {
-      if (AuthenticationService.login(credentials)) {
-        $rootScope.$broadcast(AUTH_EVENTS.loginSuccess);
-        $modalInstance.close('ok');
-        $scope.$close(true);
-      } else {
-        $rootScope.$broadcast(AUTH_EVENTS.loginFailed, response);
-      };
-      /*
-      		AuthenticationService.login(credentials).then(function() {
-      		    $rootScope.$broadcast(AUTH_EVENTS.loginSuccess);
-      		}, function(response) {
-      		    $rootScope.$broadcast(AUTH_EVENTS.loginFailed, response);
-      		});
-      */
-
-
-    };
-  }
-]);
diff --git a/src/federation-hub-ui/src/main/webapp/modules/authentication/auth_module.js b/src/federation-hub-ui/src/main/webapp/modules/authentication/auth_module.js
deleted file mode 100644
index 637e587e..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/authentication/auth_module.js
+++ /dev/null
@@ -1,15 +0,0 @@
-
-angular.module('roger_federation.Authentication', [])
-
-.constant('AUTH_EVENTS', {
-	loginSuccess: 'auth-login-success',
-	loginFailed: 'auth-login-failed',
-	logoutSuccess: 'auth-logout-success',
-	sessionTimeout: 'auth-session-timeout',
-	notAuthenticated: 'auth-not-authenticated',
-	notAuthorized: 'auth-not-authorized'
-})
-
-.constant('ACCESS_EVENTS', {
-	accessFailed: 'server-access-failed'
-});
diff --git a/src/federation-hub-ui/src/main/webapp/modules/authentication/auth_services.js b/src/federation-hub-ui/src/main/webapp/modules/authentication/auth_services.js
deleted file mode 100644
index 042a4c8e..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/authentication/auth_services.js
+++ /dev/null
@@ -1,63 +0,0 @@
-
-'use strict';
-
-angular.module('roger_federation.Authentication')
-
-.factory('AuthenticationService', ["$http", "$cookieStore", "Session",
-                                   function ($http, $cookieStore, Session) {
-    var authService = {};
-
-    var userId = "unknown";
-
-    authService.login = function(credentials) {
-	/*
-	return $http
-		.put(ConfigService.getServerBaseUrlStr()+'access_control/login', {
-				"username" : credentials.username,
-				"password" : credentials.password
-		})
-		.then(function (response) {
-	 */
-	userId = credentials.username;
-	Session.create(credentials.username, credentials.username, []);
-	return {
-	    username: credentials.username,
-	    clientId: credentials.username
-	};
-	/*
-		}, function (reason) {
-			var message = "";
-			if(reason.status === 0) {
-				message = "Cannot contact server";
-			} else if(reason.status === 400 || reason.status === 401) {
-				message = "Invalid username or password.";
-			} else {
-				message = reason.status + ": " + reason.statusText;
-			};
-			throw message;
-		});
-	 */
-    };
-
-
-    authService.getUserId = function() {
-	return userId;
-    };
-
-    authService.isAuthenticated = function() {
-	if(!Session.clientId && $cookieStore.get("session")) {
-	    var session = $cookieStore.get("session");
-	    userId = session.username;
-	    Session.create(session.username, session.clientId, session.activities);
-	}
-
-	return !!Session.clientId;
-    };
-
-    authService.logout = function() {
-	Session.destroy();
-	return true;
-    };
-
-    return authService;
-}]);
diff --git a/src/federation-hub-ui/src/main/webapp/modules/authentication/session_services.js b/src/federation-hub-ui/src/main/webapp/modules/authentication/session_services.js
deleted file mode 100644
index 9c3b58da..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/authentication/session_services.js
+++ /dev/null
@@ -1,21 +0,0 @@
-
-'use strict';
-
-angular.module('roger_federation.Authentication')
-.service('Session', function($cookieStore) {
-    this.create = function(username, clientId, activities) {
-	this.username = username;
-	this.clientId = clientId;
-	this.activities = activities;
-	$cookieStore.put("session", this);
-    };
-
-    this.destroy = function() {
-	this.clientId = null;
-	this.activities = null;
-	this.username = null;
-	$cookieStore.remove("session");
-    };
-
-    return this;
-});
diff --git a/src/federation-hub-ui/src/main/webapp/modules/commander-dashboard/commander_dashboard_controller.js b/src/federation-hub-ui/src/main/webapp/modules/commander-dashboard/commander_dashboard_controller.js
deleted file mode 100644
index 2246791c..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/commander-dashboard/commander_dashboard_controller.js
+++ /dev/null
@@ -1,674 +0,0 @@
-
-'use strict';
-
-angular.module('roger_federation.CommanderDashboard')
-  .controller('CommanderDashboardController', ['$scope', '$rootScope', '$state', '$stateParams', '$interval', '$log', '$http', 'uuid4', 'growl',
-    'WorkflowService', 'WorkflowTemplate', 'InstanceService', 'RoleProductSetService', 'AssetMatchingService', commanderDashboardController
-  ]);
-
-function commanderDashboardController($scope, $rootScope, $state, $stateParams, $interval, $log, $http, uuid4, growl, WorkflowService,
-   WorkflowTemplate, InstanceService, RoleProductSetService, AssetMatchingService) {
-  $rootScope.$state = $state;
-  $rootScope.$stateParams = $stateParams;
-
-  $scope.workflowList = {};
-  $scope.instanceList = {};
-  $scope.displayedInstanceCollection = [];
-
-  $scope.activeInstance = undefined;
-  $scope.selectedInstanceTag = undefined;
-
-  $scope.graphLayout = {
-    zoomlevel: 1.0
-  };
-
-  $scope.canAutoWidth = function(scale) {
-      if (scale.match(/.*?hour.*?/) || scale.match(/.*?minute.*?/)) {
-          return false;
-      }
-      return true;
-  };
-  $scope.getColumnWidth = function(widthEnabled, scale, zoom) {
-      //  if (!widthEnabled && $scope.canAutoWidth(scale)) {
-      //      return undefined;
-      //  }
-       //
-      //  if (scale.match(/.*?week.*?/)) {
-      //      return 150 * zoom;
-      //  }
-       //
-      //  if (scale.match(/.*?month.*?/)) {
-      //      return 300 * zoom;
-      //  }
-       //
-      //  if (scale.match(/.*?quarter.*?/)) {
-      //      return 500 * zoom;
-      //  }
-       //
-      //  if (scale.match(/.*?year.*?/)) {
-      //      return 800 * zoom;
-      //  }
-
-       return 40 * zoom;
-   };
-
-  $scope.gantt = {
-    api: {},
-    options: {
-      mode: 'custom',
-      scale: 'day',
-      sortMode: undefined,
-      sideMode: 'TreeTable',
-      daily: false,
-      maxHeight: false,
-      width: false,
-      zoom: 1,
-      columns: ['model.name', 'from', 'to'],
-      treeTableColumns: ['from', 'to'],
-      columnsHeaders: {
-        'model.name': 'Name',
-        'from': 'From',
-        'to': 'To'
-      },
-      columnsClasses: {
-        'model.name': 'gantt-column-name',
-        'from': 'gantt-column-from',
-        'to': 'gantt-column-to'
-      },
-      columnsFormatters: {
-        'from': function(from) {
-          return from !== undefined ? from.format('lll') : undefined;
-        },
-        'to': function(to) {
-          return to !== undefined ? to.format('lll') : undefined;
-        }
-      },
-      treeHeaderContent: '<i class="fa fa-align-justify"></i> {{getHeader()}}',
-      columnsHeaderContents: {
-        'model.name': '<i class="fa fa-align-justify"></i> {{getHeader()}}',
-        'from': '<i class="fa fa-calendar"></i> {{getHeader()}}',
-        'to': '<i class="fa fa-calendar"></i> {{getHeader()}}'
-      },
-      autoExpand: 'none',
-      taskOutOfRange: 'truncate',
-      fromDate: moment(null),
-      toDate: undefined,
-      // rowContent: '<i class="fa fa-align-justify"></i> {{row.model.name}}',
-       taskContent: '<i class="fa fa-tasks"></i> {{task.model.name}}',
-      allowSideResizing: true,
-      labelsEnabled: true,
-      currentDate: 'line',
-      // currentDateValue: new Date(2013, 09, 26, 14, 24, 10),
-      draw: false,
-      readOnly: false,
-      groupDisplayMode: 'group',
-      filterTask: '',
-      filterRow: '',
-      timeFrames: {
-        // 'day': {
-        //   start: moment('8:00', 'HH:mm'),
-        //   end: moment('20:00', 'HH:mm'),
-        //   color: '#ACFFA3',
-        //   working: true,
-        //   default: true
-        // },
-        // 'noon': {
-        //   start: moment('12:00', 'HH:mm'),
-        //   end: moment('13:30', 'HH:mm'),
-        //   working: false,
-        //   default: true
-        // },
-        // 'closed': {
-        //   working: false,
-        //   default: true
-        // },
-        // 'weekend': {
-        //   working: false
-        // },
-        'holiday': {
-          working: false,
-          color: 'red',
-          classes: ['gantt-timeframe-holiday']
-        }
-      },
-      dateFrames: {
-        'weekend': {
-          evaluator: function(date) {
-            return date.isoWeekday() === 6 || date.isoWeekday() === 7;
-          },
-          targets: ['weekend']
-        },
-        '11-november': {
-          evaluator: function(date) {
-            return date.month() === 9 && date.date() === 30;
-          },
-          targets: ['holiday']
-        }
-      },
-      timeFramesWorkingMode: 'hidden',
-      timeFramesNonWorkingMode: 'visible',
-      columnMagnet: '15 minutes',
-      timeFramesMagnet: true,
-      dependencies: true,
-      canDraw: function(event) {
-        var isLeftMouseButton = event.button === 0 || event.button === 1;
-        return $scope.options.draw && !$scope.options.readOnly && isLeftMouseButton;
-      },
-      drawTaskFactory: function() {
-        return {
-          id: utils.randomUuid(), // Unique id of the task.
-          name: 'Drawn task', // Name shown on top of each task.
-          color: '#AA8833' // Color of the task in HEX format (Optional).
-        };
-      }
-    },
-    zoomIn: function() {
-      this.options.zoom =  this.options.zoom + 1;
-    },
-    zoomOut: function() {
-      if (this.options.zoom > 1 ) {
-        this.options.zoom = this.options.zoom - 1;
-      }
-    },
-    data: [],
-    mockupdata: [{
-        name: 'Roles',
-        children: ['TCJ3-FC - SpecialAssignmentAirliftMissionPlanning', 'TCJ3-FC - SpecialAssignmentAirliftMissionMonitoring', 'SpecialAssignmentAirliftMissionExecution'],
-        content: '<i class="fa fa-file-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'
-      }, {
-        name: 'TCJ3-FC - SpecialAssignmentAirliftMissionPlanning',
-        tooltips: true,
-        tasks: [{
-            id: '3333',
-            name: 'TCJ3-FC',
-            color: 'salmon',
-            from: new Date(2013, 9, 28, 8, 0, 0),
-            to: new Date(2013, 10, 1, 15, 0, 0)
-          }
-          // {id: '1111', name: 'TCJ3-FC', color: '#F1C232', from: new Date(2013, 9, 21, 8, 0, 0), to: new Date(2013, 9, 25, 15, 0, 0), progress: 25 }
-        ]
-      }, {
-        name: 'TCJ3-FC - SpecialAssignmentAirliftMissionMonitoring',
-        tasks: [{
-          id: '2222',
-          name: 'TCJ3-FC',
-          color: 'salmon',
-          from: new Date(2013, 9, 28, 8, 0, 0),
-          to: new Date(2013, 10, 1, 15, 0, 0)
-        }]
-      }, {
-        name: 'SpecialAssignmentAirliftMissionExecution',
-        tasks: [
-          // {id: '3333', name: 'TCJ3-FC', color: '#F1C232', from: new Date(2013, 9, 28, 8, 0, 0), to: new Date(2013, 10, 1, 15, 0, 0)}
-        ]
-      },
-
-      {
-        name: 'Products',
-        children: ['RadiologicalIncidentReport', 'SAAMRequest'],
-        content: '<i class="fa fa-file-powerpoint-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'
-      }, {
-        name: 'RadiologicalIncidentReport',
-        tooltips: true,
-        tasks: [{
-          id: '4444',
-          name: 'RadiologicalIncidentReport',
-          color: 'blue',
-          from: new Date(2013, 9, 21, 8, 0, 0),
-          to: new Date(2013, 9, 25, 15, 0, 0),
-          progress: 25
-        }]
-      }, {
-        name: 'SAAMRequest',
-        tasks: [
-          // {id: 'Order basket', name: 'Order basket', color: '#F1C232', from: new Date(2013, 9, 28, 8, 0, 0), to: new Date(2013, 10, 1, 15, 0, 0)}
-        ]
-      }
-    ],
-    mockupdata3: [
-{name: 'Scenario', children: ['ISR Mission', 'Worflow 2', 'Worflow 3', 'Worflow 4', 'Worflow 5'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-// {name: 'ISR Mission', children: ['Mission Tasking', 'Mission Execution'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'ISR Mission', children: ['TF 3-10', 'ISARC', 'DY 14', 'Airspace Control', 'TF South', 'DCGS GA', 'SW 16'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'TF 3-10', tooltips: true, tasks: [
-    {id: 'Role Z1', name: 'Submit ISR request', color: 'blue', from: new Date(2013, 9, 21, 8, 0, 0), to: new Date(2013, 9, 21, 15, 0, 0),
-        progress: 25, dependencies: [{to: 'Process Request'}]}
-
-]},
-{name: 'ISARC', tasks: [
-    // {id: '2133211', name: '', color: 'rgba(0, 0, 0, 0.35)', from: new Date(2013, 9, 20, 15, 0, 0), to: new Date(2013, 10, 5, 15, 0, 0) },
-    {id: 'Process Request', name: 'Process Request', color: 'blue', from: new Date(2013, 9, 21, 15, 0, 0), to: new Date(2013, 9, 21, 16, 0, 0)}
-]},
-{name: 'DY 14', tasks: [
-    {id: 'Role X1', name: 'Role X1', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 27, 15, 0, 0),
-        dependencies: {to: 'Product B1'}}
-]},
-{name: 'Airspace Control', tasks: [
-    {id: 'Role W1', name: 'Role W1', color: 'blue', from: new Date(2013, 9, 30, 15, 0, 0), to: new Date(2013, 9, 30, 15, 0, 0)}
-]},
-{name: 'TF South', tasks: [
-    {id: 'Role W13', name: 'Role W12', color: 'blue', from: new Date(2013, 9, 30, 15, 0, 0), to: new Date(2013, 9, 30, 15, 0, 0)}
-]},
-{name: 'DCGS GA', tasks: [
-    {id: 'Role W133', name: 'Role W122', color: 'blue', from: new Date(2013, 9, 30, 15, 0, 0), to: new Date(2013, 9, 30, 15, 0, 0)}
-]},
-{name: 'SW 16', tasks: [
-    {id: 'Role W134', name: 'Role W134', color: 'blue', from: new Date(2013, 9, 30, 15, 0, 0), to: new Date(2013, 9, 30, 15, 0, 0)}
-]},
-
-
-],
-    mockupdata2: [
-{name: 'Worflow Set A', children: ['Worflow 1', 'Worflow 2', 'Worflow 3', 'Worflow 4', 'Worflow 5'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Worflow 1', children: ['Roles1', 'Products1'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Roles1', children: ['Role Z1', 'Role Y1', 'Role X1', 'Role W1'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{id: 'Role Z1', name: 'Role Z1', tooltips: false, tasks: [
-    {id: 'Role Z1', name: 'Role Z1', color: 'blue', from: new Date(2013, 9, 21, 8, 0, 0), to: new Date(2013, 9, 25, 15, 0, 0),
-        progress: 25, dependencies: [{to: 'Product A1'}]}
-
-]},
-{name: 'Role Y1', tasks: [
-    {id: '2133211', name: '', color: 'rgba(0, 0, 0, 0.35)', from: new Date(2013, 9, 20, 15, 0, 0), to: new Date(2013, 10, 5, 15, 0, 0) },
-    {id: 'Role Y1', name: 'Role Y1', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 28, 15, 0, 0),
-        dependencies: [{to: 'Product C1'}, {to: 'Role W1'}]}
-]},
-{name: 'Role X1', tasks: [
-    {id: 'Role X1', name: 'Role X1', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 27, 15, 0, 0),
-        dependencies: {to: 'Product B1'}}
-]},
-{name: 'Role W1', tasks: [
-    {id: 'Role W1', name: 'Role W1', color: 'blue', from: new Date(2013, 9, 30, 15, 0, 0), to: new Date(2013, 9, 30, 15, 0, 0),
-        dependencies: [{to: 'Product D1'}]}
-]},
-{name: 'Products1', children: ['Product A1', 'Product B1', 'Product C1', 'Product D1'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Product A1', tooltips: false, tasks: [
-    {id: 'Product A1', name: 'Product A1', color: '#F1C232', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 10, 25, 15, 0, 0),
-        progress: 25}
-]},
-{name: 'Product B1', tasks: [
-    {id: 'Product B1', name: 'Product B1', color: '#F1C232', from: new Date(2013, 9, 28, 15, 0, 0), to: new Date(2013, 10, 15, 15, 0, 0)}
-]},
-{name: 'Product C1', tasks: [
-    {id: 'Product C1', name: 'Product C1', color: '#F1C232', from: new Date(2013, 9, 29, 15, 0, 0), to: new Date(2013, 9, 29, 15, 0, 0)}
-]},
-{name: 'Product D1', tasks: [
-    {id: 'Product D1', name: 'Product D1', color: '#F1C232', from: new Date(2013, 10, 1, 15, 0, 0), to: new Date(2013, 10, 1, 15, 0, 0)}
-]},
-
-
-{name: 'Worflow 2', children: ['Roles2', 'Products2'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Roles2', children: ['Role Z2', 'Role Y2', 'Role X2', 'Role W2'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{id: 'Role Z2', name: 'Role Z2', tooltips: false, tasks: [
-    {id: 'Role Z2', name: 'Role Z2', color: 'blue', from: new Date(2013, 9, 21, 8, 0, 0), to: new Date(2013, 9, 25, 15, 0, 0),
-        progress: 25, dependencies: [{to: 'Product A2'}]}
-]},
-{name: 'Role Y2', tasks: [
-    {id: 'Role Y2', name: 'Role Y2', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 28, 15, 0, 0),
-        dependencies: [{to: 'Product C2'}, {to: 'Role W2'}]}
-]},
-{name: 'Role X2', tasks: [
-    {id: 'Role X2', name: 'Role X2', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 27, 15, 0, 0),
-        dependencies: {to: 'Product B2'}}
-]},
-{name: 'Role W2', tasks: [
-    {id: 'Role W2', name: 'Role W2', color: 'blue', from: new Date(2013, 9, 30, 15, 0, 0), to: new Date(2013, 9, 30, 15, 0, 0),
-        dependencies: [{to: 'Product D2'}]}
-]},
-{name: 'Products2', children: ['Product A2', 'Product B2', 'Product C2', 'Product D2'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Product A2', tooltips: false, tasks: [
-    {id: 'Product A2', name: 'Product A2', color: '#F1C232', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 10, 25, 15, 0, 0),
-        progress: 25}
-]},
-{name: 'Product B2', tasks: [
-    {id: 'Product B2', name: 'Product B2', color: '#F1C232', from: new Date(2013, 9, 28, 15, 0, 0), to: new Date(2013, 10, 15, 15, 0, 0)}
-]},
-{name: 'Product C2', tasks: [
-    {id: 'Product C2', name: 'Product C2', color: '#F1C232', from: new Date(2013, 9, 29, 15, 0, 0), to: new Date(2013, 9, 29, 15, 0, 0)}
-]},
-{name: 'Product D2', tasks: [
-    {id: 'Product D2', name: 'Product D2', color: '#F1C232', from: new Date(2013, 10, 1, 15, 0, 0), to: new Date(2013, 10, 1, 15, 0, 0)}
-]},
-{name: 'Worflow 3', children: ['Roles3', 'Products3'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Roles3', children: ['Role Z3', 'Role Y3', 'Role X3', 'Role W3'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{id: 'Role Z3', name: 'Role Z3', tooltips: false, tasks: [
-    {id: 'Role Z3', name: 'Role Z3', color: 'blue', from: new Date(2013, 9, 21, 8, 0, 0), to: new Date(2013, 9, 25, 15, 0, 0),
-        progress: 25, dependencies: [{to: 'Product A3'}]}
-]},
-{name: 'Role Y3', tasks: [
-    {id: 'Role Y3', name: 'Role Y3', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 28, 15, 0, 0),
-        dependencies: [{to: 'Product C3'}, {to: 'Role W3'}]}
-]},
-{name: 'Role X3', tasks: [
-    {id: 'Role X3', name: 'Role X3', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 27, 15, 0, 0),
-        dependencies: {to: 'Product B3'}}
-]},
-{name: 'Role W3', tasks: [
-    {id: 'Role W3', name: 'Role W3', color: 'blue', from: new Date(2013, 9, 30, 15, 0, 0), to: new Date(2013, 9, 30, 15, 0, 0),
-        dependencies: [{to: 'Product D3'}]}
-]},
-{name: 'Products3', children: ['Product A3', 'Product B3', 'Product C3', 'Product D3'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Product A3', tooltips: false, tasks: [
-    {id: 'Product A3', name: 'Product A3', color: '#F1C233', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 10, 25, 15, 0, 0),
-        progress: 25}
-]},
-{name: 'Product B3', tasks: [
-    {id: 'Product B3', name: 'Product B3', color: '#F1C233', from: new Date(2013, 9, 28, 15, 0, 0), to: new Date(2013, 10, 15, 15, 0, 0)}
-]},
-{name: 'Product C3', tasks: [
-    {id: 'Product C3', name: 'Product C3', color: '#F1C233', from: new Date(2013, 9, 29, 15, 0, 0), to: new Date(2013, 9, 29, 15, 0, 0)}
-]},
-{name: 'Product D3', tasks: [
-    {id: 'Product D3', name: 'Product D3', color: '#F1C233', from: new Date(2013, 10, 1, 15, 0, 0), to: new Date(2013, 10, 1, 15, 0, 0)}
-]},
-{name: 'Worflow 4', children: ['Roles4', 'Products4'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Roles4', children: ['Role Z4', 'Role Y4', 'Role X4', 'Role W4'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{id: 'Role Z4', name: 'Role Z4', tooltips: false, tasks: [
-    {id: 'Role Z4', name: 'Role Z4', color: 'blue', from: new Date(2013, 9, 21, 8, 0, 0), to: new Date(2013, 9, 25, 15, 0, 0),
-        progress: 25, dependencies: [{to: 'Product A4'}]}
-]},
-{name: 'Role Y4', tasks: [
-    {id: 'Role Y4', name: 'Role Y4', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 28, 15, 0, 0),
-        dependencies: [{to: 'Product C4'}, {to: 'Role W4'}]}
-]},
-{name: 'Role X4', tasks: [
-    {id: 'Role X4', name: 'Role X4', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 27, 15, 0, 0),
-        dependencies: {to: 'Product B4'}}
-]},
-{name: 'Role W4', tasks: [
-    {id: 'Role W4', name: 'Role W4', color: 'blue', from: new Date(2013, 9, 30, 15, 0, 0), to: new Date(2013, 9, 30, 15, 0, 0),
-        dependencies: [{to: 'Product D4'}]}
-]},
-{name: 'Products4', children: ['Product A4', 'Product B4', 'Product C4', 'Product D4'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Product A4', tooltips: false, tasks: [
-    {id: 'Product A4', name: 'Product A4', color: '#F1C234', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 10, 25, 15, 0, 0),
-        progress: 25}
-]},
-{name: 'Product B4', tasks: [
-    {id: 'Product B4', name: 'Product B4', color: '#F1C234', from: new Date(2013, 9, 28, 15, 0, 0), to: new Date(2013, 10, 15, 15, 0, 0)}
-]},
-{name: 'Product C4', tasks: [
-    {id: 'Product C4', name: 'Product C4', color: '#F1C234', from: new Date(2013, 9, 29, 15, 0, 0), to: new Date(2013, 9, 29, 15, 0, 0)}
-]},
-{name: 'Product D4', tasks: [
-    {id: 'Product D4', name: 'Product D4', color: '#F1C234', from: new Date(2013, 10, 1, 15, 0, 0), to: new Date(2013, 10, 1, 15, 0, 0)}
-]},
-{name: 'Worflow 5', children: ['Roles5', 'Products5'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Roles5', children: ['Role Z5', 'Role Y5', 'Role X5', 'Role W5'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{id: 'Role Z5', name: 'Role Z5', tooltips: false, tasks: [
-    {id: 'Role Z5', name: 'Role Z5', color: 'blue', from: new Date(2013, 9, 21, 8, 0, 0), to: new Date(2013, 9, 25, 15, 0, 0),
-        progress: 25, dependencies: [{to: 'Product A5'}]}
-]},
-{name: 'Role Y5', tasks: [
-    {id: 'Role Y5', name: 'Role Y5', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 28, 15, 0, 0),
-        dependencies: [{to: 'Product C5'}, {to: 'Role W5'}]}
-]},
-{name: 'Role X5', tasks: [
-    {id: 'Role X5', name: 'Role X5', color: 'blue', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 9, 27, 15, 0, 0),
-        dependencies: {to: 'Product B5'}}
-]},
-{name: 'Role W5', tasks: [
-    {id: 'Role W5', name: 'Role W5', color: 'blue', from: new Date(2013, 9, 30, 15, 0, 0), to: new Date(2013, 9, 30, 15, 0, 0),
-        dependencies: [{to: 'Product D5'}]}
-]},
-{name: 'Products5', children: ['Product A5', 'Product B5', 'Product C5', 'Product D5'], content: '<i class="fa fa-file-code-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'},
-{name: 'Product A5', tooltips: false, tasks: [
-    {id: 'Product A5', name: 'Product A5', color: '#F1C235', from: new Date(2013, 9, 26, 15, 0, 0), to: new Date(2013, 10, 25, 15, 0, 0),
-        progress: 25}
-]},
-{name: 'Product B5', tasks: [
-    {id: 'Product B5', name: 'Product B5', color: '#F1C235', from: new Date(2013, 9, 28, 15, 0, 0), to: new Date(2013, 10, 15, 15, 0, 0)}
-]},
-{name: 'Product C5', tasks: [
-    {id: 'Product C5', name: 'Product C5', color: '#F1C235', from: new Date(2013, 9, 29, 15, 0, 0), to: new Date(2013, 9, 29, 15, 0, 0)}
-]},
-{name: 'Product D5', tasks: [
-    {id: 'Product D5', name: 'Product D5', color: '#F1C235', from: new Date(2013, 10, 1, 15, 0, 0), to: new Date(2013, 10, 1, 15, 0, 0)}
-]},
-
-
-              ],
-  };
-
-
-  $scope.initialize = function() {
-    return; //JEM FixMe
-    WorkflowService.getWorkflows().then(function(workflowList) {
-      $scope.workflowList = workflowList;
-      setContainerSize();
-
-      InstanceService.getInstances().then(function(instanceList) {
-        $scope.instanceList = instanceList;
-        $scope.instanceList.forEach(function(instance) {
-          instance.workflow = $scope.getWorkFlow(instance.workflowId);
-        });
-        $scope.displayedInstanceCollection = [].concat($scope.instanceList);
-
-        //Select first row in table
-        if ($scope.displayedInstanceCollection.length > 0) {
-          $scope.selectRow($scope.displayedInstanceCollection[$scope.displayedInstanceCollection.length - 1]);
-        }
-
-      }, function(result) {
-        growl.error("Failed getting instances. Error: " + result.data.error);
-        $scope.instanceList.length = 0;
-      });
-
-    }, function(result) {
-      growl.error("Failed getting workflows. Error: " + result.data.error);
-      $scope.workflowList.length = 0;
-    });
-
-  };
-
-  $scope.getWorkFlow = function(workflowId) {
-    return $scope.workflowList.filter(function(item) {
-      return item.id === workflowId;
-    })[0];
-  };
-
-  $scope.getTagList = function(uri) {
-    var ret = "";
-    var maxTags = 10;
-    $scope.activeInstance.instanceTags.forEach(function(instanceTag) {
-      var numOfTags = Math.min(instanceTag.tags.length, maxTags);
-      if (instanceTag.product === uri) {
-        for (var i = 0; i < numOfTags; i++) {
-          ret += $scope.getUriLabel(instanceTag.tags[i]) + ", ";
-        }
-      }
-      ret = ret.slice(0, -2); //Remove last comma
-      if (ret !== "" && instanceTag.tags.length > maxTags) {
-        ret += "... (click product to show all tags)";
-      }
-    });
-    return ret;
-  };
-
-  $scope.getUriLabel = function(uri) {
-    if (uri.lastIndexOf("#") === -1) {
-      return uri.substring(uri.lastIndexOf("/") + 1);
-    } else {
-      return uri.substring(uri.lastIndexOf("#") + 1);
-    }
-  };
-  $scope.initializeWorkflowDiagram = function(instance) {
-    $scope.activeInstance = instance;
-    $scope.selectedInstanceTag = undefined;
-    $scope.graphLayout.zoomLevel = 1;
-    $scope.initGanttData();
-    setTimeout(function() {
-
-      //Restore joint diagram div to orignal state
-      document.getElementById('pnlDiagram').innerHTML = '<joint-diagram id="joint-diagram" />';
-
-      WorkflowGraphFactory.initCustomSize('#joint-diagram', $('#pnlDiagram').width(), 500);
-
-      WorkflowService.getWorkflow(instance.workflow.id).then(function(workflow) {
-        WorkflowGraphFactory.loadData(workflow.graphItems, workflow.graphLinks);
-
-        WorkflowGraphFactory.getPaper().on('cell:pointerup', function(cellView, evt, x, y) {
-          $log.debug('cell view ' + cellView.model.id + ' was double clicked');
-          $scope.selectedInstanceTag = undefined;
-          $scope.activeInstance.instanceTags.forEach(function(instanceTag) {
-            if (instanceTag.product === cellView.model.attributes.uri) {
-              $scope.selectedInstanceTag = instanceTag;
-              $('#container').animate({
-                scrollTop: $("#tagRegion").offset().top
-              }, 500);
-            }
-          });
-          $scope.$apply();
-        });
-
-        WorkflowGraphFactory.getPaper().on('cell:mouseover', function(cellView, evt) {
-          var cellType = cellView.model.attributes.type;
-          if (cellType === "bbn.Role" || cellType === "bbn.Product") {
-            if (!cellView.$el.data('bs.popover')) {
-              var ontology = cellView.model.attributes.ontology;
-              var classURI = cellView.model.attributes.uri;
-              var tagList = $scope.getTagList(cellView.model.attributes.uri);
-              if (tagList !== "") {
-                tagList = "<br>Tags: " + tagList;
-              }
-              RoleProductSetService.getClassDetails(ontology.dataset, classURI).then(function(result) {
-                $('.popover').popover('hide'); //Hide any lingering popovers
-                cellView.$el.popover({
-                  placement: 'auto',
-                  trigger: 'hover',
-                  html: true,
-                  delay: {
-                    "show": 250,
-                    "hide": 0
-                  },
-                  container: 'body',
-                  content: 'Ontology: (' + ontology.name + ')<br>Comment: ' + (result.description === "" ? "none" : result.description) + tagList
-                }).popover('show');
-              }, function() {});
-              $('.popover').popover('hide');
-            }
-          }
-        });
-
-        var graphItems = WorkflowGraphFactory.getGraph().getCells();
-
-        instance.roleAssets.forEach(function(roleAsset) {
-          var assetLabel = "";
-
-          roleAsset.assets.forEach(function(asset) {
-            assetLabel += $scope.getUriLabel(asset) + ", ";
-          });
-          assetLabel = assetLabel.slice(0, -2);
-
-          if (assetLabel !== "") { //Replace original labels with assets
-
-            var roleAssetGraphItems = graphItems.filter(function(item) {
-              return item.attributes.graphItemId === roleAsset.graphItem;
-            });
-
-            roleAssetGraphItems.forEach(function(roleAssetGraphItem) {
-              roleAssetGraphItem.attr('text/text', joint.util.breakText(assetLabel + "\n" + roleAssetGraphItem.attributes.label, {
-                width: 100
-              }));
-            });
-          }
-
-
-          $scope.createGanttRole($scope.getUriLabel(roleAsset.role), assetLabel);
-
-        });
-
-        instance.instanceTags.forEach(function(instanceTag) {
-          graphItems.forEach(function(graphItem) {
-            if (instanceTag.product === graphItem.attributes.uri) {
-              graphItem.attr('text/text', graphItem.attr('text/text') + "\n[Tags]");
-            }
-          });
-
-          $scope.createGanttProduct($scope.getUriLabel(instanceTag.product));
-        });
-
-
-        //Hide delete icon on shapes and links
-        $(".element-tool-remove").hide();
-        $(".tool-remove").hide();
-        WorkflowGraphFactory.getPaper().scaleContentToFit();
-        // $scope.gantt.api.side.setWidth($scope.gantt.api.columns.getColumnsWidthToFit());
-        $scope.gantt.api.side.setWidth(450);
-      }, function(result) {
-        growl.error("Failed to acquire role-product set. Error: " + result.data.error);
-      });
-    }, 100);
-  };
-
-
-  $scope.navigateToWorkflow = function(workflow) {
-    WorkflowTemplate.setId(workflow.id);
-    $state.go('workflows.editor', {
-      workflowId: workflow.id
-    });
-  };
-
-  $scope.selectRow = function(row) {
-    for (var i = 0, len = $scope.displayedInstanceCollection.length; i < len; i += 1) {
-      $scope.displayedInstanceCollection[i].isSelected = false;
-    }
-    row.isSelected = true;
-    $scope.initializeWorkflowDiagram(row);
-  };
-
-  $scope.changeGraphZoom = function() {
-    WorkflowGraphFactory.getPaper().scale($scope.graphLayout.zoomLevel, $scope.graphLayout.zoomLevel);
-  };
-
-  $scope.initGanttData = function() {
-    $scope.gantt.data = [{
-      name: 'Products',
-      children: [],
-      content: '<i class="fa fa-file-powerpoint-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'
-    }, {
-      name: 'Roles',
-      children: [],
-      content: '<i class="fa fa-file-o" ng-click="scope.handleRowIconClick(row.model)"></i> {{row.model.name}}'
-    }];
-  };
-
-
-  $scope.createGanttRole = function(roleName, assestName) {
-    var ganttRole = {
-      name: roleName,
-      tooltips: true,
-      tasks: []
-    };
-    if (assestName !== "") {
-      var task = {
-        name: assestName,
-        color: 'salmon',
-        from: moment($scope.activeInstance.creationDate).add(1, 'days'),
-        to: moment($scope.activeInstance.creationDate).add(3, 'days')
-      };
-      ganttRole.tasks.push(task);
-    }
-    $scope.gantt.data.push(ganttRole);
-    $scope.gantt.data[1].children.push(roleName);
-  };
-  $scope.createGanttProduct = function(productName) {
-    var ganttProduct = {
-      name: productName,
-      tooltips: true,
-      tasks: []
-    };
-
-    var task = {
-      name: productName,
-      color: 'blue',
-      from: moment($scope.activeInstance.creationDate),
-      to: moment($scope.activeInstance.creationDate).add(1, 'days')
-    };
-    ganttProduct.tasks.push(task);
-    $scope.gantt.data.push(ganttProduct);
-    $scope.gantt.data[0].children.push(productName);
-  };
-  $scope.registerApi = function(api) {
-    $scope.gantt.api = api;
-  };
-
-}
diff --git a/src/federation-hub-ui/src/main/webapp/modules/commander-dashboard/commander_dashboard_module.js b/src/federation-hub-ui/src/main/webapp/modules/commander-dashboard/commander_dashboard_module.js
deleted file mode 100644
index decf9ac7..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/commander-dashboard/commander_dashboard_module.js
+++ /dev/null
@@ -1,2 +0,0 @@
-
-angular.module('roger_federation.CommanderDashboard', []);
diff --git a/src/federation-hub-ui/src/main/webapp/modules/config/config_service.js b/src/federation-hub-ui/src/main/webapp/modules/config/config_service.js
index 9ffc63c0..1be03195 100644
--- a/src/federation-hub-ui/src/main/webapp/modules/config/config_service.js
+++ b/src/federation-hub-ui/src/main/webapp/modules/config/config_service.js
@@ -23,7 +23,13 @@ angular.module('roger_federation.Config')
           hostname = location.hostname;
         }
 
-        var port = Number(location.port)
+        var api_port = location.port;
+        var local_data = localStorage.getItem("api_port");
+
+        if(local_data !== null){
+          api_port = local_data;
+        }
+        var port = Number(api_port)
 
         if (typeof $localStorage.configuration === "undefined") {
           $localStorage.configuration = {};
@@ -59,7 +65,6 @@ angular.module('roger_federation.Config')
         };
 
         initialized = true;
-        service.setServerInfoFromHAL();
       }
 
 
@@ -249,32 +254,6 @@ angular.module('roger_federation.Config')
 //          });
       };
 
-      service.getHALInfo = function() {
-        return $http.get(
-          service.getServerRootUrlStr() + '/info').then(
-          function(res) {
-            return res;
-          },
-          function(reason) {
-            throw reason;
-          });
-      };
-
-      service.setServerInfoFromHAL = function() {
-        service.getHALInfo().then(
-          function(res) {
-            serverInfo.fuseki.uri = res.data.fuseki.host + ":" + res.data.fuseki.port;
-            serverInfo.roger_federation.version = res.data.build.version;
-            return res;
-          },
-          function(reason) {
-            serverInfo.fuseki.uri = "localhost:3030";
-            serverInfo.roger_federation.version = "?";
-            throw reason;
-          });
-      };
-
-
       return service;
 
     }
diff --git a/src/federation-hub-ui/src/main/webapp/modules/core/application_controller.js b/src/federation-hub-ui/src/main/webapp/modules/core/application_controller.js
deleted file mode 100644
index acb22867..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/core/application_controller.js
+++ /dev/null
@@ -1,33 +0,0 @@
-
-"use strict";
-
-angular.module('roger_federation.Core')
-  .controller('ApplicationController', ['$http', '$scope', '$rootScope', '$state', '$cookieStore', 'AuthenticationService', 'Session', 'ConfigService', applicationController]);
-
-function applicationController($http, $scope, $rootScope, $state, $cookieStore, AuthenticationService, Session, ConfigService) {
-
-  // Setup some common display values.
-  var session = $cookieStore.get("session");
-  if (session) {
-    $scope.currentUser = session.username;
-  }
-
-  $scope.$watch(function() {
-      return AuthenticationService.getUserId();
-    },
-    function(newValue) {
-      $scope.currentUser = newValue;
-    });
-
-  var heartBeat = function() {
-//    ConfigService.getServerStatus().then(
-//      function(res) {
-//        setTimeout(heartBeat, 3000);
-//        $scope.serverStatus = res;
-//      },
-//      function(reason) {
-//        throw reason;
-//      });
-  };
-  heartBeat();
-}
diff --git a/src/federation-hub-ui/src/main/webapp/modules/core/core_module.js b/src/federation-hub-ui/src/main/webapp/modules/core/core_module.js
deleted file mode 100644
index e27828a1..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/core/core_module.js
+++ /dev/null
@@ -1,2 +0,0 @@
-
-angular.module('roger_federation.Core', []);
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/webapp/modules/logout/logout_controller.js b/src/federation-hub-ui/src/main/webapp/modules/logout/logout_controller.js
deleted file mode 100644
index 6e0717b5..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/logout/logout_controller.js
+++ /dev/null
@@ -1,22 +0,0 @@
-
-'use strict';
-
-angular.module('roger_federation.Logout')
-
-.controller('LogoutController',
-	['$scope', '$rootScope', '$state', '$modalInstance', 'AuthenticationService', function ($scope, $rootScope, $state, $modalInstance, AuthenticationService) {
-	    $rootScope.currentPage = 'Logout';
-
-	    $scope.logout = function () {
-		AuthenticationService.logout();
-		$modalInstance.close('ok');
-		$scope.$close(true);
-	    };
-
-
-	    $scope.cancel = function () {
-		$scope.$dismiss();
-		$modalInstance.dismiss('cancel');
-	    };
-
-	}]);
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/webapp/modules/logout/logout_module.js b/src/federation-hub-ui/src/main/webapp/modules/logout/logout_module.js
deleted file mode 100644
index 2fbd20c4..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/logout/logout_module.js
+++ /dev/null
@@ -1,2 +0,0 @@
-
-angular.module('roger_federation.Logout', []);
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/webapp/modules/manage/manage_controller.js b/src/federation-hub-ui/src/main/webapp/modules/manage/manage_controller.js
deleted file mode 100644
index 13873288..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/manage/manage_controller.js
+++ /dev/null
@@ -1,670 +0,0 @@
-
-'use strict';
-
-angular.module('roger_federation.Manage')
-
-.controller('ManageController', ['$scope', '$rootScope', '$state', '$stateParams', '$log', 'growl', 'ACCESS_EVENTS',
-  'RoleProductSetService', 'WorkflowService', 'AssetService',
-  'DefaultsService', 'AuthenticationService', manageController
-]);
-
-
-function manageController($scope, $rootScope, $state, $stateParams, $log, growl, ACCESS_EVENTS, RoleProductSetService,
-  WorkflowService, AssetService, DefaultsService, AuthenticationService) {
-  $rootScope.$state = $state;
-  $rootScope.$stateParams = $stateParams;
-
-  $rootScope.$on('$stateChangeStart', handleStateChangeStart);
-
-  $scope.rowCollection = [];
-  $scope.displayedCollection = [];
-  $scope.itemsByPage = 15;
-  $scope.defaultsData = {
-    datasets: [],
-    currentDataset: undefined,
-    currentDefaults: [],
-    orderAsc: false,
-    orderByField: 'ownerItem.name'
-  };
-
-  $scope.assetUploadData = {};
-
-
-  $scope.initialize = function() {
-    if ($state.current.name === 'manage.role-sets') {
-      $scope.initializeRoleProductSetView();
-    } else if ($state.current.name === 'manage.diagrams' || $state.current.name === 'manage.federations') {
-      $scope.initializeWorkflowView();
-    } else if ($state.current.name === 'manage.workflow-sets') {
-      $scope.initializeWorkflowSetsView();
-    } else if ($state.current.name === 'manage.instances') {
-      $scope.initializeInstanceView();
-    } else if ($state.current.name === 'manage.assets') {
-      $scope.initializeAssetView();
-    } else if ($state.current.name === 'manage.defaults') {
-      $scope.initializeDefaultsView();
-    }
-  };
-
-
-  function handleStateChangeStart(event, toState, toParams, fromState, fromParams) {
-    if (toState.name === 'manage.role-sets') {
-      $scope.initializeRoleProductSetView();
-    } else if (toState.name === 'manage.diagrams' || $state.current.name === 'manage.federations') {
-      $scope.initializeWorkflowView();
-    } else if (toState.name === 'manage.workflow-sets') {
-      $scope.initializeWorkflowSetsView();
-    } else if (toState.name === 'manage.instances') {
-      $scope.initializeInstanceView();
-    } else if (toState.name === 'manage.assets') {
-      $scope.initializeAssetView();
-    } else if (toState.name === 'manage.defaults') {
-      $scope.initializeDefaultsView();
-    }
-  }
-
-
-  // INITIALIZE VIEWS
-
-  $scope.initializeRoleProductSetView = function() {
-    RoleProductSetService.getRoleProductSetDescriptors().then(function(roleProductSetList) {
-      $scope.rowCollection = roleProductSetList;
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-    }, function(result) {
-      $scope.rowCollection.length = 0;
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-      if (result.status === -1) {
-        $rootScope.$broadcast(ACCESS_EVENTS.accessFailed, result);
-      } else {
-        var err = ".";
-        if (((typeof result.data) !== "undefined") && result.data !== null && ((typeof result.data.error) !== "undefined") && result.data.error !== null) {
-          err = result.data.error + ".";
-        }
-        growl.error("Failed getting role-product sets. Error: " + err);
-      }
-    });
-  };
-
-
-  $scope.initializeWorkflowView = function() {
-    WorkflowService.getWorkflowDescriptors().then(function(workflowList) {
-      $scope.rowCollection = workflowList;
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-    }, function(result) {
-      $scope.rowCollection.length = 0;
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-      if (result.status === -1) {
-        $rootScope.$broadcast(ACCESS_EVENTS.accessFailed, result);
-      } else {
-        var err = ".";
-        if (((typeof result.data) !== "undefined") && result.data !== null && ((typeof result.data.error) !== "undefined") && result.data.error !== null) {
-          err = result.data.error + ".";
-        }
-        growl.error("Failed getting workflows. Error: " + err);
-      }
-    });
-  };
-
-  $scope.initializeWorkflowSetsView = function() {
-    WorkflowSetsService.getWorkflowSetsDescriptors().then(function(workflowSetsList) {
-      $scope.rowCollection = workflowSetsList;
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-    }, function(result) {
-      $scope.rowCollection.length = 0;
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-      if (result.status === -1) {
-        $rootScope.$broadcast(ACCESS_EVENTS.accessFailed, result);
-      } else {
-        var err = ".";
-        if (((typeof result.data) !== "undefined") && result.data !== null && ((typeof result.data.error) !== "undefined") && result.data.error !== null) {
-          err = result.data.error + ".";
-        }
-        growl.error("Failed getting workflow sets files. Error: " + err);
-      }
-    });
-  };
-
-  $scope.initializeInstanceView = function() {
-    InstanceService.getInstanceDescriptors().then(function(instanceList) {
-      $scope.rowCollection = instanceList;
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-    }, function(result) {
-      $scope.rowCollection.length = 0;
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-      if (result.status === -1) {
-        $rootScope.$broadcast(ACCESS_EVENTS.accessFailed, result);
-      } else {
-        var err = ".";
-        if (((typeof result.data) !== "undefined") && result.data !== null && ((typeof result.data.error) !== "undefined") && result.data.error !== null) {
-          err = result.data.error + ".";
-        }
-        growl.error("Failed getting instances. Error: " + err);
-      }
-    });
-  };
-
-  $scope.initializeAssetView = function() {
-    AssetService.getAssetFileDescriptors().then(function(assetList) {
-      $scope.rowCollection = assetList;
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-    }, function(result) {
-      $scope.rowCollection.length = 0;
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-      if (result.status === -1) {
-        $rootScope.$broadcast(ACCESS_EVENTS.accessFailed, result);
-      } else {
-        var err = ".";
-        if (((typeof result.data) !== "undefined") && result.data !== null && ((typeof result.data.error) !== "undefined") && result.data.error !== null) {
-          err = result.data.error + ".";
-        }
-        growl.error("Failed getting asset files. Error: " + err);
-      }
-    });
-  };
-
-  $scope.initializeDefaultsView = function() {
-    DefaultsService.initiateOntologiesRetrieval().then(
-      function(res) {
-        $scope.defaultsData.datasets = res;
-      },
-      function(res) {
-        growl.error("Error retrieving dataset list: " + res);
-      }
-    );
-  };
-
-  $scope.changeDefaultsOrderBy = function(fieldName) {
-    if ($scope.defaultsData.orderByField == fieldName) {
-      $scope.defaultsData.orderAsc = !$scope.defaultsData.orderAsc;
-    } else {
-      $scope.defaultsData.orderAsc = false;
-    }
-    $scope.defaultsData.orderByField = fieldName;
-  }
-
-  $scope.datasetChanged = function() {
-    DefaultsService.initiateDefaultsRetrieval($scope.defaultsData.currentDataset).then(
-      function(res) {
-        $scope.defaultsData.currentDefaults = res;
-      },
-      function(res) {
-        growl.error("Error retrieving current defaults list: " + res);
-      }
-    );
-  };
-
-  $scope.importDefaults = function() {
-    DefaultsService.initiateDefaultsImport($scope.defaultsData.currentDataset).then(
-      function(res) {
-        growl.success("Defaults imported");
-        $scope.datasetChanged();
-      },
-      function(res) {
-        growl.error("Error importing defaults: " + res);
-      }
-    );
-  };
-
-  $scope.removeDefault = function(defaultID) {
-    DefaultsService.initiateDefaultRemoval(defaultID).then(
-      function(res) {
-        growl.success("Default removed");
-        $scope.datasetChanged();
-      },
-      function(res) {
-        growl.error("Error removing default: " + res);
-      }
-    );
-  };
-
-  // EXPORT ROWS
-
-
-
-
-  $scope.exportRoleProductSet = function(row) {
-    RoleProductSetService.getRoleProductSet(row.id).then(function(res) {
-
-      function convertToDefinitionFile(data) {
-        var result = {
-          name: data.name,
-          description: data.description,
-          roles: [],
-          products: []
-        };
-
-        for (var i = 0, len = data.roles.length; i < len; i++) {
-          result.roles.push(data.roles[i].item.uri);
-        }
-        for (var i = 0, len = data.products.length; i < len; i++) {
-          result.products.push(data.products[i].item.uri);
-        }
-        return result;
-      }
-
-      var data = convertToDefinitionFile(res);
-
-      var filename = 'roger_federation-role-product-set-' + res.name + '.json';
-      data = new Blob([JSON.stringify(data)], {
-        type: "text/plain;charset=utf-8"
-      });
-      saveAs(data, filename);
-    }, function(res) {
-      var msg = "Failed to export role-product set.";
-      growl.error(msg);
-    });
-  };
-
-  $scope.exportWorkflow = function(row) {
-    WorkflowService.exportWorkflow(row.id).then(function(res) {
-      var filename = 'roger_federation-workflow-' + res.name + '.json';
-      var data = new Blob([JSON.stringify(res)], {
-        type: "text/plain;charset=utf-8"
-      });
-      saveAs(data, filename);
-    }, function(res) {
-      var msg = "Failed to export workflow.";
-      growl.error(msg);
-    });
-  };
-
-  $scope.exportWorkflowSet = function(row) {
-    WorkflowSetsService.getWorkflowSet(row.id).then(function(res) {
-      var filename = 'roger_federation-workflow-set-' + res.name + '.json';
-      var data = new Blob([JSON.stringify(res)], {
-        type: "text/plain;charset=utf-8"
-      });
-      saveAs(data, filename);
-    }, function(res) {
-      var msg = "Failed to export workflow set.";
-      growl.error(msg);
-    });
-  }
-
-  $scope.exportInstance = function(row) {
-    InstanceService.getInstance(row.id).then(function(res) {
-      var filename = 'roger_federation-instance-' + res.name + '.json';
-      var data = new Blob([JSON.stringify(res)], {
-        type: "text/plain;charset=utf-8"
-      });
-      saveAs(data, filename);
-    }, function(res) {
-      var msg = "Failed to export instance.";
-      growl.error(msg);
-    });
-  }
-
-  $scope.exportAsset = function(row) {
-    AssetService.getAssetFile(row.id).then(function(res) {
-      var filename = 'roger_federation-asset-' + res.name + '.json';
-      var data = new Blob([JSON.stringify(res)], {
-        type: "text/plain;charset=utf-8"
-      });
-      saveAs(data, filename);
-    }, function(res) {
-      var msg = "Failed to export asset file.";
-      growl.error(msg);
-    });
-  }
-
-
-  // REMOVE ROWS
-
-  function removeRowFromCollection(row) {
-    var index = $scope.rowCollection.indexOf(row);
-    if (index !== -1) {
-      $scope.rowCollection.splice(index, 1);
-      // do I need to do this???
-      $scope.displayedCollection = [].concat($scope.rowCollection);
-    }
-  }
-
-
-
-  // IMPORT DATASET
-
-  $scope.handleFileReadComplete = function(event) {
-    var content = event.target.result,
-      error = event.target.error;
-
-    if (error != null) {
-      switch (error.code) {
-        case error.ENCODING_ERR:
-          growl.error("File read encoding error.");
-          break;
-
-        case error.NOT_FOUND_ERR:
-          growl.error("The file could not be found at the time the read was processed.");
-          break;
-
-        case error.NOT_READABLE_ERR:
-          growl.error("The file could not be read.");
-          break;
-
-        case error.SECURITY_ERR:
-          growl.error("Security error with file.");
-          break;
-
-        default:
-          growl.error("Uncategorized file read error: " + event.target.error.name + ".");
-      }
-    } else {
-      return content;
-    }
-    return null;
-  };
-
-  $scope.handleFileReadAbort = function() {
-    growl.error("File read aborted.");
-  };
-
-  $scope.handleFileReadError = function(evt) {
-    switch (evt.target.error.name) {
-      case "NotFoundError":
-        growl.error("The file could not be found at the time the read was processed.");
-        break;
-
-      case "SecurityError":
-        growl.error("Security error with file.");
-        break;
-
-      case "NotReadableError":
-        growl.error("The file could not be read.");
-        break;
-
-      case "EncodingError":
-        growl.error("File read encoding error.");
-        break;
-
-      default:
-        growl.error("Uncategorized file read error: " + event.target.error.name + ".");
-
-    } // switch
-  }; // handleFileReadError
-
-
-  //  Import Role Product Set
-  $scope.importRoleProductSet = function(file) {
-    if (file === null) {
-      return;
-    }
-    var reader = new FileReader();
-
-    reader.onloadend = (function() {
-      return function(event) {
-        var result = $scope.handleFileReadComplete(event);
-        if (result != null) {
-          result = JSON.parse(result);
-          delete result.id;
-          for (var i = 0, len = result.roles.length; i < len; i++) {
-            delete result.roles[i].id;
-            /*			for (varresult.roles[i].children.length) */
-          }
-          for (var i = 0, len = result.products.length; i < len; i++) {
-            delete result.products[i].id;
-          }
-          result = JSON.stringify(result);
-          RoleProductSetService.importRoleProductSet(result).then(function() {
-            growl.success("Role-Product file uploaded.");
-            $scope.initializeRoleProductSetView();
-          }, function(result) {
-            growl.error("Failed to upload role-product set. Error: " + result.data.error);
-          });
-        };
-      };
-    })();
-
-    reader.abort = (function() {
-      return function() {
-        $scope.handleFileReadAbort();
-      };
-    })();
-
-    reader.onerror = (function() {
-      return function(event) {
-        $scope.handleFileReadError(event);
-      };
-    })();
-
-    reader.readAsText(file);
-  };
-
-  //  Import Role Product Set Definition
-  $scope.importRoleProductSetDefinition = function(files) {
-    if (files === null) {
-      return;
-    }
-    files.forEach(function(file) {
-      if (file === null) {
-        return;
-      }
-      var reader = new FileReader();
-
-      reader.onloadend = (function() {
-        return function(event) {
-          var result = $scope.handleFileReadComplete(event);
-          if (result != null) {
-            RoleProductSetService.uploadRoleProductSetDefinition(result).then(function() {
-              growl.success("File: (" + file.name + ")<br>" + "Role-Product set definition file uploaded.");
-              $scope.initializeRoleProductSetView();
-            }, function(result) {
-              growl.error("File: (" + file.name + ")<br>" + "Failed to upload role-product set definition file. Error: " + result.data.error);
-            });
-          };
-        };
-      })();
-
-      reader.abort = (function() {
-        return function() {
-          $scope.handleFileReadAbort();
-        };
-      })();
-
-      reader.onerror = (function() {
-        return function(event) {
-          $scope.handleFileReadError(event);
-        };
-      })();
-
-      reader.readAsText(file);
-    });
-  };
-
-  //  Import Workflow
-  $scope.importWorkflow = function(files) {
-    if (files === null) {
-      return;
-    }
-    files.forEach(function(file) {
-      if (file === null) {
-        return;
-      }
-      var reader = new FileReader();
-      reader.onloadend = (function() {
-        return function(event) {
-          var result = $scope.handleFileReadComplete(event);
-          if (result != null) {
-            result = JSON.parse(result);
-            delete result.id;
-            result = JSON.stringify(result);
-            WorkflowService.importWorkflow(result).then(function() {
-              $scope.initializeWorkflowView();
-            }, function(result) {
-              if (result.data.message !== undefined) {
-                var errMsg = result.data.message;
-                growl.error("File: (" + file.name + ")<br>" + errMsg.substring(errMsg.lastIndexOf(":") + 1));
-              } else {
-                growl.error("File: (" + file.name + ")<br>" + "Failed to upload workflow file. Error: " + result.data.error);
-              }
-            });
-          };
-        };
-      })();
-
-      reader.abort = (function() {
-        return function() {
-          $scope.handleFileReadAbort();
-        };
-      })();
-
-      reader.onerror = (function() {
-        return function(event) {
-          $scope.handleFileReadError(event);
-        };
-      })();
-
-      reader.readAsText(file);
-    });
-  };
-
-  //  Import Asset
-  $scope.importAsset = function(file) {
-    if (file === null) {
-      return;
-    }
-    var reader = new FileReader();
-
-    reader.onloadend = (function() {
-      return function(event) {
-        var result = $scope.handleFileReadComplete(event);
-        if (result != null) {
-          var data = {
-            contents: result,
-            name: $scope.assetUploadData.name,
-            description: $scope.assetUploadData.description,
-            fileName: file.name,
-            creatorName: AuthenticationService.getUserId()
-          };
-          AssetService.uploadAssetFile(data).then(function() {
-            $scope.$$prevSibling.initializeAssetView();
-          }, function(result) {
-            growl.error("Failed to upload Asset file. Error: " + result.data.error + ". " + result.data.message);
-          });
-        };
-      };
-    })();
-
-    reader.abort = (function() {
-      return function() {
-        $scope.handleFileReadAbort();
-      };
-    })();
-
-    reader.onerror = (function() {
-      return function(event) {
-        $scope.handleFileReadError(event);
-      };
-    })();
-
-    reader.readAsText(file);
-  };
-
-
-  //  Import Instance
-  $scope.importInstance = function(file) {
-    if (file === null) {
-      return;
-    }
-    var reader = new FileReader();
-
-    reader.onloadend = (function() {
-      return function(event) {
-        var result = $scope.handleFileReadComplete(event);
-        if (result != null) {
-          result = JSON.parse(result);
-          delete result.id;
-          result = JSON.stringify(result);
-          InstanceService.uploadInstance(result).then(function() {
-            growl.success("Instance file uploaded.");
-            $scope.initializeInstanceView();
-          }, function(result) {
-            growl.error("Failed to upload instance file. Error: " + result.data.error);
-          });
-        };
-      };
-    })();
-
-    reader.abort = (function() {
-      return function() {
-        $scope.handleFileReadAbort();
-      };
-    })();
-
-    reader.onerror = (function() {
-      return function(event) {
-        $scope.handleFileReadError(event);
-      };
-    })();
-
-    reader.readAsText(file);
-  };
-
-
-  //  Import Workflow Set
-  $scope.importWorkflowSet = function(files) {
-    if (files === null) {
-      return;
-    }
-    files.forEach(function(file) {
-      if (file === null) {
-        return;
-      }
-      var reader = new FileReader();
-
-      reader.onloadend = (function() {
-        return function(event) {
-          var result = $scope.handleFileReadComplete(event);
-          if (result != null) {
-            result = JSON.parse(result);
-            delete result.id;
-            result = JSON.stringify(result);
-            InstanceService.uploadWorkflowSet(result).then(function() {
-              growl.success("File: (" + file.name + ")<br>" + "Workflow set file uploaded.");
-              $scope.initializeInstanceView();
-            }, function(result) {
-              growl.error("File: (" + file.name + ")<br>" + "Failed to upload workflow set file. Error: " + result.data.error);
-            });
-          };
-        };
-      })();
-
-      reader.abort = (function() {
-        return function() {
-          $scope.handleFileReadAbort();
-        };
-      })();
-
-      reader.onerror = (function() {
-        return function(event) {
-          $scope.handleFileReadError(event);
-        };
-      })();
-
-      reader.readAsText(file);
-    });
-  };
-
-
-  /** Upload Asset File Functions **/
-
-  $scope.initializeUploadAssetFile = function() {
-    $scope.assetUploadData = {
-      name: '',
-      assetFile: null,
-      description: '',
-      creatorName: AuthenticationService.getUserId()
-    };
-  };
-
-
-  $scope.uploadAssetFile = function() {
-    $scope.importAsset($scope.assetUploadData.assetFile);
-    $scope.$close(true);
-  };
-
-
-  $scope.cancelUploadAssetModal = function() {
-    $scope.$dismiss('cancel');
-  };
-
-}
diff --git a/src/federation-hub-ui/src/main/webapp/modules/manage/manage_module.js b/src/federation-hub-ui/src/main/webapp/modules/manage/manage_module.js
deleted file mode 100644
index b2276add..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/manage/manage_module.js
+++ /dev/null
@@ -1,2 +0,0 @@
-
-angular.module('roger_federation.Manage', ['angular-growl']);
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/add_federate_group_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/add_federate_group_controller.js
index cd28400d..73786a29 100644
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/add_federate_group_controller.js
+++ b/src/federation-hub-ui/src/main/webapp/modules/workflows/add_federate_group_controller.js
@@ -2,9 +2,9 @@
 "use strict";
 
 angular.module('roger_federation.Workflows')
-    .controller('AddFederateGroupController', ['$rootScope', '$scope', '$state', '$http', '$stateParams', '$modalInstance', '$timeout', '$log', '$cookieStore', 'growl', 'WorkflowTemplate', 'WorkflowService', 'OntologyService', 'JointPaper', addFederateGroupController]);
+    .controller('AddFederateGroupController', ['$rootScope', '$scope', '$state', '$http', '$stateParams', '$modalInstance', '$timeout', '$log', '$cookieStore', 'growl', 'WorkflowTemplate', 'WorkflowService', 'OntologyService', 'JointPaper', 'ConfigService', addFederateGroupController]);
 
-function addFederateGroupController($rootScope, $scope, $state, $http, $stateParams, $modalInstance, $timeout, $log, $cookieStore, growl, WorkflowTemplate, WorkflowService, OntologyService, JointPaper) {
+function addFederateGroupController($rootScope, $scope, $state, $http, $stateParams, $modalInstance, $timeout, $log, $cookieStore, growl, WorkflowTemplate, WorkflowService, OntologyService, JointPaper, ConfigService) {
 
     $scope.editorTitle = "Add";
     $scope.editExisting = false;
@@ -89,7 +89,7 @@ function addFederateGroupController($rootScope, $scope, $state, $http, $statePar
         if (file == null) {
             alert("Please provide a valid certificate file before submitting.");
         } else {
-            var uploadUrl = "/fig/addNewGroupCa";
+            var uploadUrl = ConfigService.getServerBaseUrlStrV2() + "addNewGroupCa";
 
             $scope.submitInProgress = true;
 
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/add_policy_filter_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/add_policy_filter_controller.js
deleted file mode 100644
index 88ae28d3..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/add_policy_filter_controller.js
+++ /dev/null
@@ -1,23 +0,0 @@
-
-"use strict";
-
-angular.module('roger_federation.Workflows')
-  .controller('AddPolicyFilterController', ['$rootScope', '$scope', '$stateParams', '$modalInstance', '$log', '$cookieStore', 'growl', 'WorkflowTemplate', 'WorkflowService', 'OntologyService', 'JointPaper', addPolicyFilterController]);
-
-function addPolicyFilterController($rootScope, $scope, $stateParams, $modalInstance, $log, $cookieStore, growl, WorkflowTemplate, WorkflowService, OntologyService, JointPaper) {
-
-    $scope.initialize = function() {
-    };
-
-    $scope.submit = function() {
-
-    };
-
-    $scope.cancel = function() {
-      $modalInstance.dismiss('cancel');
-    };
-
-
-
-
-};
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/asset_services.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/asset_services.js
deleted file mode 100644
index 77fced2b..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/asset_services.js
+++ /dev/null
@@ -1,130 +0,0 @@
-
-'use strict';
-
-angular.module('roger_federation.Workflows')
-
-.factory('AssetService', function($http, ConfigService) {
-    var service = {};
-
-
-    /**
-     * Get Asset Filenames
-     *
-     * @return {Array}
-     */
-    service.getAssetFilenames = function() {
-	return $http.get(
-		ConfigService.getServerBaseUrlStr() + 'asset/filenames').then(
-			function(res) {
-			    return res.data;
-			}, function(reason) {
-			    throw reason;
-			});
-    };
-
-    /**
-     * Get Workflow Descriptors
-     *
-     * @return {Array}
-     */
-    service.getAssetFileDescriptors = function() {
-	return $http.get(
-		ConfigService.getServerBaseUrlStr() + 'asset/descriptors').then(
-			function(res) {
-			    return res.data;
-			}, function(reason) {
-			    throw reason;
-			});
-    };
-
-    /**
-     * Upload Asset
-     *
-     * @param {Object}
-     *                content
-     * @return {Boolean} true
-     */
-    service.uploadAssetFile = function(data) {
-	var fd = new FormData();
-	fd.append('name', data.name);
-	fd.append('description', data.description);
-	fd.append('creatorName', data.creatorName);
-	fd.append('fileName', data.fileName);
-	fd.append('contents', data.contents);
-
-	return $http({
-	    method: 'POST',
-	    url: ConfigService.getServerBaseUrlStr() + 'asset',
-	    data: fd,
-	    transformRequest: angular.identity,
-	    headers: {
-		'Content-Type': undefined
-	    }}).then(function(res) {
-		return res.headers('Location');
-	    }, function(reason) {
-		throw reason;
-	    });
-
-    };
-
-
-    /**
-     * Delete Asset File
-     *
-     * @param {Object}
-     *                filename
-     * @return {Array}
-     */
-    service.deleteAssetFile = function(filename) {
-	return $http.delete(
-		ConfigService.getServerBaseUrlStr() + 'asset/' + filename).then(
-			function(res) {
-			    return res;
-			}, function(reason) {
-			    throw reason;
-			});
-    };
-
-
-    /**
-     * Update Asset File
-     *
-     * @param {Object}
-     *                content
-     * @return {Array}
-     */
-    service.updateAssetFile = function(content) {
-	return $http({
-	    method: 'PUT',
-	    url: ConfigService.getServerBaseUrlStr() + 'asset' ,
-	    data: JSON.stringify(content),
-	    transformRequest: [],
-	    headers: {
-		'Content-Type': 'application/json'
-	    }}).then(function(res) {
-		return res.data;
-	    }, function(reason) {
-		throw reason;
-	    });
-    };
-
-    /**
-     * Get Asset File
-     *
-     * @param {Object}
-     *                assetFileId
-     * @return {Array}
-     */
-    service.getAssetFile = function(assetFileId) {
-	return $http.get(
-		ConfigService.getServerBaseUrlStr() + 'asset/' + assetFileId).then(
-			function(res) {
-			    return res.data;
-			}, function(reason) {
-			    throw reason;
-			});
-    };
-
-
-    return service;
-})
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/attribute_expression_editor_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/attribute_expression_editor_controller.js
deleted file mode 100644
index 5b85560d..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/attribute_expression_editor_controller.js
+++ /dev/null
@@ -1,481 +0,0 @@
-
-"use strict";
-
-angular.module('roger_federation.Workflows')
-.controller('AttributeExpressionEditorController',
-	[ '$scope', '$rootScope', '$state', '$stateParams', '$http', '$uibModalInstance', '$uibModal', '$log', '$timeout', 'growl', 'ConfigService', 'WorkflowTemplate', 'WorkflowGraphFactory', 'RoleProductSetService', 'RolService', 'WorkflowService', attributeExpressionEditorController]);
-
-function attributeExpressionEditorController($scope, $rootScope, $state, $stateParams, $http, $uibModalInstance, $uibModal, $log, $timeout, growl, ConfigService, WorkflowTemplate, WorkflowGraphFactory, RoleProductSetService, RolService, WorkflowService) {
-    $rootScope.$state = $state;
-    $rootScope.$stateParams = $stateParams;
-    
-    $scope.mode = $stateParams.mode;
-    $scope.workflowId = $stateParams.workflowId;
-
-    $scope.productData = [];
-    $scope.roleData = [];
-    
-    
-    var initOntologyNames = function() {
-        return $http.get(ConfigService.getServerBaseUrlStr() + 'ontology').then(
-		      function(res) {
-		        $scope.ontologies = res.data;
-		      },
-		      function(reason) {
-		        throw reason;
-		      }
-		);
-	};
-
-	// initialize role and ROL state
-    var initRolAndRole = function () {
-    	var roleSetData = WorkflowTemplate.getRoleSetData();
-        if (roleSetData === undefined) {
-          var rpSetId = WorkflowTemplate.getRoleProductSet();
-          if (rpSetId !== undefined) {
-            RoleProductSetService.getRoleProductSet(rpSetId).then(function(result) {
-              WorkflowTemplate.setRoleSetData(result.roles);
-              $scope.roleData = flattenRoleProductData(result.roles);
-            }, function() {
-              growl.error("Failed to acquire RoleProduct Set Data.");
-            });
-
-          } else {
-            growl.error("Role/Product Set is Unknown!");
-          }
-        } else {
-          $scope.roleData = flattenRoleProductData(roleSetData);
-
-          $scope.productData = WorkflowTemplate.getProductSetData();
-          
-          $scope.graphItemId = $stateParams.graphItemId;
-          
-          $log.debug('graphItemId: ' + $scope.graphItemId);
-  
-          WorkflowService.getWorkflowGraphItem($scope.graphItemId).then(function(graphItem) {
-        		$log.debug('graph item');
-        		$log.debug(JSON.stringify(graphItem));
-        		
-        		$scope.graphItem = graphItem;
-        		
-        		$scope.itemId = graphItem.item.id;
-        		
-        		$scope.roleName = graphItem.item.name;
-
-        		$scope.roleUri = graphItem.item.uri;
-        		
-        		$scope.ontologyName = graphItem.item.ontology.name;
-        		
-        		if (graphItem.rolExpressions.length > 0) {
-        			$scope.rolStatement = graphItem.rolExpressions[0].statements;
-        		} else {
-        			$scope.rolStatement = '';
-        		}
-        		
-        		$log.debug('loaded rol statement: ' + $scope.rolStatement);
-        		
-        		$log.debug('about to parse rol statement: ' + $scope.rolStatement);
-            	
-            	// get this from the role, later
-              	var program = RolService.parse($scope.rolStatement);
-
-              	$log.debug('rol parse complete. program:');
-              	$log.debug(program);
-              	
-              	var treeData = rolTreeToObject(program);
-              	
-              	$scope.data = treeData;
-              	
-              	$log.debug('treeData');
-              	$log.debug(treeData);
-        		
-        	});
-        }
-    };
-    
-    var flattenRoleProductData = function(rpData) {
-    	var flatDataArray = [];
-    	for(var i = 0; i < rpData.length; i++) {
-    		flatDataArray.push({item: rpData[i].item});
-    		flatDataArray = flatDataArray.concat(flattenRoleProductData(rpData[i].children));
-    	}
-    	
-    	return flatDataArray;
-    }
-
-    var initProductData = function () {
-    	var productSetData = WorkflowTemplate.getProductSetData();
-        if (productSetData === undefined) {
-          var apSetId = WorkflowTemplate.getRoleProductSet();
-          if (apSetId !== undefined) {
-            RoleProductSetService.getRoleProductSet(apSetId).then(function(result) {
-              WorkflowTemplate.setProductSetData(result.products);
-              $scope.productData = flattenRoleProductData(result.products);
-            }, function(result) {
-              growl.error("Failed to acquire role-product set. Error: " + result.data.error);
-            });
-
-          } else {
-            growl.error("Role/Product Set is Unknown!");
-          }
-        } else {
-          $scope.productData = flattenRoleProductData(productSetData);
-        }
-    };
-
-    $scope.initialize = function () {
-    	
-    	$log.debug('init attribute_expression_editor_controller');
-    	
-    	$log.debug('scope');
-    	$log.debug($scope);
-    	
-    	$log.debug('state');
-    	$log.debug($scope.$state);
-    	$log.debug('rootScope');
-    	$log.debug($rootScope);
-
-    	$log.debug('stateParams');
-    	$log.debug($stateParams);
-
-    	initOntologyNames();
-    	initRolAndRole();
-    	initProductData();
-    };
-   
-    $scope.submit = function() {
-		$uibModalInstance.close('ok');
-    };
-    
-    $scope.cancel = function() {
-    	$uibModalInstance.dismiss('cancel');
-    };
-
-    // angular-ui-tree related
-    
-    // remove node
-    $scope.remove = function (scope) {
-    	scope.remove();
-    	updateRol();
-    };
-
-    $scope.toggle = function (scope) {
-    	scope.toggle();
-    };
-
-    $scope.moveLastToTheBeginning = function () {
-    	var a = $scope.data.pop();
-    	$scope.data.splice(0, 0, a);
-    };
-
-    // add node
-    $scope.newSubItem = function (scope) {
-    	var nodeData = scope.$modelValue;
-    	nodeData.nodes.push({
-    		type: 'attribute',
-    		key: null,
-    		value: null,
-    		nodes: []
-    	});
-    	
-    	updateRol();
-    };
-
-    $scope.collapseAll = function () {
-    	$scope.$broadcast('angular-ui-tree:collapse-all');
-    };
-
-    $scope.expandAll = function () {
-    	$scope.$broadcast('angular-ui-tree:expand-all');
-    };
-
-    // using a ROL parse tree visitor implementation, convert a parse tree to a JavaScript object tree for the UI
-    function rolTreeToObject(program) {
-
-    	var result = [{
-    		type : 'attribute',
-    		key : null,
-    		value : null,
-    		nodes: []
-    	}];
-
-    	var rol = RolService.getRol();
-
-    	// invariant: currentNode always points to the node that will be either the logical op node, or the attribute node  
-    	var currentNode = result[0];
-
-    	// expression visitor implementation
-    	function ExpressionVisitor() {
-    		rol.RolVisitor.call(this);
-    	}
-
-    	ExpressionVisitor.prototype = Object.create(rol.RolVisitor.prototype);
-
-    	ExpressionVisitor.prototype.visitProgram = function(ctx) {
-    		console.log('visiting program');
-    		console.log(ctx);
-
-    		// visit each statement in the program
-    		ctx.children.forEach(function(child) {
-    			// call parent object vist, to generic visit children
-    			ExpressionVisitor.prototype.visit(child);
-    		});
-    	};
-
-    	ExpressionVisitor.prototype.visitAssertion = function(ctx) {
-    		console.log('visiting assertion');
-    		console.log(ctx);
-
-    		// recursive case (parenthetical expression)
-
-    		// 'match attribute' assertion case (leaf)
-    		if (ctx.children !== null && ctx.children.length === 2) {
-    			var assertionType = ctx.children[0].symbol.text;
-    			$log.debug('assertionType: ' + assertionType);
-
-    			// only process "match attribute" assertions without siblings (no logops, just one attribute assertion)
-    			if (assertionType === 'match attribute') {
-    				// visit the parameter
-    				ExpressionVisitor.prototype.visit(ctx.children[1]);
-    			} 
-    			
-    			// TODO: parentheses logic can go here
-//  			else if (assertionType === '(') {
-//  			currentNode.type = 'parentheses';
-//  			$log.debug('parentheses case');
-//  			// save parent ref
-//  			var logopNode = currentNode;
-//  			// create a node for each node in the parenthetical expression
-//  			// create left child
-//  			currentNode = makeAttributeNode();
-//  			logopNode.nodes.push(currentNode);
-//  			// left sibling of logop node
-//  			ExpressionVisitor.prototype.visit(ctx.parentCtx.children[0]);
-//  			// create right child
-//  			currentNode = makeAttributeNode();
-//  			logopNode.nodes.push(currentNode);
-//  			// right sibling of logop node
-//  			ExpressionVisitor.prototype.visit(ctx.parentCtx.children[2]);
-//  			$log.debug('processing binary op' + op);
-//  			break;
-//  			}
-    		}
-
-    		// do something with the assertion so that it can be rendered
-    	};
-
-    	ExpressionVisitor.prototype.visitLogop = function(ctx) {
-    		console.log('visiting logop');
-    		console.log(ctx);
-    		
-    		console.log('tree:');
-    		$log.debug(JSON.stringify(result));
-
-    		var op = ctx.children[0].symbol.text;
-    		$log.debug('op: ' + op);
-
-    		switch(op) {
-
-    		// binary ops
-    		case 'or':
-    		case 'and':
-    			
-    			var left = shallowCopyNode(currentNode);
-    			
-    			// save parent ref
-    			var logopNode = currentNode;
-    			
-    			logopNode.type = op;
-    			logopNode.key = null;
-    			logopNode.value = null;
-    			logopNode.nodes = [];
-    			
-    			logopNode.nodes.push(left);
-
-    			// create right child
-    			var right = makeAttributeNode();
-    			logopNode.nodes.push(right);
-    			
-    			// TODO: check this - should the current be the sibling of the logop node now instead?
-    			currentNode = right;
-    			
-    			// right sibling of logop node
-    			ExpressionVisitor.prototype.visit(ctx.parentCtx.children[2]);
-
-    			$log.debug('processing binary op' + op);
-    			break;
-
-    			// unary op
-    		case 'not':
-    			
-    			// TODO: revisit this logic
-    			// create child
-    			currentNode = makeAttributeNode();
-    			logopNode.nodes.push(currentNode);
-    			// right sibling of logop node
-    			ExpressionVisitor.prototype.visit(ctx.parentCtx.children[1]);
-
-    			$log.debug('processing unary op not');
-    			break;
-    		default:
-    			// unsupported op type
-    			$log.debug('operator ' + op + ' not supported in ROL visitor');
-    		}
-    	};
-
-    	ExpressionVisitor.prototype.visitAssertions = function(ctx) {
-    		console.log('visiting assertions');
-    		console.log(ctx);
-    		
-    		// visit all children
-    		ctx.children.forEach(function(child) {
-    				ExpressionVisitor.prototype.visit(child);
-    		});
-    	};
-
-    	ExpressionVisitor.prototype.visitStatement = function(ctx) {
-    		console.log('visiting statement');
-
-    		// visit all children
-    		ctx.children.forEach(function(child) {
-    			ExpressionVisitor.prototype.visit(child);
-    		});
-    	};
-
-    	ExpressionVisitor.prototype.visitParameter = function(ctx) {
-    		$log.debug("visit parameter")
-    		$log.debug(ctx);
-
-    		if (currentNode.type === 'attribute' && ctx.children.length === 3) {
-    			$log.debug('param type');
-
-    			var key = ctx.children[0].symbol.text;
-
-    			// try to parse as JSON, to unescape and remove quotes. This works because the IDENT and STRING productions in ROL are compatible with JSON.
-    			try {
-    				key = JSON.parse(key);
-    			} catch (e) { }
-
-    			$log.debug('key: ' + key);
-
-    			var value = ctx.children[2].children[0].symbol.text;
-
-    			try {
-    				value = JSON.parse(value);
-    			} catch (e) { }
-
-    			$log.debug('value: ' + value);
-
-    			currentNode.key = key;
-    			currentNode.value = value;
-    		}
-    	};
-
-    	var ev = new ExpressionVisitor();
-
-    	// execute the visitor, updating the UI tree progressively
-    	ev.visitProgram(program);
-
-    	console.log('ev in controller');
-    	console.log(ev);
-
-    	return result;
-    };
-
-    function makeAttributeNode(key, value) {
-    	return {
-    		type: 'attribute',
-    		key: key,
-    		value: value,
-    		nodes: []
-    	}
-    };
-    
-    function shallowCopyNode(node) {
-    	return {
-    		type: node.type,
-    		key: node.key,
-    		value: node.value,
-    		nodes: []
-    	}
-    }
-
-    function treeToRol(uiTree) {
-    	var rol = 'assign role ' + JSON.stringify($scope.roleUri) + ' ';
-
-    	// iterate and recurse through top-level array
-    	uiTree.forEach(function(node) {
-    		rol += treeNodeToRol(node, '');
-    		rol += ' ';  
-    	});
-
-    	return rol + ' {};';
-    }
-
-    function treeNodeToRol(node, rol) {
-    	switch(node.type) {
-    	// base case
-    	case 'attribute':
-    		rol += 'match attribute ' + node.key + ' : ' + JSON.stringify(node.value);
-    		break;
-    		// recursive cases
-    	case 'and':
-    	case 'or':
-    		// must have minimum operand count. If invalid, stop.
-    		if (node.nodes.length > 1) {
-
-    			// recurse left
-    			rol += treeNodeToRol(node.nodes[0], '') + ' ';
-    			
-    			// operation
-    			rol += node.type + ' ';
-
-    			// recurse right
-    			rol += treeNodeToRol(node.nodes[1], '') + ' ';
-    		}
-    		break;
-    	case 'not':
-    		if (node.nodes.length > 0) {
-    			// operation
-    			rol += ' node.type ';
-
-    			// recurse right
-    			rol += treeNodeToRol(node.nodes[0], '') + ' ';
-    			// recurse right
-    		}
-    		break;
-    	default:
-    		// unsupported operation
-    		$log.debug('unsupported node type ' + node.type);
-    	}
-
-    	return rol;
-    } 
-    
-    // regenerate ROL from tree and save to server
-    // this could be optimized by only regenerating changed subtrees
-    var updateRol = function() {
-    	var rol = treeToRol($scope.data)
-    	$log.debug('rol after tree change');
-    	$log.debug(rol);
-    	
-    	// Set new ROL on graph item
-    	$scope.graphItem.rolExpressions[0] = rol;
-    	
-    	var gi = $scope.graphItem;
-    	
-    	// replace item with its id, backend expects this
-		gi.item = $scope.itemId;
-		var giJson = JSON.stringify(gi);
-		$log.debug("graph item json to save: " + giJson);
-    	// save to server
-    	WorkflowService.updateWorkflowGraphItem($scope.graphItemId, giJson);
-    	
-    	$log.debug('graph item saved');
-    }
-    
-    $scope.updateRol = updateRol;
-};
-
-
-
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/connections_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/connections_controller.js
index d29981a6..e201aac4 100644
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/connections_controller.js
+++ b/src/federation-hub-ui/src/main/webapp/modules/workflows/connections_controller.js
@@ -13,15 +13,35 @@ function connectionsController($rootScope, $scope, $http, $stateParams, $modalIn
     $scope.filteredActiveConnections = [];
     $scope.selectedCa = $rootScope.selectedCa ? $rootScope.selectedCa : 'All';
     $scope.knownCas = [];
+    $scope.flows = [];
     var cellView;
 
     pollActiveConnections()
     getCaGroups();
+    pollDataFlows();
 
     function filterActiveConnections() {
         let connections = []
         $scope.activeConnections.forEach(activeConnection => {
             activeConnection.groupIdentitiesSet = new Set(activeConnection.groupIdentities)
+            activeConnection["bRead"] = 0
+            activeConnection["reads"] = 0
+            activeConnection["bWritten"] = 0
+            activeConnection["writes"] = 0
+            if($scope.flows != []){
+                var _flows = $scope.flows;
+                for(var flow of _flows){
+                    console.log(activeConnection.connectionId);
+                    console.log(flow["targetId"]);
+                    if(flow["sourceId"] == activeConnection.connectionId){
+                        activeConnection["bWritten"] = activeConnection["bWritten"] + flow["bytesWritten"]
+                        activeConnection["writes"] = activeConnection["writes"] + flow["messagesWritten"]
+                        activeConnection["bRead"] = activeConnection["bRead"] + flow["bytesRead"]
+                        activeConnection["reads"] = activeConnection["reads"] + flow["messagesRead"]
+                    }
+                }
+            }
+
             if ($scope.selectedCa === 'All') {
                 connections.push(activeConnection)
             } else {
@@ -32,6 +52,13 @@ function connectionsController($rootScope, $scope, $http, $stateParams, $modalIn
         $scope.filteredActiveConnections = connections
     }
 
+    function pollDataFlows() {
+        WorkflowService.getDataFlowStats().then(function(dataFlows) {
+            $scope.flows = dataFlows.channelInfos;
+          });
+        $timeout(pollDataFlows, 2000);
+    }
+
     function pollActiveConnections() {
         WorkflowService.getActiveConnections().then(function(activeConnections) {
             $scope.activeConnections = activeConnections
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/display_tc_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/display_tc_controller.js
deleted file mode 100644
index 07c73dfb..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/display_tc_controller.js
+++ /dev/null
@@ -1,25 +0,0 @@
-
-"use strict";
-
-angular.module('roger_federation.Workflows')
-  .controller('TemplateContainerController', ['$scope', '$state', '$stateParams', 'FileSaver', 'Blob', '$log', '$uibModalInstance', 'data', loadTemplateController]);
-
-function loadTemplateController($scope, $state, $stateParams, FileSaver, Blob, $log, $uibModalInstance, data) {
-
-  $scope.jsonData = {};
-  $scope.filename = 'template_container.json';
-  
-  $scope.initialize = function() {
-    if (data !== undefined) {
-  	  $scope.jsonData = data;
-    } else {
-      $scope.jsonData = "{error: 'undefined'}";
-    }
-  };
-
-  $scope.download = function() {
-	  var data = new Blob([JSON.stringify($scope.jsonData)], {type: 'text/json:charset=utf-8'});
-	  FileSaver.saveAs(data, 'template_container.json');
-	  $uibModalInstance.close('ok');
-  };  
-}
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/edit_attributes_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/edit_attributes_controller.js
deleted file mode 100644
index af101526..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/edit_attributes_controller.js
+++ /dev/null
@@ -1,18 +0,0 @@
-
-"use strict";
-
-angular.module('fed')
-  .controller('EditAttributesController', function($scope, $modalInstance, $log, growl, attributes) {
-
-    $scope.initialize = function() {
-      $scope.attributes = attributes;
-    };
-
-    $scope.submit = function() {
-      $modalInstance.close('ok');
-    };
-
-    $scope.cancel = function() {
-      $modalInstance.dismiss('cancel');
-    };
-  });
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/home_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/home_controller.js
new file mode 100644
index 00000000..68d20454
--- /dev/null
+++ b/src/federation-hub-ui/src/main/webapp/modules/workflows/home_controller.js
@@ -0,0 +1,42 @@
+
+"use strict";
+
+angular.module('roger_federation.Workflows')
+  .controller('HomeController', ['$scope', '$state', '$stateParams', 'growl', 'WorkflowService', homeController]);
+
+function homeController($scope, $state, $stateParams, growl, WorkflowService) {
+  $scope.rowCollection = [];
+  $scope.displayedCollection = [];
+  $scope.itemsByPage = 15;
+  $scope.selectedRowId = -1;
+  $scope.mode = $stateParams.mode;
+  $scope.diagramType = $stateParams.diagramType;
+
+  var successFunc = function (workflowList) {
+    $scope.rowCollection = workflowList;
+    $scope.displayedCollection = [].concat($scope.rowCollection);
+    $scope.firstWF = workflowList[0]
+    var forwarded_already = localStorage.getItem("forwarded_dash");
+
+    if (forwarded_already != "true") {
+      if ($scope.firstWF == undefined) {
+        localStorage.setItem("forwarded_dash", true);
+        $state.go('federations-new');
+      }
+      else if ($scope.firstWF != undefined && $scope.firstWF.name != undefined) {
+        localStorage.setItem("forwarded_dash", true);
+        $state.go('workflows.editor', {
+          workflowId: $scope.firstWF.name
+        });
+      }
+    }
+  };
+
+  var failureFunc = function (result) {
+    growl.error("Failed getting workflow names. Error: " + result.data.error);
+    $scope.rowCollection.length = 0;
+    $scope.displayedCollection = [].concat($scope.rowCollection);
+  };
+
+  WorkflowService.getWorkflowDescriptors().then(successFunc, failureFunc);
+}
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/new_workflow_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/new_workflow_controller.js
index 8ed34c39..e56462a6 100644
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/new_workflow_controller.js
+++ b/src/federation-hub-ui/src/main/webapp/modules/workflows/new_workflow_controller.js
@@ -2,9 +2,9 @@
 "use strict";
 
 angular.module('roger_federation.Workflows')
-  .controller('NewWorkflowController', ['$scope', '$state', '$stateParams', '$modalInstance', '$log', 'growl', 'WorkflowService', 'AuthenticationService', newWorkflowController]);
+  .controller('NewWorkflowController', ['$scope', '$state', '$stateParams', '$modalInstance', '$log', 'growl', 'WorkflowService', newWorkflowController]);
 
-function newWorkflowController($scope, $state, $stateParams, $modalInstance, $log, growl, WorkflowService, AuthenticationService) {
+function newWorkflowController($scope, $state, $stateParams, $modalInstance, $log, growl, WorkflowService) {
   $scope.workflow = {
     name: '',
     version: '',
@@ -24,7 +24,7 @@ function newWorkflowController($scope, $state, $stateParams, $modalInstance, $lo
       version: $scope.workflow.version,
       type: $scope.workflow.type,
       description: $scope.workflow.description,
-      creatorName: AuthenticationService.getUserId(),
+      creatorName: '',
       diagramType:  $stateParams.diagramType,
       federationId: '',
       federationName: ''
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/select_asset_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/select_asset_controller.js
deleted file mode 100644
index ea37b192..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/select_asset_controller.js
+++ /dev/null
@@ -1,60 +0,0 @@
-
-"use strict";
-
-angular.module('roger_federation.Workflows')
-.controller('SelectAssetController',
-	[ '$scope', '$state', '$modalInstance', '$log', 'growl', 'AssetService', selectAssetController ]);
-
-function selectAssetController($scope, $state, $modalInstance, $log, growl, AssetService) {
-
-    $scope.rowCollection = [];
-    $scope.displayedCollection = [];
-    $scope.itemsByPage=15;
-    $scope.selectedRowId = -1;
-
-
-    $scope.initialize = function () {
-	AssetService.getAssetFilenames().then(function (AssetList) {
-	    $scope.rowCollection = AssetList;
-	    $scope.displayedCollection = [].concat($scope.rowCollection);
-	}, function(result) {
-	    growl.error("Failed getting asset filenames. Error: " + result.data.error);
-	    $scope.rowCollection.length = 0;
-	    $scope.displayedCollection = [].concat($scope.rowCollection);
-	});
-    };
-
-
-    //fires when table rows are selected
-    $scope.$watch('displayedCollection', function (row) {
-	$scope.selectedRowId = -1;
-	//get selected row
-	row.filter(function (r) {
-	    if (r.isSelected) {
-		$scope.selectedRowId = r.id;
-	    }
-	});
-    }, true);
-
-
-    $scope.submit = function () {
-
-	var selectedAssetArray = $scope.displayedCollection.filter(function( row ) {
-	  return row.id === $scope.selectedRowId;
-	});
-
-	var AssetFilename = selectedAssetArray[0];
-
-	$state.go('workflows.editor.instantiation', {workflowId : $state.params.workflowId });
-	$modalInstance.close(AssetFilename);
-	$scope.$close(true);
-    };
-
-    $scope.cancel = function () {
-	$state.go('workflows.editor', {workflowId : $state.params.workflowId });
-	$modalInstance.dismiss('cancel');
-    };
-}
-
-
-
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/select_product_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/select_product_controller.js
deleted file mode 100644
index c709b558..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/select_product_controller.js
+++ /dev/null
@@ -1,52 +0,0 @@
-
-"use strict";
-
-angular.module('roger_federation.Workflows')
-.controller('SelectProductController',
-	[ '$scope', '$modalInstance', '$log', 'growl', 'WorkflowTemplate', 'WorkflowGraphFactory', 'RoleProductSetService', selectProductController ]);
-
-function selectProductController($scope, $modalInstance, $log, growl, WorkflowTemplate, WorkflowGraphFactory, RoleProductSetService) {
-
-    $scope.treeOptions = {
-	    nodeChildren: "children",
-	    dirSelectable: true,
-	    multiSelection : false
-    };
-
-    $scope.selectedNode = undefined;
-    $scope.productData = [];
-
-    $scope.initialize = function () {
-    	var productSetData = WorkflowTemplate.getProductSetData();
-    	if (productSetData === undefined) {
-    	    var apSetId = WorkflowTemplate.getRoleProductSet();
-    	    if (apSetId !== undefined) {
-    		RoleProductSetService.getRoleProductSet(apSetId).then(function (result) {
-    		    WorkflowTemplate.setProductSetData(result.products);
-    		    $scope.productData = result.products;
-    		}, function(result) {
-    		    growl.error("Failed to acquire role-product set. Error: " + result.data.error);
-    		});
-
-    	    } else {
-    		growl.error("Role/Product Set is Unknown!");
-    	    }
-    	} else {
-    	    $scope.productData = productSetData;
-    	}
-    };
-
-
-    $scope.submit = function() {
-    RoleProductSetService.setLatestSelectedProduct($scope.selectedNode);
-    	
-	$modalInstance.dismiss('ok');
-    };
-
-
-    $scope.cancel = function() {
-	$modalInstance.dismiss('cancel');
-    };
-
-};
-
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/select_role_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/select_role_controller.js
deleted file mode 100644
index 3832a333..00000000
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/select_role_controller.js
+++ /dev/null
@@ -1,54 +0,0 @@
-
-"use strict";
-
-angular.module('roger_federation.Workflows')
-.controller('SelectRoleController',
-	[ '$scope', '$stateParams', '$modalInstance', '$log', 'growl', 'WorkflowTemplate', 'WorkflowGraphFactory', 'RoleProductSetService', selectRoleController ]);
-
-function selectRoleController($scope, $stateParams, $modalInstance, $log, growl, WorkflowTemplate, WorkflowGraphFactory, RoleProductSetService) {
-
-
-    $scope.treeOptions = {
-	    nodeChildren: "children",
-	    dirSelectable: true,
-	    multiSelection : false
-    };
-
-    $scope.selectedNode = undefined;
-    $scope.roleData = [];
-
-
-    $scope.initialize = function () {
-    	var roleSetData = WorkflowTemplate.getRoleSetData();
-    	if (roleSetData === undefined) {
-    	    var apSetId = WorkflowTemplate.getRoleProductSet();
-    	    if (apSetId !== undefined) {
-    		RoleProductSetService.getRoleProductSet(apSetId).then(function (result) {
-    		    WorkflowTemplate.setRoleSetData(result.roles);
-    		    $scope.roleData = result.roles;
-    		}, function() {
-    		    growl.error("Failed to acquire RoleProduct Set Data.");
-    		});
-
-    	    } else {
-    		growl.error("Role/Product Set is Unknown!");
-    	    }
-    	} else {
-    	    $scope.roleData = roleSetData;
-    	}
-    };
-
-    $scope.submit = function() {
-		RoleProductSetService.setLatestSelectedRole($scope.selectedNode);
-	
-		$modalInstance.close('ok');
-    };
-
-
-    $scope.cancel = function() {
-    	$modalInstance.dismiss('cancel');
-    };
-
-};
-
-
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/workflow_services.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/workflow_services.js
index dd95aed2..52d871de 100644
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/workflow_services.js
+++ b/src/federation-hub-ui/src/main/webapp/modules/workflows/workflow_services.js
@@ -633,6 +633,17 @@ angular.module('roger_federation.Workflows')
           });
   };
 
+  workflowService.getDataFlowStats = function() {
+    return $http.get(
+      ConfigService.getServerBaseUrlStrV2() + 'getBrokerMetrics/').then(
+        function(res) {
+            return res.data;
+        },
+        function(reason) {
+            throw reason;
+        });
+  };
+
   workflowService.deleteGroupCa = function(ca) {
       return $http.delete(
           ConfigService.getServerBaseUrlStrV2() + 'deleteGroupCa/' + ca).then(
diff --git a/src/federation-hub-ui/src/main/webapp/modules/workflows/workflows_controller.js b/src/federation-hub-ui/src/main/webapp/modules/workflows/workflows_controller.js
index afad52f6..36776b69 100644
--- a/src/federation-hub-ui/src/main/webapp/modules/workflows/workflows_controller.js
+++ b/src/federation-hub-ui/src/main/webapp/modules/workflows/workflows_controller.js
@@ -3,17 +3,123 @@
 'use strict';
 
 angular.module('roger_federation.Workflows')
-.controller('WorkflowsController', ['$scope', '$rootScope', '$window', '$state', '$stateParams', '$timeout', '$uibModal',
-  '$log', '$http', 'uuid4', 'growl', 'WorkflowService', 'OntologyService', 'JointPaper', 'SemanticsService', workflowsController
+.controller('WorkflowsController', ['$scope', '$rootScope', '$window', '$state', '$stateParams', '$interval', '$timeout', '$uibModal',
+  '$log', '$http', 'uuid4', 'growl', 'WorkflowService', 'OntologyService', 'JointPaper', workflowsController
   ]);
 
-function workflowsController($scope, $rootScope, $window, $state, $stateParams, $timeout, $uibModal, $log, $http, uuid4, growl, WorkflowService, OntologyService, JointPaper, SemanticsService) {
+function workflowsController($scope, $rootScope, $window, $state, $stateParams, $interval, $timeout, $uibModal, $log, $http, uuid4, growl, WorkflowService, OntologyService, JointPaper) {
   $scope.JointPaper = JointPaper;
   $scope.criticResults = [];
 
   $scope.data = "{users: 'Joe'}";
+  $state.fkdi = ""
+  $state.tids = {}
+  $state.cache = {}
+
+  function translateIds(){
+    if (JointPaper.paper &&  JointPaper.paper._views) {
+      var nodeKeys = Object.keys(JointPaper.paper._views);
+      for (var i = 0; i < nodeKeys.length; i++) {
+        let cellView = JointPaper.paper._views[nodeKeys[i]]
+        if (cellView.model.attributes.graphType === "GroupCell") {
+          if (cellView.model.attributes.roger_federation.name in $state.tids) {
+            continue;
+          }
+          else {
+            $state.tids[cellView.model.attributes.id] = cellView.model.attributes.roger_federation.name;
+          }
+        }
+      }
+    }
+  }
+
+  function getRandomInt(max) {
+    return Math.floor(Math.random() * max);
+  }
+
 
   pollActiveConnections()
+  $timeout(AnimateDataFlow, getRandomInt(5000))
+
+  function pollDataFlowStats(){
+     WorkflowService.getDataFlowStats().then(function(dataFlows) {
+        var timestamp = new Date().getTime();
+        translateIds();
+        animateDataFlows(dataFlows.channelInfos, timestamp)
+      }).catch(e => animateDataFlows([])) 
+  }
+
+  function findDataFlow(dataFlows, source, target){
+    var decodedSource = $state.tids[source];
+    var decodedTarget = $state.tids[target];
+    for(var flow of dataFlows){
+      if(flow["sourceCert"] == decodedSource && flow["targetCert"] == decodedTarget){
+        return flow;
+      }
+    }
+
+    return undefined;
+  }
+
+  function animateDataFlows(dataFlows, timestamp){
+    if(dataFlows == [])
+      return
+
+    if (JointPaper.paper &&  JointPaper.paper._views) {
+      var nodeKeys = Object.keys(JointPaper.paper._views);
+      for (var i = 0; i < nodeKeys.length; i++) {
+        let cellView = JointPaper.paper._views[nodeKeys[i]]
+
+        if (cellView.model.attributes.graphType === "EdgeCell") {
+          var thisFlow = findDataFlow(dataFlows, cellView.model.attributes.source.id, cellView.model.attributes.target.id);
+          var key = cellView.model.attributes.source.id + cellView.model.attributes.target.id;
+          var flow = 0;
+
+          if(key in $state.cache){
+            flow = thisFlow["messagesWritten"] - $state.cache[key];
+            $state.cache[key] = thisFlow["messagesWritten"];
+          }
+          else {
+            $state.cache[key] = thisFlow["messagesWritten"];
+          }
+          if(thisFlow != undefined){
+            drawFlow(flow, cellView)
+            cellView.update()
+          }
+        }
+      }
+    }
+  }
+
+  function drawFlow(flow, cellView){
+    if(flow > 0){
+      cellView.model.attributes.attrs['.connection']['stroke'] = 'green'
+      cellView.model.attributes.attrs['.connection']["stroke-dasharray"] = "4,4"
+      cellView.model.attributes.attrs['.marker-target']['fill'] = 'green'
+
+      if(flow < 3){
+        cellView.model.attributes.attrs['.connection']['stroke-width'] = 3
+      }
+      else if (flow > 6){
+        cellView.model.attributes.attrs['.connection']['stroke-width'] = 6
+      }
+      else {
+        cellView.model.attributes.attrs['.connection']['stroke-width'] = flow
+      }
+    }
+    else {
+      cellView.model.attributes.attrs['.connection']['stroke'] = 'DarkGray'
+      cellView.model.attributes.attrs['.connection']['stroke-width'] = 2
+      cellView.model.attributes.attrs['.marker-target']['fill'] = 'DarkGray'
+      cellView.model.attributes.attrs['.connection']["stroke-dasharray"] = ""
+    }
+  }
+
+  function AnimateDataFlow(){
+    if($state.fkdi == ""){
+      $state.fkdi = $interval(pollDataFlowStats, 5000);
+    }
+  }
 
   function pollActiveConnections() {
     WorkflowService.getActiveConnections().then(function(activeConnections) {
@@ -27,7 +133,6 @@ function workflowsController($scope, $rootScope, $window, $state, $stateParams,
   }
 
   function setNodeStatus(activeConnections) {
-    // console.log(JointPaper.paper)
     if (JointPaper.paper &&  JointPaper.paper._views) {
       var nodeKeys = Object.keys(JointPaper.paper._views);
       for (var i = 0; i < nodeKeys.length; i++) {
@@ -38,7 +143,6 @@ function workflowsController($scope, $rootScope, $window, $state, $stateParams,
           + cellView.model.attributes.roger_federation.host + ':' + cellView.model.attributes.roger_federation.port
           
           let foundConnection = undefined
-          
           activeConnections.forEach(activeConnection => {
             if (activeConnection.connectionId === cellView.model.attributes.roger_federation.name)
               foundConnection = activeConnection
diff --git a/src/federation-hub-ui/src/main/webapp/package.json b/src/federation-hub-ui/src/main/webapp/package.json
new file mode 100644
index 00000000..feb42762
--- /dev/null
+++ b/src/federation-hub-ui/src/main/webapp/package.json
@@ -0,0 +1,18 @@
+{
+  "name": "webapp",
+  "version": "1.0.0",
+  "description": "TakServer Fed Hub UI",
+  "main": "index.html",
+  "directories": {
+    "lib": "lib"
+  },
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "bbn",
+  "license": "ISC",
+  "dependencies": {
+    "express": "^4.18.2",
+	"http-proxy-middleware": "^2.0.6"
+  }
+}
diff --git a/src/federation-hub-ui/src/main/webapp/scripts/app.js b/src/federation-hub-ui/src/main/webapp/scripts/app.js
index 1ba5794e..3147de50 100644
--- a/src/federation-hub-ui/src/main/webapp/scripts/app.js
+++ b/src/federation-hub-ui/src/main/webapp/scripts/app.js
@@ -30,14 +30,9 @@ angular
         'smart-table',
         'treeControl',
         'ncy-angular-breadcrumb',
-        'roger_federation.Core',
         'roger_federation.Config',
-        'roger_federation.Authentication',
-        'roger_federation.Manage',
         'roger_federation.Workflows',
         'roger_federation.OntologyService',
-        'roger_federation.CommanderDashboard',
-        'roger_federation.Logout',
         'angular-growl',
         'uuid4',
         'ui.bootstrap.datetimepicker',
@@ -158,11 +153,10 @@ angular
 
     .config(['$stateProvider', 'modalStateProvider', '$urlRouterProvider', '$breadcrumbProvider',
         function($stateProvider, modalStateProvider, $urlRouterProvider, $breadcrumbProvider) {
-
             $breadcrumbProvider.setOptions({
                 prefixStateName: 'home'
             });
-
+            
             $stateProvider
             // Application States
                 .state('home', {
@@ -170,10 +164,8 @@ angular
                     ncyBreadcrumb: {
                         label: 'TAK Server Federation Hub'
                     },
-                    templateUrl: "views/dashboard/dashboard.html"
-//        data: {
-////          requireLogin: true
-//        }
+                    templateUrl: "views/dashboard/dashboard.html",
+                    controller: "HomeController"
                 })
                 .state('about', {
                     url: "/about",
@@ -181,30 +173,7 @@ angular
                         label: 'About'
                     },
                     templateUrl: "views/about.html"
-//        data: {
-//          requireLogin: true
-//        }
-                })
-                .state('help', {
-                    url: "/help",
-                    ncyBreadcrumb: {
-                        label: 'Help'
-                    },
-                    templateUrl: "views/help.html"
-//        data: {
-////          requireLogin: true
-//        }
-                })
-                .state('config', {
-                    url: "/config",
-                    ncyBreadcrumb: {
-                        label: 'Config'
-                    },
-                    templateUrl: "views/config/config.html",
-                    controller: 'ConfigController'
-//        data: {
-////          requireLogin: true
-//        }
+
                 })
                 // Template States
                 .state('workflows', {
@@ -212,9 +181,7 @@ angular
                     url: "/workflows",
                     templateUrl: "views/workflows/workflows.html",
                     controller: 'WorkflowsController'
-//        data: {
-//          requireLogin: true
-//        }
+
                 })
                 .state('workflows.editor', {
                     url: "/editor/{workflowId}",
@@ -224,125 +191,7 @@ angular
                     templateUrl: "views/workflows/workflow_editor.html",
                     controller: "WorkflowsController"
                 })
-                .state('workflows.roles', {
-                    url: "/roles",
-                    ncyBreadcrumb: {
-                        label: 'Workflow Roles'
-                    },
-                    templateUrl: "views/workflows/workflow_roles.html"
-                })
-                .state('workflows.subscriptions', {
-                    url: "/subscriptions",
-                    ncyBreadcrumb: {
-                        label: 'Workflow Subscriptions'
-                    },
-                    templateUrl: "views/workflows/workflow_subscriptions.html"
-                })
-
-                //    // Instances States
-                //    .state('instances', {
-                //        abstract: true,
-                //        url: "/instances",
-                //        templateUrl: "views/instance/instances.html",
-                //        controller: 'InstancesController',
-                //        data: {
-                //          requireLogin: true
-                //        }
-                //      })
-                //      .state('instances.editor', {
-                //        url: "/editor/{instanceId}",
-                //        ncyBreadcrumb: {
-                //          label: 'Instance Editor'
-                //        },
-                //        templateUrl: "views/instance/instance_editor.html",
-                //        controller: 'InstancesController'
-                //      })
-                //
-                //    // Workflow Sets States
-                //    .state('workflow-sets', {
-                //      abstract: true,
-                //      url: "/workflow-sets",
-                //      templateUrl: "views/workflow-sets/workflow_sets.html",
-                //      controller: 'WorkflowSetsController',
-                //      data: {
-                //        requireLogin: true
-                //      }
-                //    })
-                //
-                //    .state('workflow-sets.editor', {
-                //      url: "/editor/{workflowSetId}",
-                //      ncyBreadcrumb: {
-                //        label: 'Workflow Sets Editor'
-                //      },
-                //      templateUrl: "views/workflow-sets/workflow_sets_editor.html",
-                //      controller: 'WorkflowSetsController'
-                //    })
-                //
-                //    // Role Product Set States
-                //    .state('role-product-set', {
-                //      abstract: true,
-                //      url: "/role-product-set",
-                //      templateUrl: "views/role-product-sets/role_product_set.html",
-                //      controller: 'RoleProductSetController',
-                //      data: {
-                //        requireLogin: true
-                //      }
-                //    })
-                //
-                //    .state('role-product-set.editor', {
-                //      url: "/editor/{roleProductSetId}",
-                //      ncyBreadcrumb: {
-                //        label: 'Role Product Set Editor'
-                //      },
-                //      templateUrl: "views/role-product-sets/role_product_set_editor.html",
-                //      controller: 'RoleProductSetController'
-                //    })
-
-                //Commander Dashboard
-                .state('commander-dashboard', {
-                    abstract: true,
-                    url: "/commander-dashboard",
-                    templateUrl: "views/commander-dashboard/commander_dashboard.html",
-                    controller: 'CommanderDashboardController'
-//      data: {
-//        requireLogin: true
-//      }
-                })
-
-                .state('commander-dashboard.editor', {
-                    url: "/editor/{CommanderDashboardId}",
-                    ncyBreadcrumb: {
-                        label: 'Commander Dashboard'
-                    },
-                    templateUrl: "views/commander-dashboard/commander_dashboard.html",
-                    controller: 'CommanderDashboardController'
-                })
-
 
-                // Manage States
-                .state('manage', {
-                    abstract: true,
-                    url: "/manage",
-                    templateUrl: "views/manage/manage.html",
-                    controller: 'ManageController'
-//        data: {
-//          requireLogin: true
-//        }
-                })
-                //      .state('manage.role-sets', {
-                //        url: "/role-sets",
-                //        ncyBreadcrumb: {
-                //          label: 'Manage Role/Product Sets'
-                //        },
-                //        templateUrl: "views/manage/manage_role_sets.html"
-                //      })
-                //      .state('manage.diagrams', {
-                //        url: "/workflows",
-                //        ncyBreadcrumb: {
-                //          label: 'Manage Diagrams'
-                //        },
-                //        templateUrl: "views/manage/manage_workflows.html"
-                //      })
                 .state('manage.federations', {
                     url: "/federations",
                     ncyBreadcrumb: {
@@ -350,62 +199,6 @@ angular
                     },
                     templateUrl: "views/manage/manage_federations.html"
                 })
-                //      .state('manage.workflow-sets', {
-                //        url: "/workflow-sets",
-                //        ncyBreadcrumb: {
-                //          label: 'Manage Workflow Linkage Files'
-                //        },
-                //        templateUrl: "views/manage/manage_workflow_sets.html"
-                //      })
-                //      .state('manage.instances', {
-                //        url: "/instances",
-                //        ncyBreadcrumb: {
-                //          label: 'Manage Instances'
-                //        },
-                //        templateUrl: "views/manage/manage_instances.html"
-                //      })
-                //      .state('manage.assets', {
-                //        url: "/assets",
-                //        ncyBreadcrumb: {
-                //          label: 'Manage Assets'
-                //        },
-                //        templateUrl: "views/manage/manage_assets.html"
-                //      })
-                //      .state('manage.assets.upload', {
-                //        url: "/assets/upload",
-                //        data: {
-                //          requireLogin: true
-                //        },
-                //        onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-                //          var modalInstance = $uibModal.open({
-                //            templateUrl: "views/assets/upload_asset_file.html",
-                //            controller: 'ManageController'
-                //          });
-                //
-                //          modalInstance.result.then(function() {
-                //            $state.go('manage.assets');
-                //          }, function() {
-                //            $state.go('manage.assets');
-                //          });
-                //        }]
-                //
-                //      })
-                //      .state('manage.defaults', {
-                //        url: "/defaults",
-                //        ncyBreadcrumb: {
-                //          label: 'Manage Defaults'
-                //        },
-                //        templateUrl: "views/manage/manage_defaults.html"
-                //      })
-                // Monitor States
-                .state('monitor', {
-                    abstract: true,
-                    url: "/monitor",
-                    template: '<ui-view>'
-//        data: {
-//          requireLogin: true
-//        }
-                })
 
                 // New Workflow
                 .state('diagrams-new', {
@@ -415,9 +208,7 @@ angular
                             value: "Workflow"
                         }
                     },
-//      data: {
-//        requireLogin: true
-//      },
+
                     onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
                         var modalInstance = $uibModal.open({
                             backdrop: 'static',
@@ -437,9 +228,7 @@ angular
                 // Load Workflow
                 .state('diagrams-load', {
                     url: '/load_workflow',
-//      data: {
-//        requireLogin: true
-//      },
+
                     onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
                         var modalInstance = $uibModal.open({
                             backdrop: 'static',
@@ -472,9 +261,7 @@ angular
                             value: "Federation"
                         }
                     },
-//      data: {
-//        requireLogin: true
-//      },
+
                     onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
                         var modalInstance = $uibModal.open({
                             backdrop: 'static',
@@ -494,9 +281,7 @@ angular
                 // Load Federation
                 .state('federations-load', {
                     url: '/load_federation',
-//      data: {
-//        requireLogin: true
-//      },
+
                     onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
                         var modalInstance = $uibModal.open({
                             backdrop: 'static',
@@ -529,9 +314,7 @@ angular
                             value: false
                         }
                     },
-//      data: {
-//        requireLogin: true
-//      },
+
                     onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
                         var modalInstance = $uibModal.open({
                             backdrop: 'static',
@@ -548,365 +331,11 @@ angular
                     }]
                 })
 
-                // New Instance
-                .state('instances-new', {
-                    url: '/new_instance',
-//      data: {
-//        requireLogin: true
-//      },
-                    onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-                        var modalInstance = $uibModal.open({
-                            backdrop: 'static',
-                            keyboard: false,
-                            templateUrl: "views/instance/new_instance.html",
-                            controller: "NewInstanceController"
-                        });
-
-                        modalInstance.result.then(function() {
-
-                        }, function() {
-                            $state.go('home');
-                        });
-                    }]
-                })
-
-                // Load Instance
-                .state('instances-load', {
-                    url: '/load_instance',
-//      data: {
-//        requireLogin: true
-//      },
-                    onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-                        var modalInstance = $uibModal.open({
-                            backdrop: 'static',
-                            keyboard: false,
-                            templateUrl: "views/instance/load_instance.html",
-                            controller: 'LoadInstanceController',
-                            size: 'lg'
-                        });
-                        modalInstance.result.then(function() {
-
-                        }, function() {
-                            $state.go('home');
-                        });
-                    }]
-                })
-//
-//    // New Instance From Inside Editor
-//    .state('instances.editor.instances-new', {
-//      url: '/new_instance',
-//      data: {
-//        requireLogin: true
-//      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          backdrop: 'static',
-//          keyboard: false,
-//          templateUrl: "views/instance/new_instance.html",
-//          controller: "NewInstanceController"
-//        });
-//
-//        modalInstance.result.then(function() {
-//
-//        }, function() {
-//          $state.go('^');
-//        });
-//      }]
-//    })
-//
-//    // Load Instance From Inside Editor
-//    .state('instaces.editor.instances-load', {
-//      url: '/load_instance',
-//      data: {
-//        requireLogin: true
-//      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          backdrop: 'static',
-//          keyboard: false,
-//          templateUrl: "views/instance/load_instance.html",
-//          controller: 'LoadInstanceController',
-//          size: 'lg'
-//        });
-//        modalInstance.result.then(function() {
-//
-//        }, function() {
-//          $state.go('^');
-//        });
-//      }]
-//    })
-//
-//
-//    // New Workflow Sets
-//    .state('workflow-sets-new', {
-//      url: '/new_workflow_Linkage',
-//      data: {
-//        requireLogin: true
-//      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          backdrop: 'static',
-//          keyboard: false,
-//          templateUrl: "views/workflow-sets/new_workflow_sets.html",
-//          controller: "NewWorkflowSetsController"
-//        });
-//
-//        modalInstance.result.then(function() {
-//
-//        }, function() {
-//          $state.go('home');
-//        });
-//      }]
-//    })
-//
-//    // Load Workflow Sets
-//    .state('workflow-sets-load', {
-//      url: '/load_workflow_sets',
-//      data: {
-//        requireLogin: true
-//      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          templateUrl: "views/workflow-sets/load_workflow_sets.html",
-//          controller: 'LoadWorkflowSetsController',
-//          backdrop: 'static',
-//          keyboard: false,
-//          size: 'lg'
-//        });
-//        modalInstance.result.then(function() {
-//
-//        }, function() {
-//          $state.go('home');
-//        });
-//      }]
-//    })
-//
-//    // New Workflow Sets From Inside Editor
-//    .state('workflow-sets.editor.workflow-sets-new', {
-//      url: '/new_workflow_Linkage',
-//      data: {
-//        requireLogin: true
-//      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          backdrop: 'static',
-//          keyboard: false,
-//          templateUrl: "views/workflow-sets/new_workflow_sets.html",
-//          controller: "NewWorkflowSetsController"
-//        });
-//
-//        modalInstance.result.then(function() {
-//
-//        }, function() {
-//          $state.go('^');
-//        });
-//      }]
-//    })
-//
-//    // Load Workflow Sets From Inside Editor
-//    .state('workflow-sets.editor.workflow-sets-load', {
-//      url: '/load_workflow_sets',
-//      data: {
-//        requireLogin: true
-//      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          templateUrl: "views/workflow-sets/load_workflow_sets.html",
-//          controller: 'LoadWorkflowSetsController',
-//          backdrop: 'static',
-//          keyboard: false,
-//          size: 'lg'
-//        });
-//        modalInstance.result.then(function() {
-//
-//        }, function() {
-//          $state.go('^');
-//        });
-//      }]
-//    })
-//
-//
-//    // New Role-Product Sets
-//    .state('role-product-set-new', {
-//      url: '/new_role_product_set',
-//      data: {
-//        requireLogin: true
-//      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          backdrop: 'static',
-//          keyboard: false,
-//          templateUrl: "views/role-product-sets/new_role_product_set.html",
-//          controller: "NewRoleProductSetController"
-//        });
-//
-//        modalInstance.result.then(function() {
-//
-//        }, function() {
-//          $state.go('home');
-//        });
-//      }]
-//    })
-//
-//    // Load Role-Product Sets
-//    .state('role-product-set-load', {
-//      url: '/load_role_product_set',
-//      data: {
-//        requireLogin: true
-//      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          templateUrl: "views/role-product-sets/load_role_product_set.html",
-//          controller: 'LoadRoleProductSetsController',
-//          backdrop: 'static',
-//          keyboard: false,
-//          size: 'lg'
-//        });
-//        modalInstance.result.then(function() {
-//
-//        }, function() {
-//          $state.go('home');
-//        });
-//      }]
-//    })
-//
-//
-//    // New Role-Product Sets From Inside Editor
-//    .state('role-product-set.editor.role-product-set-new', {
-//      url: '/new_role_product_set',
-//      data: {
-//        requireLogin: true
-//      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          backdrop: 'static',
-//          keyboard: false,
-//          templateUrl: "views/role-product-sets/new_role_product_set.html",
-//          controller: "NewRoleProductSetController"
-//        });
-//
-//        modalInstance.result.then(function() {
-//
-//        }, function() {
-//          $state.go('^');
-//        });
-//      }]
-//    })
-//
-//    // Load Role-Product Sets From Inside Editor
-//    .state('role-product-set.editor.role-product-set-load', {
-//      url: '/load_role_product_set',
-//      data: {
-//        requireLogin: true
-//      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          templateUrl: "views/role-product-sets/load_role_product_set.html",
-//          controller: 'LoadRoleProductSetsController',
-//          backdrop: 'static',
-//          keyboard: false,
-//          size: 'lg'
-//        });
-//        modalInstance.result.then(function() {
-//
-//        }, function() {
-//          $state.go('^');
-//        });
-//      }]
-//    })
-
-
-            // Select Asset File
-            /*
-               .state('workflows.editor.instantiate', {
-             url: '/instantiate',
-
-             onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-                 var modalInstance = $uibModal.open({
-               templateUrl: "views/select_asset_file.html",
-               controller: 'SelectAssetController',
-               size : 'lg'});
-                 modalInstance.result.then(function() {
-
-                 }, function () {
-               $state.go('workflows.editor', { workflowId: $stateParams.workflowId } );
-                 });
-             }]
-               })
-             */
-//    .state('login', {
-//      url: '/login',
-////      data: {
-////        requireLogin: false
-////      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          backdrop: 'static',
-//          keyboard: false,
-//          templateUrl: 'views/authentication/login.html',
-//          controller: 'AuthenticationController',
-//          size: 'sm'
-//        });
-//        modalInstance.result.then(function() {
-//          $state.go('home');
-//        }, function() {
-//          $state.go('login');
-//        });
-//      }]
-//    })
-//
-//    .state('logout', {
-//      url: '/logout',
-////      data: {
-////        requireLogin: false
-////      },
-//      onEnter: ['$stateParams', '$state', '$log', '$uibModal', function($stateParams, $state, $log, $uibModal) {
-//        var modalInstance = $uibModal.open({
-//          backdrop: 'static',
-//          keyboard: false,
-//          templateUrl: 'views/authentication/logout.html',
-//          controller: 'LogoutController',
-//          size: 'sm'
-//        });
-//        modalInstance.result.then(function() {
-//          $state.go('login');
-//        }, function() {
-//          $state.go('home');
-//        });
-//      }]
-//    });
-
-
             // Send to login if the URL was not found
             //$urlRouterProvider.otherwise("/login");
             $urlRouterProvider.otherwise("home");
 
             // Workflow Modal Choosers
-            modalStateProvider.state('workflows.editor.selectRole', {
-                backdrop: 'static',
-                keyboard: false,
-                url: '/selectRole',
-                templateUrl: "views/workflows/select_role.html",
-                controller: 'SelectRoleController'
-            });
-
-            modalStateProvider.state('workflows.editor.selectProduct', {
-                backdrop: 'static',
-                keyboard: false,
-                url: '/selectProduct',
-                templateUrl: "views/workflows/select_product.html",
-                controller: 'SelectProductController'
-            });
-
-            modalStateProvider.state('workflows.editor.addRoleProduct', {
-                backdrop: 'static',
-                keyboard: false,
-                size: 'xxl',
-                url: '/addRoleProduct/{roleProductSetId}',
-                templateUrl: "views/workflows/add_role_product.html",
-                controller: 'AddRoleProductController'
-            });
-
             modalStateProvider.state('workflows.editor.addBPMNFederate', {
                 backdrop: 'static',
                 keyboard: false,
@@ -960,132 +389,6 @@ angular
                 templateUrl: "views/workflows/add_bpmn_federate_policy.html",
                 controller: 'AddBpmnFederatePolicyController'
             });
-
-            modalStateProvider.state('workflows.editor.addBPMNFederatePolicy.addPolicyFilter', {
-                backdrop: 'static',
-                keyboard: false,
-                size: 'md',
-                url: '/addPolicyFilter',
-                templateUrl: "views/workflows/add_policy_filter.html",
-                controller: 'AddPolicyFilterController'
-            });
-
-            modalStateProvider.state('workflows.editor.addOntologyElement', {
-                backdrop: 'static',
-                keyboard: false,
-                size: 'xl',
-                url: '/addOntologyElement',
-                templateUrl: "views/workflows/add_ontology_element.html",
-                controller: 'AddOntologyElementController'
-            });
-
-            modalStateProvider.state('workflows.editor.rpset', {
-                // backdrop : 'static',
-                keyboard: false,
-                size: 'xxl',
-                // url: "/rpset/{roleProductSetId}/dataset/{initialDataSet}",
-                url: "/rpset/{roleProductSetId}/dataset/{initialDataSet}/class/{initialClass}",
-                //ncyBreadcrumb: {label: 'Role Product Set Editor'},
-                templateUrl: "views/role-product-sets/role_product_set_editor.html",
-                controller: 'RoleProductSetController'
-            });
-
-            modalStateProvider.state('workflows.editor.addBPMNSubProcess', {
-                backdrop: 'static',
-                keyboard: false,
-                url: '/addBPMNSubProcess',
-                size: 'lg',
-                templateUrl: "views/workflows/add_bpmn_subprocess.html",
-                controller: 'AddBPMNSubProcessController'
-            });
-
-            modalStateProvider.state('workflows.editor.addBPMNTransition', {
-                backdrop: 'static',
-                keyboard: false,
-                url: '/addTransition',
-                templateUrl: "views/workflows/add_bpmn_transition.html",
-                controller: 'AddBPMNTransitionController'
-            });
-
-            modalStateProvider.state('workflows.editor.addSparqlQuery', {
-                backdrop: 'static',
-                params: {
-                    mode: {
-                        value: "new_request",
-                        squash: false
-                    },
-                    roleProductSetId: {
-                        value: ""
-                    }
-                },
-                keyboard: false,
-                url: '/addSparqlQuery?mode&roleProductSetId',
-                templateUrl: "views/workflows/add_sparql_query.html",
-                controller: 'AddSparqlQueryController'
-            });
-
-            modalStateProvider.state('workflows.editor.lifecycleCommand', {
-                backdrop: 'static',
-                keyboard: false,
-                url: '/lifecycleCommand/{lifecycleEventId:int}',
-                templateUrl: "views/workflows/lifecycle_command.html",
-                controller: 'LifecycleCommandController'
-            });
-
-//    // Workflow Sets Modal Choosers
-//    modalStateProvider.state('workflow-sets.editor.addWorkflow', {
-//      backdrop: 'static',
-//      keyboard: false,
-//      url: '/addWorkflow',
-//      templateUrl: "views/workflow-sets/add_workflow.html",
-//      controller: 'AddWorkflowController'
-//    });
-//
-//    modalStateProvider.state('workflow-sets.editor.addWorkflowSet', {
-//      backdrop: 'static',
-//      keyboard: false,
-//      url: '/addWorkflowSet',
-//      templateUrl: "views/workflow-sets/add_workflow_set.html",
-//      controller: 'AddWorkflowSetController'
-//    });
-//
-//    modalStateProvider.state('workflow-sets.editor.addTransition', {
-//      backdrop: 'static',
-//      keyboard: false,
-//      url: '/addTransition/{sourceId:int}/{targetId:int}',
-//      templateUrl: "views/workflow-sets/add_workflow_transition.html",
-//      controller: 'AddWorkflowTransitionController'
-//    });
-//
-//    modalStateProvider.state('workflow-sets.editor.modifyTransition', {
-//      backdrop: 'static',
-//      keyboard: false,
-//      url: '/modifyTransition/{transitionId:int}',
-//      templateUrl: "views/workflow-sets/add_workflow_transition.html",
-//      controller: 'AddWorkflowTransitionController'
-//    });
-//
-//    modalStateProvider.state('workflow-sets.editor.lifecycleEvents', {
-//      backdrop: 'static',
-//      keyboard: false,
-//      url: '/lifecycleEvents/{workflowSetGraphItemId:int}/{entityType}',
-//      templateUrl: "views/workflow-sets/lifecycle_events.html",
-//      controller: 'LifecycleEventsController'
-//    });
-//
-//    modalStateProvider.state('workflows.editor.editRoleAttributeExpressions', {
-//      backdrop: 'static',
-//      params: {
-//        mode: {
-//          value: "new_request",
-//          squash: false
-//        }
-//      },
-//      keyboard: false,
-//      url: '/attributeExpressions/:graphItemId',
-//      templateUrl: "views/workflows/attribute_expression_editor.html",
-//      controller: 'AttributeExpressionEditorController'
-//    });
         }
     ])
 
@@ -1093,35 +396,6 @@ angular
         JSONFormatterConfigProvider.hoverPreviewEnabled = true;
     })
 
-//
-//.run(function($rootScope, $state, AUTH_EVENTS, ACCESS_EVENTS, growl, AuthenticationService) {
-//
-//  $rootScope.$on(ACCESS_EVENTS.accessFailed, function(event, result) {
-//    var url = "";
-//    if (typeof result.config.url !== "undefined") {
-//      url = "<br>Url: " + result.config.url;
-//    }
-//    growl.error("Unable to connect to server." + url);
-//    event.preventDefault();
-//    $state.go('config');
-//  });
-//
-//
-//  $rootScope.$on('$stateChangeStart', function(event, next) {
-//    if (next.name === "home") { //Hide scroll bars on all views except the Home page.
-//      document.body.style.overflow = "auto";
-//    } else {
-//      document.body.style.overflow = "hidden";
-//    }
-//    var requireLogin = next.data.requireLogin;
-//    if (requireLogin && !AuthenticationService.isAuthenticated()) {
-//      event.preventDefault();
-//      // user is not logged in
-//      $state.go("login");
-//    }
-//  });
-//
-//});
 
 function setContainerSize() {
     try {
diff --git a/src/federation-hub-ui/src/main/webapp/server.js b/src/federation-hub-ui/src/main/webapp/server.js
new file mode 100644
index 00000000..60b61862
--- /dev/null
+++ b/src/federation-hub-ui/src/main/webapp/server.js
@@ -0,0 +1,21 @@
+const express = require('express')
+const { createProxyMiddleware } = require('http-proxy-middleware');
+const app = express();
+const port = 3000;
+var path = require("path");
+
+// these need to go first:
+app.use("/images", express.static(__dirname + "/images"));
+app.use("/scripts", express.static(__dirname + "/scripts"));
+app.use("/modules", express.static(__dirname + "/modules"));
+app.use("/styles", express.static(__dirname + "/styles"));
+app.use("/lib", express.static(__dirname + "/lib"));
+app.use("/bowerDependencies", express.static(__dirname + "/bowerDependencies"));
+app.use("/views", express.static(__dirname + "/views"));
+//app.use("/fig/**", createProxyMiddleware({ target: 'https://[::1]:9100', changeOrigin: true, secure: false }));
+
+app.get('/',function(req,res){  
+    res.sendFile(path.join(__dirname+'/home.html')); 
+ });
+
+app.listen(port, () => console.log(`Example app listening on port ${port}!`))
\ No newline at end of file
diff --git a/src/federation-hub-ui/src/main/webapp/styles/main.css b/src/federation-hub-ui/src/main/webapp/styles/main.css
index 86827a71..497b5a4d 100644
--- a/src/federation-hub-ui/src/main/webapp/styles/main.css
+++ b/src/federation-hub-ui/src/main/webapp/styles/main.css
@@ -279,3 +279,44 @@ tr.angular-ui-tree-empty {
     background-color: white;
     color: white;
 }
+
+.legend {
+  font-size: 18px;
+  position: absolute;
+  bottom: 0px;
+  width: 221px;
+  background-color: white;
+  padding: 10px;
+  border-radius: 5px;
+  background-color: #337ab7;
+  color: white;
+}
+
+.legendItem {
+  display: flex;
+    display: -ms-flexbox;
+    background-color: white;
+    color: black;
+    align-items: center;
+    padding: 10px;
+    font-size: 13px;
+}
+
+.legendLine {
+  border-bottom: 5px dashed green;
+    width: 40%;
+    height: 25%;
+    margin-left: 5px;
+}
+
+.legenedConnected {
+  border-bottom: 5px solid rgb(0, 128, 0, .3)
+}
+
+.legendActive {
+  border-bottom: 5px dashed green;
+}
+
+.legendNotActive {
+  border-bottom: 5px solid DarkGray;
+}
diff --git a/src/federation-hub-ui/src/main/webapp/views/authentication/login.html b/src/federation-hub-ui/src/main/webapp/views/authentication/login.html
deleted file mode 100644
index 804bbe8c..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/authentication/login.html
+++ /dev/null
@@ -1,46 +0,0 @@
-<div class="modal-header">
-  <h3 class="modal-title">Login</h3>
-</div>
-<div class="modal-body" data-ng-init="initialize()">
-
-  <form name="login" ng-submit="submit(credentials)" novalidate>
-    <div class="form-group">
-      <label for="username">Username</label>
-      <input type="text" name="username" class="form-control" ng-model="credentials.username" ng-class="{ 'has-error': credentials.username.$touched && credentials.username.$invalid }" required>
-      <p ng-show="credentials.username.$error.required">A username is required.</p>
-    </div>
-    <!-- <div class="form-group">
-      <label for="password">Password</label>
-      <input type="password" name="password" class="form-control" ng-model="credentials.password" ng-class="{ 'has-error': credentials.password.$touched && credentials.password.$invalid }" required>
-      <p ng-show="credentials.password.$error.required">A password is required.</p>
-    </div> -->
-
-
-    <div class="form-group">
-      <label for="amtName">AMT Server IP Address/Name</label>
-      <input type="text" name="amtName" class="form-control" ng-model="serverInfo.amt.name" ng-class="{ 'has-error': serverInfo.amt.name.$touched && serverInfo.amt.name.$invalid }" required>
-      <p ng-show="serverInfo.amt.name.$error.required">An AMT server name or ip address is required.</p>
-    </div>
-    <div class="form-group">
-      <label for="amtPort">AMT Server Port</label>
-      <input type="number" name="amtPort" class="form-control" ng-model="serverInfo.amt.port" ng-class="{ 'has-error': serverInfo.amt.port.$touched && serverInfo.amt.port.$invalid }" required>
-      <p ng-show="serverInfo.amt.port.$error.required">An AMT server port is required.</p>
-    </div>
-    <div>
-      <span title="{{serverStatus.Message}}">
-            <label>Server Status</label>
-            <i ng-show="serverStatus.amtOK && serverStatus.fusekiOK" class="fa fa-circle fa-fw" style="color:green;"></i>
-            <i ng-show="serverStatus.amtOK && !serverStatus.fusekiOK" class="ng-hide fa fa-exclamation-triangle fa-fw" style="color:orange;"></i>
-            <i ng-show="!serverStatus.amtOK" class="ng-hide fa fa-exclamation-circle fa-fw" style="color:red;"></i>
-        </span>
-      <div ng-if="serverStatus.amtOK">
-        <label>Fuseki Server URI:</label> {{serverInfo.fuseki.uri}}
-        <label>AMT Server Version:</label> {{serverInfo.amt.version}}
-      </div>
-    </div>
-    <div class="modal-footer">
-      <button class="btn btn-primary" type="submit" value="Submit" ng-disabled="credentials.$invalid">Login</button>
-      <!--             <button class="btn btn-warning" type="button" ng-click="cancel()">Cancel</button> -->
-    </div>
-  </form>
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/authentication/logout.html b/src/federation-hub-ui/src/main/webapp/views/authentication/logout.html
deleted file mode 100644
index b99ad2d9..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/authentication/logout.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
-<div class="modal-header">
-  <h3 class="modal-title">Logout</h3>
-</div>
-<div class="modal-body">
-  <p>Are you sure you want to log out?</p>
-</div>
-<div class="modal-footer">
-  <button class="btn btn-primary" type="button" ng-click="logout()">Yes</button>
-  <button class="btn btn-warning" type="button" ng-click="cancel()">Cancel</button>
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/commander-dashboard/commander_dashboard.html b/src/federation-hub-ui/src/main/webapp/views/commander-dashboard/commander_dashboard.html
deleted file mode 100644
index 08a93ac5..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/commander-dashboard/commander_dashboard.html
+++ /dev/null
@@ -1,221 +0,0 @@
-<div id="container" class="container-fluid" data-ng-init="initialize()" style="overflow:auto">
-  <div class="form-group">
-
-    <!-- <div class="col-sm-3 col-md-2 sidebar" style="width:200px">
-      <ul class="nav nav-sidebar">
-        <li class="active"><a href="#">Overview <span class="sr-only">(current)</span></a></li>
-        <li><a href="#">Reports</a></li>
-        <li><a href="#">Analytics</a></li>
-        <li><a href="#">Export</a></li>
-      </ul>
-      <ul class="nav nav-sidebar">
-        <li><a href="">Nav item</a></li>
-        <li><a href="">Nav item again</a></li>
-        <li><a href="">One more nav</a></li>
-        <li><a href="">Another nav item</a></li>
-        <li><a href="">More navigation</a></li>
-      </ul>
-      <ul class="nav nav-sidebar">
-        <li><a href="">Nav item again</a></li>
-        <li><a href="">One more nav</a></li>
-        <li><a href="">Another nav item</a></li>
-      </ul>
-    </div> -->
-
-    <!-- <div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main"> -->
-    <div class="col-md-12 main">
-      <!-- <h1 class="page-header">Dashboard</h1>
-
-      <div class="row placeholders">
-        <div class="col-xs-6 col-sm-3 placeholder">
-          <img src="data:image/gif;base64,R0lGODlhAQABAIAAAHd3dwAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==" width="100" height="100" class="img-responsive" alt="Generic placeholder thumbnail">
-          <h4>Label</h4>
-          <span class="text-muted">Something else</span>
-        </div>
-        <div class="col-xs-6 col-sm-3 placeholder">
-          <img src="data:image/gif;base64,R0lGODlhAQABAIAAAHd3dwAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==" width="100" height="100" class="img-responsive" alt="Generic placeholder thumbnail">
-          <h4>Label</h4>
-          <span class="text-muted">Something else</span>
-        </div>
-        <div class="col-xs-6 col-sm-3 placeholder">
-          <img src="data:image/gif;base64,R0lGODlhAQABAIAAAHd3dwAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==" width="100" height="100" class="img-responsive" alt="Generic placeholder thumbnail">
-          <h4>Label</h4>
-          <span class="text-muted">Something else</span>
-        </div>
-        <div class="col-xs-6 col-sm-3 placeholder">
-          <img src="data:image/gif;base64,R0lGODlhAQABAIAAAHd3dwAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==" width="100" height="100" class="img-responsive" alt="Generic placeholder thumbnail">
-          <h4>Label</h4>
-          <span class="text-muted">Something else</span>
-        </div>
-      </div> -->
-      <div class="form-group">
-        <h2 class="sub-header">Instantiated Workflows</h2>
-        <table st-table="displayedInstanceCollection" class="table table-striped" st-safe-src="rowCollection">
-          <thead>
-            <tr>
-              <th>Creation Date</th>
-              <th st-sort="instance.name">Instance Name</th>
-              <th>Instance Description</th>
-              <th>Workflow Name</th>
-              <th>Workflow Description</th>
-            </tr>
-            <!-- <tr>
-              <th colspan="5">
-                <input st-search="" placeholder="global search..." class="input-sm form-control" type="text" />
-              </th>
-            </tr> -->
-          </thead>
-          <tbody>
-            <tr id="instanceRow" st-select-row="instanceRow" st-select-mode="single" ng-repeat="instanceRow in instanceList | orderBy: creationDate : true" value={{instanceRow.id}} ng-click="selectRow(instanceRow)">
-              <td>{{instanceRow.creationDate | date:'MM/dd/yyyy HH:mm:ss'}}</td>
-              <td>{{instanceRow.name}}</td>
-              <td>{{instanceRow.description}}</td>
-              <td>{{instanceRow.workflow.name}}</td>
-              <td>{{instanceRow.workflow.description}}</td>
-            </tr>
-          </tbody>
-          <tfoot>
-            <tr>
-              <td colspan="5" class="text-center">
-                <div st-pagination="" st-items-by-page="10" st-displayed-pages="7"></div>
-              </td>
-            </tr>
-          </tfoot>
-        </table>
-      </div>
-      <div>
-        <button><i class="fa fa-search-plus" ng-click="gantt.zoomIn()"></i></button>
-        <button><i class="fa fa-search-minus" ng-click="gantt.zoomOut()"></i></button>
-        <span>{{gantt.options.zoom}}x</span>
-
-        <button><i class="fa fa-clock-o" title="scroll to current time" ng-click="gantt.api.scroll.toDate(gantt.options.currentDateValue);"></i></button>
-      </div>
-      <div gantt style="font-size: 12px;"
-        data="gantt.mockupdata2"
-        options="gantt.options"
-        view-scale="gantt.options.scale"
-        column-width="getColumnWidth(gantt.options.width, gantt.options.scale, gantt.options.zoom)"
-
-        api="registerApi">
-        <gantt-tree enabled="true" header-content="gantt.options.treeHeaderContent" keep-ancestor-on-filter-row="true"> </gantt-tree>
-        <!-- <gantt-table></gantt-table> -->
-        <!-- <div gantt current-date="getToday"></div> -->
-        <gantt-progress enabled="true"></gantt-progress>
-        <!-- <gantt-groups enabled="true" display="Blah" from="9/25/2013" to="10/30/2013"></gantt-groups> -->
-        <gantt-groups enabled="true"></gantt-groups>
-        <gantt-dependencies enabled="true" read-only="true" js-plumb-defaults="{
-                                          Endpoint: ['Dot', {radius: 7}],
-                                          Connector: 'Flowchart',
-                                          ConnectionOverlays: [['Arrow', {location: 1, length: 12, width: 12}]]}">
-        </gantt-dependencies>
-        <!-- <gantt-movable></gantt-movable> -->
-        <gantt-tooltips></gantt-tooltips>
-      </div>
-      <div ng-if="activeInstance !== undefined">
-        <div class="table-responsive">
-          <div class="col-md-12" style="padding:0; overflow:hidden">
-            <div class="panel panel-primary">
-              <div class="panel-heading">
-                <div class="row">
-                  <div class="col-md-12 text-left">
-                    <i class="fa fa-sitemap "></i>
-                    <div class="panel-title"><a href ng-click="navigateToWorkflow(activeInstance.workflow)">{{activeInstance.workflow.name}}</a> - {{activeInstance.creationDate| date:'MM/dd/yyyy HH:mm:ss'}}</div>
-                    <div class="pull-right">
-                      <input type="range" min="0" max="2" step="0.1" ng-model="graphLayout.zoomLevel" ng-change="changeGraphZoom()" />
-                    </div>
-                  </div>
-
-                </div>
-              </div>
-
-              <div gantt data=gantt.data api="registerApi">
-                <gantt-tree enabled="true" header-content="gantt.options.treeHeaderContent" keep-ancestor-on-filter-row="true"> </gantt-tree>
-                <!-- <gantt-table></gantt-table> -->
-                <gantt-progress enabled="true"></gantt-progress>
-                <gantt-groups enabled="true"></gantt-groups>
-                <gantt-dependencies enabled="true" read-only="true" js-plumb-defaults="{
-                                                  Endpoint: ['Dot', {radius: 7}],
-                                                  Connector: 'Flowchart',
-                                                  ConnectionOverlays: [['Arrow', {location: 1, length: 12, width: 12}]]}">
-                </gantt-dependencies>
-                <!-- <gantt-movable></gantt-movable> -->
-                <gantt-tooltips></gantt-tooltips>
-              </div>
-              <div id="pnlDiagram" class="panel-footer">
-                <joint-diagram id="joint-diagram" graph="workflow.graph" grid-size="1" />
-              </div>
-            </div>
-          </div>
-        </div>
-      </div>
-
-      <!-- <h2 class="sub-header">Instantiated Workflows</h2>
-      <div class="table-responsive">
-        <div class="col-md-12 " ng-repeat="instance in instanceList">
-          <div class="panel panel-primary">
-            <div class="panel-heading">
-              <div class="row">
-                <div class="col-xs-3">
-                  <i class="fa fa-sitemap "></i>
-                </div>
-                <div class="col-xs-9 text-right">
-                  <div class="panel-title"><a href ng-click="navigateToWorkflow(instance.workflow)">{{instance.workflow.name}}</a> - {{instance.creationDate}}</div>
-                </div>
-              </div>
-            </div>
-
-            <div class="panel-footer">
-              <joint-diagram id="joint-diagram-{{instance.id}}" ng-init="initializeWorkflowDiagram(instance)" graph="workflow.graph" grid-size="1" />
-            </div>
-          </div>
-        </div>
-      </div> -->
-
-      <!-- <h2 class="sub-header">Instantiated Workflows</h2>
-      <div class="table-responsive">
-        <div class="col-md-12 " ng-repeat="wf in workflowList">
-          <div class="panel panel-primary">
-            <div class="panel-heading">
-              <div class="row">
-                <div class="col-xs-3">
-                  <i class="fa fa-sitemap "></i>
-                </div>
-                <div class="col-xs-9 text-right">
-                  <div class="panel-title"><a href ng-click="navigateToWorkflow(wf)">{{wf.name}}</a></div>
-                </div>
-              </div>
-            </div>
-
-            <div class="panel-footer">
-              <joint-diagram id="joint-diagram-{{wf.id}}" ng-init="initializeWorkflowDiagram(wf)" graph="workflow.graph" grid-size="1" />
-            </div>
-          </div>
-        </div>
-      </div> -->
-      <div id="tagRegion"></div>
-
-      <div ng-if="selectedInstanceTag !== undefined">
-        <h2 class="sub-header">Tags for {{getUriLabel(selectedInstanceTag.product)}}</h2>
-        <div class="table-responsive">
-          <table class="table table-striped">
-            <thead>
-              <tr>
-                <th>Tag</th>
-                <th>URI</th>
-              </tr>
-            </thead>
-            <tbody>
-              <tr ng-repeat="tag in selectedInstanceTag.tags">
-                <td>{{getUriLabel(tag)}}</td>
-                <td>{{tag}}</td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-      </div>
-    </div>
-
-
-  </div>
-
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/config/config.html b/src/federation-hub-ui/src/main/webapp/views/config/config.html
deleted file mode 100644
index 2972472a..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/config/config.html
+++ /dev/null
@@ -1,39 +0,0 @@
-<div data-ng-init="initialize()">
-  <div class="row">
-    <div class="col-lg-12">
-      <h1 class="page-header">Configuration Management</h1>
-    </div>
-    <!-- /.col-lg-12 -->
-  </div>
-
-  <form name="login" ng-submit="submit(serverInfo)" novalidate>
-    <div class="panel panel-default col-lg-6 col-lg-offset-3">
-      <div class="panel-heading">AMT Server Connection</div>
-      <div class="panel-body">
-        <div class="form-group">
-          <label for="amtName">AMT IP Address / Server Name</label>
-          <input type="text" name="amtName" class="form-control" ng-model="serverInfo.amt.name" ng-class="{ 'has-error': serverInfo.amt.name.$touched && serverInfo.amt.name.$invalid }" required>
-          <p ng-show="serverInfo.amt.name.$error.required">An AMT server name or ip address is required.</p>
-        </div>
-        <div class="form-group">
-          <label for="amtPort">AMT Server Port</label>
-          <input type="number" name="amtPort" class="form-control" ng-model="serverInfo.amt.port" ng-class="{ 'has-error': serverInfo.amt.port.$touched && serverInfo.amt.port.$invalid }" required>
-          <p ng-show="serverInfo.amt.port.$error.required">An AMT server port is required.</p>
-        </div>
-        <div class="form-group">
-          <label>Fuseki Server URI:</label> {{serverInfo.fuseki.uri}}
-        </div>
-        <div class="form-group">
-          <label>AMT Server Version:</label> {{serverInfo.amt.version}}
-        </div>
-      </div>
-      <div class="modal-footer">
-        <button class="btn btn-primary" type="submit" value="Submit" ng-disabled="serverInfo.$invalid">Apply</button>
-      </div>
-
-    </div>
-  </form>
-
-
-
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/connections/connections.html b/src/federation-hub-ui/src/main/webapp/views/connections/connections.html
index f92c4dde..1e3f3394 100644
--- a/src/federation-hub-ui/src/main/webapp/views/connections/connections.html
+++ b/src/federation-hub-ui/src/main/webapp/views/connections/connections.html
@@ -38,6 +38,10 @@ <h4 ng-if="editExisting" style="float: right">{{roger_federation.name}}</h4>
                 <thead>
                   <tr>
                     <th>Connection Id</th>
+                    <th>Reads</th>
+                    <th>BytesRead</th>
+                    <th>Writes</th>
+                    <th>BytesWritten</th>
                     <th>Local Connection Type</th>
                     <th>Remote Connection Type</th>
                     <th>Remote Address</th>
@@ -49,6 +53,10 @@ <h4 ng-if="editExisting" style="float: right">{{roger_federation.name}}</h4>
                 <tbody>
                   <tr data-ng-repeat="ac in filteredActiveConnections">
                     <td data-ng-bind="ac.connectionId"></td>
+                    <td data-ng-bind="ac.reads"></td>
+                    <td data-ng-bind="ac.bRead"></td>
+                    <td data-ng-bind="ac.writes"></td>
+                    <td data-ng-bind="ac.bWritten"></td>
                     <td data-ng-bind="ac.localConnectionType"></td>
                     <td data-ng-bind="ac.remoteConnectionType"></td>
                     <td data-ng-bind="ac.remoteAddress"></td>
diff --git a/src/federation-hub-ui/src/main/webapp/views/manage/manage.html b/src/federation-hub-ui/src/main/webapp/views/manage/manage.html
deleted file mode 100644
index 40f75224..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/manage/manage.html
+++ /dev/null
@@ -1,19 +0,0 @@
-<div data-ng-init="initialize()">
-  <!-- Create our top tabbed pane navigation. -->
-  <div class="row">
-    <div class="col-lg-12">
-      <ul class="nav nav-tabs">
-        <li role="presentation" ng-class="{active : $state.includes('manage.role-sets')}"><a ui-sref="manage.role-sets">Role/Product Sets</a></li>
-        <li role="presentation" ng-class="{active : $state.includes('manage.diagrams')}"><a ui-sref="manage.diagrams">Diagrams</a></li>
-        <li role="presentation" ng-class="{active : $state.includes('manage.federations')}"><a ui-sref="manage.federations">Federations</a></li>        
-        <li role="presentation" ng-class="{active : $state.includes('manage.instances')}"><a ui-sref="manage.instances">Instances</a></li>
-        <li role="presentation" ng-class="{active : $state.includes('manage.assets')}"><a ui-sref="manage.assets">Assets</a></li>
-        <li role="presentation" ng-class="{active : $state.includes('manage.defaults')}"><a ui-sref="manage.defaults">Defaults</a></li>
-      </ul>
-    </div>
-  </div>
-
-  <!-- Now pull in the template for the currently selected sub state -->
-  <div ui-view></div>
-
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/add_bpmn_transition.html b/src/federation-hub-ui/src/main/webapp/views/workflows/add_bpmn_transition.html
deleted file mode 100644
index 517aa629..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/add_bpmn_transition.html
+++ /dev/null
@@ -1,76 +0,0 @@
-<div class="modal-header">
-  <h3 class="modal-title">{{editorTitle}}</h3>
-</div>
-<div class="modal-body" data-ng-init="initialize()">
-  <form name="workflow" ng-submit="submit()">
-    <div class="panel-body">
-
-      <uib-accordion close-others="false">
-        <div uib-accordion-group class="panel-default" is-open="true">
-          <uib-accordion-heading>
-            <span class="glyphicon glyphicon-edit" data-original-title="" title=""></span> User Defined Attributes
-          </uib-accordion-heading>
-          <div class="form-inline" style="display: block;">
-            <label>Timer</label>
-            <input class="form-control" type="number" name="input" ng-model="roger_federation.timer.value" ng-model-options="{ allowInvalid: true }" min="0" max="999" required>
-            <select class="form-control" ng-show="roger_federation.timer.value > 0" ng-model="roger_federation.timer.units" ng-options="o for o in unitsOfTime" />
-            <input class="form-control" ng-show="roger_federation.timer.value > 0" type="text" placeholder="Optional Timer Description" ng-model="roger_federation.timer.description" />
-          </div>
-          <br>
-          <div class="form-inline" style="display: block;">
-            <label>Priority</label>
-            <input class="form-control" type="number" name="input" ng-model="roger_federation.priority" ng-model-options="{ allowInvalid: true }" min="0" max="999" required>
-          </div>
-        </div>
-
-        <div uib-accordion-group class="panel-default" is-open="true">
-          <uib-accordion-heading>
-            <span class="fa fa-exchange" data-original-title="" title=""></span> Transition Type
-          </uib-accordion-heading>
-          <div class="btn-group" style="padding-bottom: 10px;">
-            <label class="btn btn-primary" ng-model="transition.type" uib-btn-radio="'None'">None</label>
-            <label class="btn btn-primary" ng-model="transition.type" uib-btn-radio="'Manual'">Manual</label>
-            <label class="btn btn-primary" ng-model="transition.type" uib-btn-radio="'Temporal'">Temporal</label>
-            <label class="btn btn-primary" ng-model="transition.type" uib-btn-radio="'Event Based'">Event-Based</label>
-          </div>
-
-          <!-- display the right transition details based on the transition type -->
-          <div ng-show="transition.type === 'Manual'" class="modal-row">
-            <br>
-          </div>
-          <input ng-show="transition.type === 'Event Based'" type="text" placeholder="Event Definition" ng-model="transition.eventDefinition" class="modal-row form-control" />
-          <div class="row" ng-show="transition.type === 'Temporal'">
-            <div class="col-sm-6">
-              <div class="input-group">
-                <input type="text" class="form-control" datetime-picker="MM/dd/yyyy HH:mm" ng-model="transition.transitionTime" is-open="isCalendarOpen" ng-focus="isCalendarOpen=true" required readonly />
-                <span class="input-group-btn">
-                    <button type="button" class="btn btn-default" ng-click="isCalendarOpen=!isCalendarOpen"><i class="glyphicon glyphicon-calendar"></i></button>
-                </span>
-              </div>
-            </div>
-          </div>
-
-          <div ng-show="transition.type !== 'None'">
-            <div>
-              <label>Interaction</label>
-            </div>
-            <!-- select interaction type -->
-            <div class="btn-group display:inline-block">
-              <label class="btn btn-primary" ng-model="transition.interaction" uib-btn-radio="'Explicit'">Explicit</label>
-              <label class="btn btn-primary" ng-model="transition.interaction" uib-btn-radio="'Implicit'">Implicit</label>
-              <label class="btn btn-primary" ng-model="transition.interaction" uib-btn-radio="'End All'">End All</label>
-            </div>
-          </div>
-        </div>
-      </uib-accordion>
-
-
-
-
-    </div>
-    <div class="modal-footer">
-      <button class="btn btn-primary" type="submit">OK</button>
-      <button class="btn btn-warning" type="button" ng-click="cancel()">Cancel</button>
-    </div>
-  </form>
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/add_federate_group.html b/src/federation-hub-ui/src/main/webapp/views/workflows/add_federate_group.html
index c8a1b00a..3122a39b 100644
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/add_federate_group.html
+++ b/src/federation-hub-ui/src/main/webapp/views/workflows/add_federate_group.html
@@ -164,14 +164,22 @@ <h4 ng-if="editExisting" style="float: right">{{roger_federation.name}}</h4>
         </div>
 
         <div class="row form-group">
-            <label class="col-sm-3">CA Group</label>
+            <label class="col-sm-3">CA Group (issuer)</label>
             <div class="col-sm-9">
                 <select class="form-control" ng-model="roger_federation.name">
-                    <option ng-repeat="ca in knownCas" value="{{ca.uid}}">{{ca.uid}}</option>
+                    <option ng-repeat="ca in knownCas" value="{{ca.uid}}">{{ca.issuer}}</option>
                 </select>
             </div>
         </div>
 
+        <div class="row form-group">
+            <label class="col-sm-3">CA Group (subject)</label>
+            <div class="col-sm-9">
+                <select class="form-control" ng-model="roger_federation.name">
+                    <option ng-repeat="ca in knownCas" value="{{ca.uid}}">{{ca.subject}}</option>
+                </select>
+            </div>
+        </div>
 
         <div class="row form-group">
             <label class="col-sm-3">Interconnected</label>
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/add_ontology_element.html b/src/federation-hub-ui/src/main/webapp/views/workflows/add_ontology_element.html
deleted file mode 100644
index 353f6c5c..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/add_ontology_element.html
+++ /dev/null
@@ -1,165 +0,0 @@
-<div class="modal-header">
-  <h3 class="modal-title">{{editorTitle}} {{roger_federation.type}}</h3>
-  <h4 class="modal-title">{{roger_federation.name}}</h4>
-</div>
-
-<div class="modal-body" data-ng-init="initialize()" style="height: 830px; width:100%;">
-
-  <form name="myForm">
- <div style="height: 600px; overflow: hidden;">
-    <div ui-layout>
-        <div ui-layout="{flow : 'column' }">
-          <div ui-layout-container min-size="300px" id="vizContainer">
-            <div style="height: 100%; overflow: hidden;">
-              <div class="panel panel-primary" style="height: 100%;">
-                <div class="panel-heading">
-                  <div class="pull-right">
-                    <!-- <button class="btn btn-sm btn-success" ng-disabled="checkClassSelection()" ng-click="addClassToRoles()">Add Class to Roles</button>
-                    <button class="btn btn-sm btn-success" ng-disabled="checkClassSelection()" ng-click="addClassToProducts()">Add Class to Products</button> -->
-                    <button class="btn btn-sm btn-success" type="button" ng-click="submit()">OK</button>
-                    <button class="btn btn-sm btn-success" type="button" ng-click="cancel()">Cancel</button>
-                  </div>
-                  <div style="display:inline-flex;">
-                    <select class="form-control input-sm" name="roleProductSets.dataset" id="dataset" ng-model="selectedDataset" ng-change="getDatasetData(selectedDataset)" required autofocus>
-                      <option value="">-- Select Dataset --</option>
-                      <option ng-repeat="dataset in datasetOptions" value={{dataset}}>
-                        {{dataset}}
-                      </option>
-                    </select>
-                    <!-- <button ng-disabled="showRPSetLoadSpinner" ng-show="selectedDataset !== undefined && selectedDataset !== ''" class="btn btn-sm btn-success" ng-click="!showRPSetLoadSpinner && reloadDataset(selectedDataset)" title="Reload dataset from Fuseki. (this may take a while for large ontologies)" style="margin-left:8px;">
-                      <span class="glyphicon glyphicon-refresh"></span>
-                    </button> -->
-                  </div>
-                </div>
-                <div>
-                </div>
-                <div class="panel-body" id="vizPanelBody" style="height: 100%; padding:0;">
-                  <span us-spinner spinner-on="showRPSetLoadSpinner"></span>
-                  <iframe id="viz" src="/viz/deploy/index.html" style="width:100%; height:100%;" onLoad="vizLoadComplete();"></iframe>
-                </div>
-              </div>
-            </div>
-          </div>
-          <div ui-layout-container min-size="350px" size="30%">
-            <div ui-layout="{flow : 'row' }">
-              <div ui-layout-container min-size="300px" id="pnlPrimary">
-                <div class="panel panel-primary" style="height: 100%; margin: 0; overflow:hidden" >
-                  <div class="panel-heading">
-                    <h3 class="panel-title" style="padding:7px;">
-                     <span>Class Hierarchy</span>
-                    </h3>
-                  </div>
-                  <div style="margin:8px; white-space: nowrap;">
-                    <!-- <input placeholder="Search..." type="text" ng-model="search.input.text" ng-keyup="$event.keyCode == 13 && search.doSearch()"> -->
-                    <input type="text"  ng-model="search.input.text" ng-keyup="$event.keyCode === 13 && search.doSearch()" placeholder="Search..." uib-typeahead="item for item in queryClasses($viewValue)" typeahead-loading="loadingLocations" typeahead-no-results="noResults" class="form-control">
-                    <!-- /.dropdown -->
-                    <ul class="" style="list-style-type: none; padding:4px; display: inline-block;">
-                      <li class="dropdown">
-                        <a class="dropdown-toggle" data-toggle="dropdown" title="Search Settings">
-                          <i class="glyphicon glyphicon-search" ng-click="search.doSearch()"></i>
-                          <i class="fa fa-caret-down"></i>
-                        </a>
-                        <ul role="menu" class="dropdown-menu">
-                          <li style="padding: 3px 20px;">
-                            <input type="checkbox" ng-model="search.options.wholeWordMatch"><span> Find whole words only</span>
-                          </li>
-                          <!-- <li class="divider"></li> -->
-                          <!-- <li>
-                            <li style="padding: 3px 20px;">
-                              <input type="checkbox" ng-model="search.options.includeClassInstances" disabled><span> Include Instances</span>
-                            </li>
-                          </li> -->
-                        </ul>
-                      </li>
-                    </ul>
-                    <!-- /.dropdown -->
-                    <span ng-if="search.result.hits.length > 0">
-                      {{search.result.currentIndex + 1}} of {{search.result.hits.length}}
-                      <button class="glyphicon glyphicon-menu-down" ng-click="search.findNext()"></button>
-                      <button class="glyphicon glyphicon-menu-up" ng-click="search.findPrevious()"></button>
-                    </span>
-                    <span id="spanNoMatches" ng-if="search.result.alertNoMatches">
-                      No Matches
-                    </span>
-                  </div>
-                  <div id="pnlClassHierarchy" class="panel-body" style="padding:0; overflow: auto; white-space: nowrap;">
-                    <treecontrol id="treeClassHierarchy" class="tree-light" tree-model="datasetData" ng-model-options="{ debounce: 500 }" selected-node="selectedClass" options="treeOptions" expanded-nodes="expandedClassNodes" on-selection="showSelectedClass(node, true)">
-                      <span style="background-color: {{search.getNodeBGColor(node)}}">
-                          {{node.name}}
-                        </span>
-                    </treecontrol>
-                  </div>
-                </div>
-              </div>
-              <div ui-layout-container size="200px">
-                <tabset style="overflow: auto;">
-                  <tab heading="Class Attributes">
-                    <div class="panel panel-success">
-                      <!-- <div class="panel-heading">Selected Class Attributes</div> -->
-                      <div class="panel-body">
-                        <div id="classAttributesDiv">
-                          <b>Label: <span ng-bind="selectedClass.name"></span></b>
-                          <br>
-                          <b>Name: <span ng-bind="selectedClass.label['IRI-based']"></span></b>
-                          <br>
-                          <b style="white-space:nowrap;">IRI: </b>
-                          <a ng-bind="selectedClass.iri" href="{{selectedClass.iri}}" target="iriTarget" style="word-wrap:break-word;"></a>
-                          <br>
-                          <b>Comment: </b><span ng-bind="selectedClass.comment.undefined"></span>
-                          <br>
-                        </div>
-                      </div>
-                    </div>
-                  </tab>
-                  <tab heading="Class Instances ({{selectedClass.individuals.length === undefined ? 0 :selectedClass.individuals.length}})">
-                    <div class="panel-body">
-                      <b>Instances: </b><span ng-bind="selectedClass.individuals.length"></span>
-                      <br>
-                      <div style="white-space: nowrap; overflow: auto;">
-                        <div ng-repeat="intances in selectedClass.individuals | orderBy:'iri'">
-                          {{intances.labels['IRI-based']}}
-                        </div>
-                      </div>
-                    </div>
-                  </tab>
-                </tabset>
-              </div>
-            </div>
-          </div>
-        </div>
-      </div>
-
-  </div>
-
-
-
-
-
-
-
-    <div style="max-height: 400px;overflow: auto;">
-      <treecontrol class="tree-light" tree-model="treeData" selected-node="selectedNode" options="treeOptions" expanded-nodes="expandedNodes" on-selection="showSelected(node, selected)">
-        <span style="color: {{nodeColor(node)}}" ng-mouseenter="showPopover(node, $event)">
-          {{node.name}} ({{node.datasetName}})
-      </span>
-      </treecontrol>
-    </div>
-    <hr>
-    <div style="margin: 10px">
-      <div ng-show="roger_federation.type === 'Pool'">
-        <label>Number of pool swim lanes:
-          <input type="number" name="input" ng-model="pool.numberOfSwimLanes" min="1" max="4" required>
-        </label>
-      </div>
-      <div ng-if="roger_federation.priority !== undefined">
-        <label>Priority
-          <input type="number" name="input" ng-model="roger_federation.priority" ng-model-options="{ allowInvalid: true }" min="0" max="999" required>
-        </label>
-      </div>
-    </div>
-    <!-- <div class="modal-footer">
-      <button class="btn btn-primary" type="button" ng-click="submit()" >OK</button>
-      <button class="btn btn-primary" type="button" ng-click="cancel()">Cancel</button>
-    </div> -->
-  </form>
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/add_policy_filter.html b/src/federation-hub-ui/src/main/webapp/views/workflows/add_policy_filter.html
deleted file mode 100644
index 1d554e37..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/add_policy_filter.html
+++ /dev/null
@@ -1,15 +0,0 @@
-<div class="modal-header">
-    <div style="clear: both">
-        <h3 class="modal-title" style="float: left">Federate Policy Filters</h3>
-    </div>
-</div>
-
-<div class="modal-body" data-ng-init="initialize()">
-    <p>Under construction</p>
-
-    <div class="modal-footer">
-        <button class="btn btn-primary" type="button" ng-click="submit()" ng-disabled="!federatePolicyForm.$valid">OK</button>
-        <button class="btn btn-primary" type="button" ng-click="cancel()">Cancel</button>
-    </div>
-
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/attribute_expression_editor.html b/src/federation-hub-ui/src/main/webapp/views/workflows/attribute_expression_editor.html
deleted file mode 100644
index 400e3aa1..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/attribute_expression_editor.html
+++ /dev/null
@@ -1,94 +0,0 @@
-
-<div class="modal-header">
-  <h3 class="modal-title">Instantiation Expression Builder</h3>
-  <h4 class="modal-title silver">{{roleName}} ({{ontologyName}})</h4>
-</div>
-
-<div class="modal-body" data-ng-init="initialize()">
-
-<!-- start tree view -->
-
-<script type="text/ng-template" id="nodes_renderer.html">
-  <div style="display:inline-block" ui-tree-handle class="tree-node tree-node-content">
-	<a class="btn btn-success btn-xs" ng-if="node.nodes && node.nodes.length > 0" data-nodrag ng-click="toggle(this)"><span
-        class="glyphicon"
-        ng-class="{
-          'glyphicon-chevron-right': collapsed,
-          'glyphicon-chevron-down': !collapsed
-        }"></span></a>
-	<a class="btn btn-danger btn-xs" data-nodrag ng-click="remove(this)"><span class="glyphicon glyphicon-remove"></span></a>
-    <span ng-show="node.type === 'attribute'"><a class="btn btn-primary btn-xs" data-nodrag style="margin-right: 8px;"><span class="glyphicon glyphicon-plus text-muted"></span></a></span>
-    <span ng-hide="node.type === 'attribute'"><a class="btn btn-primary btn-xs" data-nodrag ng-click="newSubItem(this)" style="margin-right: 8px;"><large><span class="glyphicon glyphicon-plus"></span></large></a></span>
-
-
-  	<div class="btn-group" uib-tooltip="select type: boolean operation or attribute">
-        <label data-nodrag class="btn btn-primary" ng-change="updateRol()" ng-model="node.type" uib-btn-radio="'attribute'">attribute</label>
-        <label data-nodrag class="btn btn-success" ng-change="updateRol()" ng-model="node.type" uib-btn-radio="'and'">and</label>
-        <label data-nodrag class="btn btn-success" ng-change="updateRol()" ng-model="node.type" uib-btn-radio="'or'">or</label>
-        <label data-nodrag class="btn btn-success" ng-change="updateRol()" ng-model="node.type" uib-btn-radio="'not'">not</label>
-        <!-- <label data-nodrag class="btn btn-success" ng-change="updateRol()" ng-model="node.type" uib-btn-radio="'parentheses'">( )</label> -->
-	</div>
-   
-	<div ng-show="node.type === 'attribute'" style="margin-top:10px">
-		<input style="width:70px" type="text" ng-model="node.key"
-			 ng-change="updateRol()"
-             placeholder="Key"
-             uib-tooltip="Enter attribute key"
-             tooltip-placement="top"
-             tooltip-trigger="mouseenter"
-             tooltip-enable="!node.key"
-			 data-nodrag />
-		<input style="width:190px" type="text" ng-model="node.value"
-			 ng-change="updateRol()"
-             placeholder="Value"
-             uib-tooltip="Enter attribute value"
-             tooltip-placement="top"
-             tooltip-trigger="mouseenter"
-             tooltip-enable="!node.value"
-			 data-nodrag />
-	</div>
-  	<ol ui-tree-nodes="" ng-model="node.nodes" ng-class="{hidden: collapsed}">
-    	<div ng-repeat="node in node.nodes"><li ui-tree-node ng-include="'nodes_renderer.html'"></div></li>
-  	</ol>
-  </div>
-</script>
-
-<div class="row">
-    <div class="col-sm-12">
-      <a class="btn btn-primary btn-xs" data-nodrag style="margin-right: 8px;"><span class="glyphicon glyphicon-resize-full gi-1_5x" ng-click="expandAll()" uib-tooltip="Expand All"></span></a>
-      <a class="btn btn-primary btn-xs" data-nodrag style="margin-right: 8px;"><span class="glyphicon glyphicon-resize-small gi-1_5x" ng-click="collapseAll()" uib-tooltip="Collapse All"></span></a>
-      <span>Build instantiation expressions using attributes and operators (and, or, not)</span>
-  </div>
-</div>
-
-<div class="row">
-  <div>
-    <div ui-tree id="tree-root">
-      <ol ui-tree-nodes ng-model="data">
-        <li ng-repeat="node in data" ui-tree-node ng-include="'nodes_renderer.html'"></li>
-      </ol>
-    </div>
-  </div>
-</div>
-
-<!-- debug the tree json dynamically -->
-<!-- 
-<div class="row">
-  <div class="col-md-10">
-    <div class="info">
-      {{info}}
-    </div>
-    <pre class="code">{{ data | json }}</pre>
-  </div>
-</div>
--->
-
-<!-- end tree view -->
-
-  <div class="modal-footer">
-    <button class="btn btn-primary" type="button" ng-click="submit()" ng-disabled="ssForm.$invalid">OK</button>
-  </div>
-  
-  <div style="position: absolute; padding: 10px; top: 100px; left: -100px; background: white; border: 2px solid #000066" data-ng-click="hidePreview()" data-ng-show="sparqlPreviewActive" data-ng-bind-html="sparqlPreviewContent">
-  </div>
-
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/display_template_container.html b/src/federation-hub-ui/src/main/webapp/views/workflows/display_template_container.html
deleted file mode 100644
index 3d7c0e43..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/display_template_container.html
+++ /dev/null
@@ -1,13 +0,0 @@
-<div class="modal-header">
-  <h3 class="modal-title">Template Container</h3>
-</div>
-<div class="modal-body" data-ng-init="initialize()">  
-  <div class="panel-body">
-    <json-formatter open="1" json="jsonData"></json-formatter>
-  </div>
-</div>
-
-<div class="modal-footer">
-  <button class="btn btn-primary" type="button" ng-click="download()">Save</button>
-  <button class="btn btn-primary" type="button" ng-click="$close()">Close</button>
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/manage/manage_federations.html b/src/federation-hub-ui/src/main/webapp/views/workflows/manage_federations.html
similarity index 100%
rename from src/federation-hub-ui/src/main/webapp/views/manage/manage_federations.html
rename to src/federation-hub-ui/src/main/webapp/views/workflows/manage_federations.html
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/new_workflow.html b/src/federation-hub-ui/src/main/webapp/views/workflows/new_workflow.html
index b2087dac..75187783 100644
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/new_workflow.html
+++ b/src/federation-hub-ui/src/main/webapp/views/workflows/new_workflow.html
@@ -22,21 +22,12 @@ <h3 class="modal-title">New {{workflow.diagramType}} Diagram</h3>
         <p ng-message="required">A Diagram name is required.</p>
       </div>
     </div>
-    <div class="form-group">
-      <label for="federationVersion">Federation Version</label>
-      <input type="text" name="federationVersion" class="form-control" ng-model="workflow.version" />
-    </div>
-    <div class="form-group">
-      <label for="federationType">Federation Type</label>
-      <input type="text" name="federationType" class="form-control" ng-model="workflow.type" />
-    </div>
     <div class="form-group">
       <label for="workflowDescription">Diagram Description</label>
       <input type="text" name="workflowDescription" class="form-control" ng-model="workflow.description" />
     </div>
     <div class="modal-footer">
       <button class="btn btn-primary" type="submit" value="Submit" ng-disabled="workflowForm.$invalid">OK</button>
-      <button class="btn btn-info" type="button" ng-click="useActivePolicy()">Use Active Policy</button>
       <button class="btn btn-warning" type="button" ng-click="cancel()">Cancel</button>
     </div>
   </form>
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_editor.html b/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_editor.html
index 7409ba21..6fbe6150 100644
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_editor.html
+++ b/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_editor.html
@@ -5,6 +5,21 @@
         <div ng-include="'views/workflows/workflow_editor_sidebar.html'" style="height: 100%; overflow: auto;"></div>
       </div> -->
       <div ui-layout-container min-size="300px" style="overflow: hidden;">
+        <div class="legend">
+          <span>LEGEND</span>
+          <!-- <div class="legendItem">
+            <span>Node Connected:</span>
+            <div class="legendLine legenedConnected"></div>
+          </div> -->
+          <div class="legendItem">
+            <span>Data Flowing:</span>
+            <div class="legendLine legendActive"></div>
+          </div>
+          <div class="legendItem">
+            <span>No Data Flowing:</span>
+            <div class="legendLine legendNotActive"></div>
+          </div>
+        </div>
         <div style="height: 100%; overflow: hidden;">
           <nav class="navbar navbar-inverse nav navbar-top-links" style="margin:0px; white-space:nowrap; background-color: #337ab7; border-color: #337ab7;">
             <div class="container-fluid">
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_editor_sidebar.html b/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_editor_sidebar.html
deleted file mode 100644
index 904780c1..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_editor_sidebar.html
+++ /dev/null
@@ -1,417 +0,0 @@
-<!-- Workflow Fields -->
-<div class="panel panel-success">
-
-  <tabset>
-    <tab heading="BPMN Inspector">
-      <div class="panel panel-success">
-        <div class="panel-body">
-          <div id="inspector-container"></div>
-        </div>
-      </div>
-    </tab>
-
-    <tab heading="Roles">
-      <div class="panel-body">
-        <div ng-repeat="state in stateObjects | filter: {entityType: 'role'}">
-          <div class="panel panel-success">
-            <div class="panel-heading" ng-mouseenter="showPopover(state, $event)">
-              <div class="pull-right btn-group">
-                <button class="btn btn-default" ng-click="setActiveState(state)">
-                  <span class="glyphicon glyphicon-plus"></span>
-                </button>
-                <button class="btn btn-default" ui-sref="workflows.editor.editRoleAttributeExpressions({graphItemId: state.graphItemId})" ng-click="test(state)" uib-tooltip="Build Instantiation Expressions">
-                  <span class="glyphicon glyphicon-tasks"></span>
-                </button>
-                <button class="btn btn-default" ng-click="removeGraphItemState(state.cellId)">
-                  <span class="glyphicon glyphicon-trash"></span>
-                </button>
-                </button>
-              </div>
-              <h3 class="panel-title">{{state.name}}</h3>
-              <br>
-              <span>({{state.datasetName}}) </span>
-              <div style="clear: both;"></div>
-            </div>
-            <div collapse="activeState != state" class="panel-body">
-              <form name="roleForm">
-                <div class="row form-group" ng-class="{ 'has-error': roleForm.name.$touched && roleForm.name.$invalid }">
-                  <label class="col-sm-3">Label</label>
-                  <div class="col-sm-9">
-                    <input type="text" name="label" class="form-control" ng-model="state.label" required />
-                    <div class="help-block" ng-messages="roleForm.label.$error" ng-if="roleForm.label.$touched">
-                      <p ng-message="required">A role label is required.</p>
-                    </div>
-                  </div>
-                </div>
-                <div class="row form-group">
-                  <label class="col-sm-3">Name</label>
-                  <div class="col-sm-9">
-                    <input type="text" name="name" ng-disabled="true" class="form-control" ng-model="state.name" />
-                  </div>
-                </div>
-                <div class="row form-group">
-                  <label class="col-sm-3">URI</label>
-                  <div class="col-sm-9">
-                    <input type="url" name="uri" ng-disabled="true" class="form-control" ng-model="state.uri" />
-                  </div>
-                </div>
-                <div class="row form-group" ng-class="{ 'has-error': roleForm.priority.$touched && roleForm.priority.$invalid }">
-                  <label class="col-sm-3">Priority</label>
-                  <div class="col-sm-9">
-                    <input type="number" name="priority" class="form-control" ng-model="state.priority" required />
-                    <div class="help-block" ng-messages="roleForm.priority.$error" ng-if="roleForm.priority.$touched">
-                      <p ng-message="required">Priority is required.</p>
-                      <p ng-message="number">Value must be a number.</p>
-                    </div>
-                  </div>
-                </div>
-                <div class="row">
-                  <label class="col-sm-3">Instances</label>
-                  <div class="col-sm-4 form-group" ng-class="{ 'has-error': roleForm.minNbrInstances.$touched && roleForm.minNbrInstances.$invalid }">
-                    <input type="text" name="minNbrInstances" class="form-control" ng-model="state.metadata.minNbrInstances" required pattern="^([1-9][0-9]*)$" />
-                  </div>
-                  <label class="col-sm-1">To</label>
-                  <div class="col-sm-3 form-group" ng-class="{ 'has-error': roleForm.maxNbrInstances.$touched && roleForm.maxNbrInstances.$invalid }">
-                    <input type="text" name="maxNbrInstances" class="form-control" ng-model="state.metadata.maxNbrInstances" required pattern="^(([1-9][0-9]*)|\*)$" />
-                  </div>
-                  <div class="help-block" ng-messages="roleForm.minNbrInstances.$error" ng-if="roleForm.minNbrInstances.$touched">
-                    <p ng-message="pattern">Value must be a positive integer.</p>
-                    <p ng-message="required">Field is required.</p>
-                  </div>
-                  <div class="help-block" ng-messages="roleForm.maxNbrInstances.$error" ng-if="roleForm.maxNbrInstances.$touched">
-                    <p ng-message="pattern">Value must be a number or *.</p>
-                    <p ng-message="required">Field is required.</p>
-                  </div>
-                </div>
-              </form>
-            </div>
-          </div>
-        </div>
-      </div>
-    </tab>
-    <tab heading="Products">
-      <div class="panel-body">
-        <div ng-repeat="state in stateObjects | filter: {entityType: 'product'}">
-          <div class="panel panel-success">
-            <div class="panel-heading" ng-mouseenter="showPopover(state, $event)">
-              <div class="pull-right btn-group">
-                <button class="btn btn-default" ng-click="setActiveState(state)">
-                  <span class="glyphicon glyphicon-plus"></span>
-                </button>
-                <button class="btn btn-default" ng-click="removeGraphItemState(state.cellId)">
-                  <span class="glyphicon glyphicon-trash"></span>
-                </button>
-              </div>
-              <h3 class="panel-title">{{state.name}}</h3>
-              <br>
-              <span>({{state.datasetName}}) </span>
-              <div style="clear: both;"></div>
-            </div>
-            <div collapse="activeState != state" class="panel-body">
-              <form name="productForm">
-
-                <div class="row form-group" ng-class="{ 'has-error': productForm.name.$touched && productForm.name.$invalid }">
-                  <label class="col-sm-3">Label</label>
-                  <div class="col-sm-9">
-                    <input type="text" name="label" class="form-control" ng-model="state.label" required />
-                    <div class="help-block" ng-messages="productForm.label.$error" ng-if="productForm.label.$touched">
-                      <p ng-message="required">A product label is required.</p>
-                    </div>
-                  </div>
-                </div>
-                <div class="row form-group">
-                  <label class="col-sm-3">Name</label>
-                  <div class="col-sm-9">
-                    <input type="text" name="name" ng-disabled="true" class="form-control" ng-model="state.name" />
-                  </div>
-                </div>
-                <div class="row form-group">
-                  <label class="col-sm-3">URI</label>
-                  <div class="col-sm-9">
-                    <input type="url" name="uri" ng-disabled="true" class="form-control" ng-model="state.uri" />
-                  </div>
-                </div>
-                <div class="row form-group" ng-class="{ 'has-error': productForm.priority.$touched && productForm.priority.$invalid }">
-                  <label class="col-sm-3">Priority</label>
-                  <div class="col-sm-9">
-                    <input type="number" name="priority" class="form-control" ng-model="state.priority" required />
-                    <div class="help-block" ng-messages="productForm.priority.$error" ng-if="productForm.priority.$touched">
-                      <p ng-message="required">Priority is required.</p>
-                    </div>
-                  </div>
-                </div>
-              </form>
-            </div>
-          </div>
-        </div>
-      </div>
-    </tab>
-    <tab heading="Links">
-      <div class="panel-body">
-        <div ng-repeat="state in stateObjects | filter: {entityType: 'link'}">
-          <div class="panel panel-success">
-            <div class="panel-heading">
-              <div class="pull-right btn-group">
-                <button class="btn btn-default" ng-click="setActiveState(state)">
-                  <span class="glyphicon glyphicon-plus"></span>
-                </button>
-                <button class="btn btn-default" ng-click="removeGraphLinkState(state.cellId)">
-                  <span class="glyphicon glyphicon-trash"></span>
-                </button>
-              </div>
-              <h3 class="panel-title">{{state.labels[0].attrs.text.text}}</h3>
-              <div style="clear: both;"></div>
-            </div>
-            <div collapse="activeState != state" class="panel-body">
-              <form label="productForm">
-                <div class="row form-group" ng-class="{ 'has-error': productForm.label.$touched && productForm.label.$invalid }">
-                  <label class="col-sm-3">Label</label>
-                  <div class="col-sm-9">
-                    <input type="text" name="label" class="form-control" ng-model="state.labels[0].attrs.text.text" />
-                  </div>
-                </div>
-                <div class="row form-group" ng-class="{ 'has-error': productForm.priority.$touched && productForm.priority.$invalid }">
-                  <label class="col-sm-3">Priority</label>
-                  <div class="col-sm-9">
-                    <input type="number" name="priority" class="form-control" ng-model="state.priority" required />
-                    <div class="help-block" ng-messages="productForm.priority.$error" ng-if="productForm.priority.$touched">
-                      <p ng-message="required">Priority is required.</p>
-                    </div>
-                  </div>
-                </div>
-              </form>
-            </div>
-          </div>
-        </div>
-      </div>
-    </tab>
-    <tab heading="Semantic Requests">
-      <div class="panel-body">
-        <div ng-repeat="request in semanticRequests">
-          <div class="panel panel-success">
-            <div class="panel-heading">
-              <div class="pull-right btn-group">
-                <button class="btn btn-default" data-ng-click="editSemanticRequest(request)">
-                  <span class="glyphicon glyphicon-pencil"></span>
-                </button>
-                <button class="btn btn-default" ng-click="">
-                  <span class="glyphicon glyphicon-trash"></span>
-                </button>
-              </div>
-              <h3 class="panel-title">{{request.name}}</h3>
-              <div style="clear: both;"></div>
-            </div>
-          </div>
-        </div>
-      </div>
-    </tab>
-
-    <tab heading="Attributes">
-      <div class="panel panel-success">
-        <div class="panel-heading">Workflow Attributes</div>
-        <div class="panel-body">
-          <form name="workflowForm">
-            <div class="row form-group" ng-class="{ 'has-error': workflowForm.name.$touched && workflowForm.name.$invalid }">
-              <label class="col-sm-3">Name</label>
-              <div class="col-sm-9">
-                <input type="text" class="form-control" name="name" ng-model="workflow.name" ng-blur="updateWorkflowAttributes()" required />
-                <div class="help-block" ng-messages="workflowForm.name.$error" ng-if="workflowForm.name.$touched">
-                  <p ng-message="required">A name is required.</p>
-                </div>
-              </div>
-            </div>
-            <div class="row form-group" ng-class="{ 'has-error': workflowForm.shortName.$touched && workflowForm.shortName.$invalid }">
-              <label class="col-sm-3">Short Name</label>
-              <div class="col-sm-9">
-                <input type="text" name="shortname" class="form-control" ng-model="workflow.shortName" ng-blur="updateWorkflowAttributes()" required />
-                <div class="help-block" ng-messages="workflowForm.shortName.$error" ng-if="workflowForm.shortName.$touched">
-                  <p ng-message="required">A short name is required.</p>
-                </div>
-              </div>
-            </div>
-            <div class="row form-group" ng-class="{ 'has-error': workflowForm.creator.$touched && workflowForm.creator.$invalid }">
-              <label class="col-sm-3">Creator</label>
-              <div class="col-sm-9">
-                <input type="text" name="creator" class="form-control" ng-model="workflow.creatorName" ng-blur="updateWorkflowAttributes()" required />
-                <div class="help-block" ng-messages="workflowForm.creator.$error" ng-if="workflowForm.creator.$touched">
-                  <p ng-message="required">A creator is required.</p>
-                </div>
-              </div>
-            </div>
-            <div class="row">
-              <label class="col-sm-3">Description</label>
-              <div class="col-sm-9">
-                <input type="text" class="form-control" ng-model="workflow.description" ng-blur="updateWorkflowAttributes()" />
-              </div>
-            </div>
-          </form>
-        </div>
-      </div>
-
-    </tab>
-    <tab heading="Lifecycle Events">
-      <div class="panel panel-success">
-        <div class="panel-heading">Lifecycle Events</div>
-        <div class="panel-body">
-          <div class="btn-group">
-            <label class="btn btn-primary " ng-model="lifecycle.type" uib-btn-radio="'OnStart'">OnStart</label>
-            <label class="btn btn-primary " ng-model="lifecycle.type" uib-btn-radio="'OnEnd'">OnEnd</label>
-            <label class="btn btn-primary " ng-model="lifecycle.type" uib-btn-radio="'OnAuth'">OnAuth</label>
-          </div>
-          <button class="btn btn-primary" type="button" data-ng-click="addLifecycleEvent()" style="margin-left: 8px;">
-            <span class="glyphicon glyphicon-plus"></span>
-          </button>
-          <div style="margin-top: 4px;">
-            <input class="form-control ng-pristine ng-valid ng-valid-required ng-touched" ng-show="lifecycle.type === 'OnAuth'" type="text" placeholder="Identity" ng-model="lifecycle.identity" />
-          </div>
-          <div ng-repeat="lc in workflow.lifecycleEvents | orderBy : lifecycleSort: true">
-            <div class="rounded-corners-block" ng-class="{'label-success': lc['@class'].indexOf('OnStart') > -1 , 'label-danger': lc['@class'].indexOf('OnEnd') > -1, 'label-info': lc['@class'].indexOf('OnAuth') > -1}">
-              <span>
-                  &nbsp;{{lc['@class'].substring(lc['@class'].lastIndexOf(".") + 1);}}
-                </span>
-              <span style="color: #6E6E6E; word-break: break-all;" ng-show="lc.identity">&nbsp;&nbsp;{{lc.identity}}</span>
-
-              <div class="pull-right btn-group">
-                <button class="btn btn-default" ng-click="editLifecyclecommands(lc)">
-                  <span class="glyphicon glyphicon-plus"></span>
-                </button>
-                <button class="btn btn-default" ng-click="deleteLifecycleEvent(lc)">
-                  <span class="glyphicon glyphicon-trash"></span>
-                </button>
-              </div>
-              <div class="pull-right">
-                <span ng-click="" style="font-size: 28px;">
-                  {{lc.commands.length}}&nbsp;&nbsp;
-                </span>
-              </div>
-            </div>
-          </div>
-        </div>
-      </div>
-    </tab>
-
-    <tab heading="QoS">
-      <div class="panel-body">
-        <div class="panel panel-primary">
-          <div class="panel-heading">
-            <span style="font-weight: bold;">New Priority:</span>
-          </div>
-          <div class="panel-primary" style="margin-left: 7px; height: 35px; line-height: 35px;">
-            <label>Product: </label>&nbsp;<span>{{qosSelection.product.item.name}}</span>
-            <div class="btn-group pull-right">
-              <button class="btn btn-default" ui-sref="workflows.editor.selectProduct">
-                <span class="glyphicon glyphicon-search"></span>
-              </button>
-              <button class="btn btn-default" ng-click="clearProductSelection()">
-                <span class="glyphicon glyphicon-erase"></span>
-              </button>
-            </div>
-          </div>
-          <div class="panel-primary" style="margin-left: 7px; height: 35px; line-height: 35px;">
-            <label>Role: </label>&nbsp;<span>{{qosSelection.role.item.name}}</span>
-            <div class="btn-group pull-right">
-              <button class="btn btn-default" ui-sref="workflows.editor.selectRole">
-                <span class="glyphicon glyphicon-search"></span>
-              </button>
-              <button class="btn btn-default" ng-click="clearRoleSelection()">
-                <span class="glyphicon glyphicon-erase"></span>
-              </button>
-            </div>
-            <br />
-          </div>
-          <div class="panel-primary" style="margin-left: 7px; height: 35px; line-height: 35px;">
-            <label>Directionality: </label>
-            <div class="btn-group pull-right">
-              <select data-ng-model="qosSelection.direction" data-ng-hide="qosSelection.product.item.name == 'Not Set' || qosSelection.role.item.name == 'Not Set'" class="form-control">
-                <option value="Producing" selected="selected">Producing</option>
-                <option value="Consuming">Consuming</option>
-              </select>
-              <span data-ng-show="qosSelection.product.item.name == 'Not Set' || qosSelection.role.item.name == 'Not Set'">N/A&nbsp;</span>
-            </div>
-            <br />
-          </div>
-          <div class="panel-primary" style="margin-left: 7px; height: 35px; line-height: 35px;">
-            <label>Priority</label>
-            <div class="pull-right">
-              <input type="number" name="priority" class="form-control" ng-model="qosSelection.priority" required />
-
-            </div>
-          </div>
-          <button class="btn" style="margin: 3px;" id="newPrioBtn" ng-click="createNewPrioritySetting()">Set Priority</button>
-        </div>
-
-        <div class="panel panel-primary">
-          <div class="panel-heading">
-            <span style="font-weight: bold;">Existing Priority Settings:</span>
-          </div>
-          <table style="table-layout:fixed; width: 100%;">
-            <thead>
-              <tr style="background-color: #cccccc;">
-                <th style="width: 70px;">&nbsp;Type</th>
-                <th>Name</th>
-                <th style="width: 60px;">Priority</th>
-                <th style="width: 60px; text-align: center;">Edit</th>
-              </tr>
-            </thead>
-            <!-- Roles -->
-            <tr ng-repeat="state in stateObjects | filter: {entityType: 'role'}">
-              <td>
-                <label>&nbsp;Role</label>
-              </td>
-              <td style="word-wrap:break-word;">{{state.name}}</td>
-              <td>
-                <div ng-show="currentPriorityEntry == state.uri">
-                  <input type="number" name="existingPriority" class="form-control" ng-change="setActiveState(state)" ng-blur="notifyPriorityChanged(state.priority)" ng-model="state.priority" />
-                </div>
-                <div ng-show="currentPriorityEntry != state.uri">{{state.priority}}</div>
-              </td>
-              <td align="right">
-                <button class="btn btn-default" ng-click="setCurrentPriorityEdit(state.uri)">
-                  <span class="glyphicon glyphicon-pencil"></span>
-                </button>
-              </td>
-            </tr>
-            <!-- Products -->
-            <tr ng-repeat="state in stateObjects | filter: {entityType: 'product'}">
-              <td>
-                <label>&nbsp;Product</label>
-              </td>
-              <td style="word-wrap:break-word;">{{state.name}}</td>
-              <td style="width: 70px;">
-                <div ng-show="currentPriorityEntry == state.uri">
-                  <input type="number" name="existingPriority" class="form-control" ng-change="setActiveState(state)" ng-blur="notifyPriorityChanged(state.priority)" ng-model="state.priority" />
-                </div>
-                <div ng-show="currentPriorityEntry != state.uri">{{state.priority}}</div>
-              </td>
-              <td align="right">
-                <button class="btn btn-default" ng-click="setCurrentPriorityEdit(state.uri)">
-                  <span class="glyphicon glyphicon-pencil"></span>
-                </button>
-              </td>
-            </tr>
-
-            <!-- Links -->
-            <tr ng-repeat="state in stateObjects | filter: {entityType: 'link'}">
-              <td>
-                <label>&nbsp;Link</label>
-              </td>
-              <td style="word-wrap:break-word;">{{state.name}}</td>
-              <td style="width: 70px;">
-                <div ng-show="currentPriorityEntry == state.name">
-                  <input type="number" name="existingPriority" class="form-control" ng-change="setActiveState(state)" ng-blur="notifyPriorityChanged(state.priority)" ng-model="state.priority" />
-                </div>
-                <div ng-show="currentPriorityEntry != state.name">{{state.priority}}</div>
-              </td>
-              <td align="right">
-                <button class="btn btn-default" ng-click="setCurrentPriorityEdit(state.name)">
-                  <span class="glyphicon glyphicon-pencil"></span>
-                </button>
-              </td>
-            </tr>
-          </table>
-        </div>
-      </div>
-</div>
-</tab>
-</tabset>
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_roles.html b/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_roles.html
deleted file mode 100644
index 4893a6bd..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_roles.html
+++ /dev/null
@@ -1,37 +0,0 @@
-<div class="row top-buffer">
-    <div class="col-md-12">
-        <table st-table="rowCollection" class="table table-striped">
-            <thead>
-                <tr>
-                    <th>Delete</th>
-                    <th>Role Name</th>
-                    <th>Publications</th>
-                    <th>Subscriptions</th>
-                    <th>Priority</th>
-                </tr>
-            </thead>
-            <tbody>
-                <tr ng-repeat="row in rowCollection">
-                    <td>
-                        <button type="button" ng-click="removeRow(row)"
-                            class="btn btn-xs btn-danger">
-                            <i class="glyphicon glyphicon-remove"> </i>
-                        </button>
-                    </td>
-                    <td>{{row.roleName}}</td>
-                    <td>{{row.Publications}}</td>
-                    <td>{{row.Subscriptions}}</td>
-                    <td>{{row.Priority}}</td>
-                </tr>
-            </tbody>
-            <tfoot>
-                <tr>
-                    <td colspan="5" class="text-center">
-                        <div st-pagination="" st-items-by-page="itemsByPage"
-                            st-displayed-pages="7"></div>
-                    </td>
-                </tr>
-            </tfoot>
-        </table>
-    </div>
-</div>
diff --git a/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_subscriptions.html b/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_subscriptions.html
deleted file mode 100644
index cd0b8db5..00000000
--- a/src/federation-hub-ui/src/main/webapp/views/workflows/workflow_subscriptions.html
+++ /dev/null
@@ -1,37 +0,0 @@
-<div class="row top-buffer">
-    <div class="col-md-12">
-        <table st-table="rowCollection" class="table table-striped">
-            <thead>
-                <tr>
-                    <th>Delete</th>
-                    <th>IO Type</th>
-                    <th>Publishers</th>
-                    <th>Subscribers</th>
-                    <th>Priority</th>
-                </tr>
-            </thead>
-            <tbody>
-                <tr ng-repeat="row in rowCollection">
-                    <td>
-                        <button type="button" ng-click="removeRow(row)"
-                            class="btn btn-xs btn-danger">
-                            <i class="glyphicon glyphicon-remove"> </i>
-                        </button>
-                    </td>
-                    <td>{{row.ioType}}</td>
-                    <td>{{row.Publishers}}</td>
-                    <td>{{row.Subscribers}}</td>
-                    <td>{{row.Priority}}</td>
-                </tr>
-            </tbody>
-            <tfoot>
-                <tr>
-                    <td colspan="5" class="text-center">
-                        <div st-pagination="" st-items-by-page="itemsByPage"
-                            st-displayed-pages="7"></div>
-                    </td>
-                </tr>
-            </tfoot>
-        </table>
-    </div>
-</div>
diff --git a/src/gradle.properties b/src/gradle.properties
index 0ebb1f27..a029ad1a 100644
--- a/src/gradle.properties
+++ b/src/gradle.properties
@@ -7,17 +7,30 @@ commons_lang_version = 3.12.0
 # As of 06/2022 2.1.3 released 04/2020 is the latest with no known vulnerabilities
 dom4j_version = 2.1.3
 
-httpcomponents_version = 4.5.13
-slf4j_version = 1.7.32
-logback_version = 1.2.11
-log4j_api_version = 2.17.1
+#httpcomponents_version = 4.5.13
+# NEW_VERSION
+httpcomponents_version = 5.1.4
+httpcomponents_httpmime_version=4.5.14
+# slf4j_version = 1.7.32
+# NEW_VERSION
+slf4j_version = 2.0.7
+#logback_version = 1.2.11
+# NEW_VERSION
+logback_version = 1.4.8
+#log4j_api_version = 2.17.1
+# NEW_VERSION
+log4j_api_version = 2.19.0
+logback_jackson_version = 0.1.5
+janino_version= 3.1.10
 # Switched versions of of postgres to address xray reported vulnerability
 #postgres_version = 42.2.5
 postgres_version = 42.5.1
 
 # Previous 5.3.21   released 06/2022 
 # Current 5.3.28    released 06/2023
-spring_version = 5.3.28
+#spring_version = 5.3.28
+# NEW_VERSION
+spring_version = 6.0.11
 
 # Current	5.3.8.RELEASE		released	04/2021
 # Candidate	5.3.13.RELEASE		released	12/2021
@@ -25,18 +38,11 @@ spring_version = 5.3.28
 # Candidate	5.6.3			released	04/2022
 #spring_security_version = 5.7.2
 # Version recommended by xray
-spring_security_version = 5.7.5
+# spring_security_version = 5.7.5
+# NEW_VERSION
+spring_security_version = 6.0.5
 
-# Current	2.5.0.RELEASE		released	05/2020
-# Candidate	2.5.1.RELEASE		released	04/2021
-# Candidate	2.5.2.RELEASE		released	04/2022
-spring_security_oauth_version = 2.5.2.RELEASE
-
-# Current	2.4.0			released	11/2020
-# Candidate	2.4.13			released	11/2021
-# Candidate	2.5.12			released	03/2022
-# Candidate	2.6.6			released	03/2022
-spring_security_oauth2_autoconfigure_version = 2.6.8
+spring_security_oauth2_authorization_server_version = 1.1.3
 
 # Deprecated: https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide
 # Spring suggests com.nimbusds:nimbus-jose-jwt:9.22
@@ -46,7 +52,9 @@ spring_security_jwt_version = 1.1.1.RELEASE
 # Candidate	2.4.13			released	11/2021
 # Candidate	2.5.13			released	04/2022
 # Candidate	2.6.7			released	04/2022
-spring_boot_version = 2.7.1
+# spring_boot_version = 2.7.1
+# NEW_VERSION
+spring_boot_version = 3.0.9
 
 # Renamed io.awspring.cloud.spring-cloud-starter-aws
 # Current	2.2.3.RELEASE		released	06/2020
@@ -66,15 +74,25 @@ spring_data_commons_version = 2.7.1
 # Candidate 	2.4.15			released	11/2021
 # Candidate 	2.5.11			released	04/2022
 # Candidate	2.6.4			released	04/2022
-spring_data_version = 2.7.1
-
-micrometer_cloudwatch_version = 1.5.5
-jts_version = 1.18.0
+#spring_data_version = 2.7.1
+# NEW_VERSION
+spring_data_version = 3.0.8
+
+#micrometer_cloudwatch_version = 1.5.5
+# NEW_VERSION
+micrometer_version= 1.10.9
+
+#jts_version = 1.18.0
+# NEW_VERSION
+#jts_version = 1.18.2
+jts_version = 1.19.0
 guava_version = 30.1-jre
 intellij_annotations_version = 12.0
 
 # Current	2.13.3          released    05/2022 with no known vulnerabilities as of 06/2022
-jackson_version = 2.13.3
+#jackson_version = 2.13.3
+# NEW_VERSION
+jackson_version = 2.14.3
 
 # Current	1.2.0           released    04/2019 with no known vulnerabilities as of 06/2022
 jaxen_version = 1.2.0
@@ -87,51 +105,74 @@ classmate_version = 1.4.0
 commons_collections_version = 4.2
 commons_fileupload_version = 1.5
 commons_io_version = 2.11.0
-commons_pool_version = 2.6.0
+#commons_pool_version = 2.6.0
+# NEW_VERSION
+commons_pool_version = 2.11.1
 commons_validator_version = 1.7
-concurrent_hashmap_version = 1.0
+#concurrent_hashmap_version = 1.0
 # Upgrade from 2.2.0.0 to 2.3.0.0 to deal with xray reported vulnerability
 esapi_version = 2.3.0.0
-#esapi_version = 2.2.0.0
+# NEW_VERSION. Logger not found!
+#esapi_version = 2.5.2.0
 
 # Current	7.0.4.Final			released	03/2022
-hibernate_validator_version = 7.0.4.Final
+#hibernate_validator_version = 7.0.4.Final
+# NEW_VERSION
+hibernate_validator_version = 8.0.1.Final
 
 # Current	5.6.8.Final		released	04/2022
-hibernate_version = 5.6.8.Final
+#hibernate_version = 5.6.8.Final
+# NEW_VERSION
+hibernate_version = 6.1.7.Final
 
-hikaricp_version=3.3.1
+# NEW_VERSION
+hibernate_entitymanager_version = 6.0.0.Alpha7
+
+# hikaricp_version=3.3.1
+# NEW_VERSION
+hikaricp_version=5.0.1
 
 # Deprecated in favor of javax.persistence:javax.persistence-api:2.2
 # Binary Incompatible
-hibernate_jpa_version = 1.0.2.Final
+#hibernate_jpa_version = 1.0.2.Final
 
-jandex_version = 2.1.0.Final
+#jandex_version = 2.1.0.Final
 javassist_version = 3.24.1-GA
-javax_inject_version = 1
-javax_persistence_version = 2.1.0
-javax_persistence_api_version = 2.2
+#javax_inject_version = 1
+#javax_persistence_version = 2.1.0
+#javax_persistence_api_version = 2.2
+# NEW_VERSION
+jakarta_persistence_api_version = 3.1.0
+
 
 # As of 06/2022 2.3.6 released 01/2022 is the latest with no known vulnerabilities that supports the latest java.xml.bind:jaxb-api
 # Candidate 4.0.0       released    06/2022 with no known vulnerabilities as of 06/2022. Has jaxb generation issues. It seems https://eclipse-ee4j.github.io/jaxb-ri/ has replaced the older java authored api one and this may be a larger task to update to 4.0.0
-jaxb_glassfish_version = 2.3.6
+#jaxb_glassfish_version = 2.3.6
+# NEW_VERSION
+jaxb_glassfish_version = 4.0.3
 
 # As of 06/2022 2.3.0.1 release 05/2018 is the latest with no known vulnerabilites that supports the latest java.xml.bind:jaxb-api
-jaxb_glassfish_core_version = 2.3.0.1
+#jaxb_glassfish_core_version = 2.3.0.1
 
 # As of 06/2022 2.3.1 released 08/2018 is the latest with no known vulnerabilities
-jaxb_api_version = 2.3.1
-
-javax_annotation_api_version = 1.3.2
-javax_activation_version = 1.1.1
-jboss_logging_version = 3.3.2.Final
-javax_transaction_version = 1.0.0.Final
+#jaxb_api_version = 2.3.1
+#NEW_VERSION
+jakarta_xml_bind_api_version = 4.0.1
+
+jakarta_xml_ws_api_version = 4.0.1
+jakarta_xml_soap_api_version = 3.0.1
+
+#javax_annotation_api_version = 1.3.2
+#javax_activation_version = 1.1.1
+jakarta_activation_api_version = 2.1.2
+#jboss_logging_version = 3.3.2.Final
+#javax_transaction_version = 1.0.0.Final
 jcommander_version = 1.72
 
 # As of 06/2022 1.1.1 released 03/2012 is the latest with no known vulnerabilities
 json_simple_version = 1.1.1
 
-jsr311_version = 1.1.1
+#jsr311_version = 1.1.1
 libidn_version = 1.15
 prettytime_version = 4.0.2.Final
 
@@ -158,14 +199,25 @@ flyway_version = 9.8.3
 jaxwsrt_version = 2.3.6
 
 # Current		2.9.0       released    02/2022 with no known vulnberabilities as of 06/2022
-gson_version = 2.9.0
+#gson_version = 2.9.0
+# NEW_VERSION
+gson_version = 2.9.1
 
 # Candidate 	10.0.20		released	04/2022 Build Failures
 # Current		9.0.62		released	04/2022
-tomcat_version = 9.0.78
+#tomcat_version = 9.0.78
+# NEW_VERSION
+tomcat_version = 10.1.11
 
 servlet_api_version = 4.0.1
-mail_api_version = 1.6.2
+
+jetty_server_version = '11.0.11'
+
+jakarta_servlet_api_version = '6.0.0'
+#jstl_version = 1.2
+# mail_api_version = 1.6.2
+# NEW_VERSION
+jakarta_mail_api_version = 2.1.2
 json_org_version = 20180813
 opencsv_version = 4.4
 
@@ -176,6 +228,7 @@ opencsv_version = 4.4
 netty_version = 4.1.77.Final
 netty_handler_version = 4.1.77.Final
 netty_tcnative_version = 2.0.53.Final
+netty_quic_version = 0.0.29.Final
 grpc_version = 1.49.1
 
 # keep this up to date with the version gRPC is expecting
@@ -197,16 +250,28 @@ ignite_version = 2.15.0
 ignite_spring_cache_version = 1.0.0
 
 h2_version = 1.4.197
-mockito_version = 2.28.2
+# NEW_VERSION
+#h2_version = 2.1.214
+#h2_version = 2.2.222
+#mockito_version = 2.28.2
+# NEW_VERSION
+mockito_version = 4.8.1
 jsonwebtoken_version = 0.9.1
 caffeine_version = 3.0.2
 gradle_shadow_version = 7.1.2
 whack_version = 2.0.1
 gradle_protobuf_version = 0.9.0
 gradle_proguard_version = 5.2.1
-persistence_version = 2.2.3
+#persistence_version = 2.2.3
 annotation_api_version = 1.3.2
-snake_yaml_version = 1.30
+#snake_yaml_version = 1.30
+# NEW_VERSION
+snake_yaml_version = 2.0
 protobuf_java_version = 3.21.7
-springdoc_version = 1.6.9
+#springdoc_version = 1.6.9
+# NEW_VERSION
+springdoc_version = 2.2.0
 okhttp3_version = 4.10.0
+
+# Will try to remove this dependency
+javax_servlet_version = 2.5
diff --git a/src/takserver-cluster/build.gradle b/src/takserver-cluster/build.gradle
index 390eef1f..250b3e2b 100644
--- a/src/takserver-cluster/build.gradle
+++ b/src/takserver-cluster/build.gradle
@@ -51,12 +51,14 @@ task moveCoreConfig(type: Copy) {
     dependsOn copyClusterProperties
     dependsOn copyClusterConfig
     from project(':takserver-cluster').file('build/takserver-core/CoreConfig.xml')
+    from project(':takserver-cluster').file('build/takserver-core/TAKIgniteConfig.xml')
     into "$buildDir"
 }
 
 task deleteCoreConfig(type: Delete) {
     dependsOn moveCoreConfig
     delete project(':takserver-cluster').file('build/takserver-core/CoreConfig.xml')
+    delete project(':takserver-cluster').file('build/takserver-core/TAKIgniteConfig.xml')
 }
 
 task copyDockerFiles(type: Copy) {
diff --git a/src/takserver-cluster/deployments/helm/production-values.yaml b/src/takserver-cluster/deployments/helm/production-values.yaml
index 47920630..37f12075 100644
--- a/src/takserver-cluster/deployments/helm/production-values.yaml
+++ b/src/takserver-cluster/deployments/helm/production-values.yaml
@@ -1,6 +1,8 @@
 imagePullSecret: reg-cred
 certConfigMapName: cert-migration
 coreConfigMapName: core-config
+# 'ignite-config' is used for the actual ignite config so the prefix is added
+takIgniteConfigMapName: tak-ignite-config
 
 takserver:
   ingress:
@@ -27,6 +29,18 @@ takserver:
       fedv2:
         annotations: {}
         host: ""
+  config:
+    image:
+      repository: docker-devtest-local.artifacts.tak.gov/takserver-cluster/takserver-config
+      tag: config-provisioned
+    replicas: 1
+    resources:
+      requests:
+        cpu: 2
+        memory: 1Gi
+      limits:
+        cpu: 2
+        memory: 1Gi
   messaging:
     image:
       repository: docker-devtest-local.artifacts.tak.gov/takserver-cluster/takserver-messaging
diff --git a/src/takserver-cluster/deployments/helm/templates/takserver-core-deployment.yaml b/src/takserver-cluster/deployments/helm/templates/takserver-core-deployment.yaml
index b3e28fd3..63e55a2c 100644
--- a/src/takserver-cluster/deployments/helm/templates/takserver-core-deployment.yaml
+++ b/src/takserver-cluster/deployments/helm/templates/takserver-core-deployment.yaml
@@ -37,7 +37,7 @@ spec:
             exec:
               command:
               - /messaging-readiness.sh
-            initialDelaySeconds: 20
+            initialDelaySeconds: 80
             periodSeconds: 5
           livenessProbe:
             exec:
@@ -45,10 +45,13 @@ spec:
               - /messaging-readiness.sh
             initialDelaySeconds: 120
             periodSeconds: 30
-            failureThreshold: 5
+            failureThreshold: 6
           volumeMounts:
             - name: config #The name(key) value must match pod volumes name(key) value
-              mountPath: /certs/files/
+              mountPath: /certs-configmap/
+            - name: tak-ignite-config
+              mountPath: /TAKIgniteConfig.xml
+              subPath: TAKIgniteConfig.xml
             - name: core-config
               mountPath: /CoreConfig.xml
               subPath: CoreConfig.xml
@@ -56,6 +59,9 @@ spec:
         - name: config
           configMap:
             name: "{{ .Values.certConfigMapName }}"
+        - name: tak-ignite-config
+          configMap:
+            name: "{{ .Values.takIgniteConfigMapName }}"
         - name: core-config
           configMap:
             name: "{{ .Values.coreConfigMapName }}"
@@ -104,17 +110,75 @@ spec:
             initialDelaySeconds: 1
             periodSeconds: 1
           livenessProbe:
-            tcpSocket:
-              port: 8443
+            exec:
+              command:
+              - /api-readiness.sh
             initialDelaySeconds: 180
             periodSeconds: 10
-            failureThreshold: 3
+            failureThreshold: 4
+          volumeMounts:
+            - name: config #The name(key) value must match pod volumes name(key) value
+              mountPath: /certs-configmap/
+            - name: tak-ignite-config
+              mountPath: /TAKIgniteConfig.xml
+              subPath: TAKIgniteConfig.xml
+      volumes:
+        - name: config
+          configMap:
+            name: "{{ .Values.certConfigMapName }}"
+        - name: tak-ignite-config
+          configMap:
+            name: "{{ .Values.takIgniteConfigMapName }}"
+
+      imagePullSecrets:
+        - name: "{{ .Values.imagePullSecret }}"
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: takserver-config
+spec:
+  selector:
+      matchLabels:
+        app: takserver-config
+  replicas: {{ .Values.takserver.config.replicas }}
+  template:
+    metadata:
+      labels:
+        app: takserver-config
+    spec:
+      serviceAccountName: takserver-ignite
+      containers:
+        - name: takserver-config 
+          image: "{{ .Values.takserver.config.image.repository }}:{{ .Values.takserver.config.image.tag }}"
+          resources:
+            requests:
+              cpu: "{{ .Values.takserver.config.resources.requests.cpu }}"
+              memory: "{{ .Values.takserver.config.resources.requests.memory }}"
+            limits:
+              cpu: "{{ .Values.takserver.config.resources.limits.cpu }}"
+              memory: "{{ .Values.takserver.config.resources.limits.memory }}"
+          readinessProbe:
+            exec:
+              command:
+              - /config-readiness.sh
+            initialDelaySeconds: 1
+            periodSeconds: 1
+          livenessProbe:
+            tcpSocket:
+              port: 10800
+            initialDelaySeconds: 20
+            periodSeconds: 10
+            failureThreshold: 4
           volumeMounts:
             - name: config #The name(key) value must match pod volumes name(key) value
-              mountPath: /certs/files/
+              mountPath: /certs-configmap/
             - name: core-config
               mountPath: /CoreConfig.xml
               subPath: CoreConfig.xml
+            - name: tak-ignite-config
+              mountPath: /TAKIgniteConfig.xml
+              subPath: TAKIgniteConfig.xml
       volumes:
         - name: config
           configMap:
@@ -122,6 +186,9 @@ spec:
         - name: core-config
           configMap:
             name: "{{ .Values.coreConfigMapName }}"
+        - name: tak-ignite-config
+          configMap:
+            name: "{{ .Values.takIgniteConfigMapName }}"
 
       imagePullSecrets:
         - name: "{{ .Values.imagePullSecret }}"
diff --git a/src/takserver-cluster/deployments/helm/templates/takserver-plugins-deployment.yaml b/src/takserver-cluster/deployments/helm/templates/takserver-plugins-deployment.yaml
index 4873d622..f0a10b26 100644
--- a/src/takserver-cluster/deployments/helm/templates/takserver-plugins-deployment.yaml
+++ b/src/takserver-cluster/deployments/helm/templates/takserver-plugins-deployment.yaml
@@ -27,10 +27,12 @@ spec:
               cpu: {{ .Values.takserver.api.resources.limits.cpu }}
           volumeMounts:
             - name: config #The name(key) value must match pod volumes name(key) value
-              mountPath: /certs/files/
+              mountPath: /certs-configmap/
             - name: core-config
               mountPath: /CoreConfig.xml
               subPath: CoreConfig.xml
+            - name: tak-ignite-config
+              mountPath: /TAKIgniteConfig.xml
       volumes:
         - name: config
           configMap:
@@ -38,6 +40,10 @@ spec:
         - name: core-config
           configMap:
             name: {{ .Values.coreConfigMapName}}
+        - name: tak-ignite-config
+          configMap:
+            name: {{ .Values.takIgniteConfigMapName }}
+
       imagePullSecrets:
         - name: {{ .Values.imagePullSecret }}
 {{- end }}
diff --git a/src/takserver-cluster/docker-files/Dockerfile.takserver-base b/src/takserver-cluster/docker-files/Dockerfile.takserver-base
index 0ba768ba..30559944 100644
--- a/src/takserver-cluster/docker-files/Dockerfile.takserver-base
+++ b/src/takserver-cluster/docker-files/Dockerfile.takserver-base
@@ -1,26 +1,29 @@
 FROM eclipse-temurin:17-jammy
+RUN apt-get update && apt-get install -y emacs-nox net-tools netcat
 COPY takserver-core/takserver-core*.war takserver.war
-COPY takserver-usermanager/UserManager.jar .
-COPY CoreConfig.xml .
-COPY takserver-schemamanager/SchemaManager.jar .
-COPY takserver-core/logging-restrictsize.xml .
-COPY takserver-core/takserver.sh .
-COPY takserver-core/API/takserver-api-cluster.sh .
-COPY takserver-core/messaging/takserver-messaging-cluster.sh .
-COPY takserver-core/UserAuthenticationFile.xml .
-COPY takserver-core/setenv-cluster.sh ./setenv.sh
-COPY takserver-core/enable_admin.sh .
-COPY takserver-core/messaging-readiness.sh .
-COPY takserver-core/api-readiness.sh .
-COPY takserver-schemamanager/db-connection-configuration.sh .
-RUN chmod +x takserver-api-cluster.sh && \
+COPY takserver-core/setenv-cluster.sh setenv.sh
+COPY takserver-usermanager/UserManager.jar \
+	CoreConfig.xml \
+	takserver-schemamanager/SchemaManager.jar \
+	takserver-core/logging-restrictsize.xml \
+	takserver-core/takserver.sh \
+	takserver-core/config/takserver-config-cluster.sh \
+	takserver-core/API/takserver-api-cluster.sh \
+	takserver-core/messaging/takserver-messaging-cluster.sh \
+	takserver-core/UserAuthenticationFile.xml \
+	takserver-core/enable_admin.sh \
+	takserver-core/messaging-readiness.sh \
+	takserver-core/config-readiness.sh \
+	takserver-core/api-readiness.sh \
+	takserver-schemamanager/db-connection-configuration.sh .
+RUN chmod +x takserver-config-cluster.sh && \
+	chmod +x takserver-api-cluster.sh && \
 	chmod +x takserver-messaging-cluster.sh && \
+	chmod +x config-readiness.sh && \
 	chmod +x messaging-readiness.sh && \
 	chmod +x api-readiness.sh && \
 	chmod +x setenv.sh && \
 	chmod +x db-connection-configuration.sh && \
-	apt-get update && \
-	apt-get install -y emacs-nox net-tools netcat 
-RUN chmod +x takserver.sh
+	chmod +x takserver.sh
 RUN ./db-connection-configuration.sh
 CMD ["jshell"]
diff --git a/src/takserver-cluster/docker-files/Dockerfile.takserver-config b/src/takserver-cluster/docker-files/Dockerfile.takserver-config
new file mode 100644
index 00000000..8770752a
--- /dev/null
+++ b/src/takserver-cluster/docker-files/Dockerfile.takserver-config
@@ -0,0 +1,4 @@
+ARG TAKSERVER_IMAGE_REPO=docker-devtest-local.artifacts.tak.gov/takserver-cluster/takserver-base
+ARG TAKSERVER_IMAGE_TAG=core-base
+FROM ${TAKSERVER_IMAGE_REPO}:${TAKSERVER_IMAGE_TAG}
+CMD ["sh", "takserver-config-cluster.sh"]
diff --git a/src/takserver-cluster/scripts/build-eks.py b/src/takserver-cluster/scripts/build-eks.py
index ec96f1f3..7e6fbef1 100644
--- a/src/takserver-cluster/scripts/build-eks.py
+++ b/src/takserver-cluster/scripts/build-eks.py
@@ -40,6 +40,10 @@
 AWS_ECR_URI = ''
 TAK_PLUGINS = os.environ['TAK_PLUGINS']
 
+# How many pods to multiply the count by for all tak services
+TAK_POD_MULTIPLIER = 3
+# The percentage of pods to allocate to the messaging service
+TAK_POD_MESSAGING_PERCENTAGE = .667
 
 # RDS DB Config
 TAK_DB_USERNAME = os.environ['TAK_DB_USERNAME']
@@ -157,9 +161,10 @@ def modEksClusterConfig():
 	save_yaml(CLUSTER_CONFIG_FILE, eks_yaml)
 
 def adjustDeploymentsByNumberOfNodes():
-	max_tak_pods = int(TAK_CLUSTER_NODE_COUNT) * 3
+	max_tak_pods = int(TAK_CLUSTER_NODE_COUNT) * TAK_POD_MULTIPLIER
 
-	total_msg = math.floor(max_tak_pods * .667)
+	# Negating one to account for configuration pod
+	total_msg = math.floor(max_tak_pods * TAK_POD_MESSAGING_PERCENTAGE - 1)
 	total_loadbalancer = int(round(total_msg / 5, 0))
 
 	loadbalancer_yaml = load_yaml(LOAD_BALANCER_DEPLOYMENT_FILE)
@@ -453,13 +458,22 @@ def generateTakseverCertificates():
 def addCoreConfigMap():
 	fp = os.path.join(CLUSTER_HOME_DIR, 'CoreConfig.xml')
 	if not os.path.isfile(fp):
-		printJson('No CoreConfig.source.xml found. It should be located in the root of the cluster directory!')
+		printJson('No CoreConfig.xml found. It should be located in the root of the cluster directory!')
 		sys.exit(1)
 
-	print('Loading CoreConfig.source.xml found in cluster root into the cluster ConfigMap.')
+	print('Loading CoreConfig.xml found in cluster root into the cluster ConfigMap.')
 	config_map_cmd = 'kubectl create configmap core-config --from-file="' + fp + '" --dry-run=client -o yaml >' + CLUSTER_HOME_DIR +  '/deployments/helm/templates/core-config.yaml'
 	runCmd(config_map_cmd)
 
+def addIgniteConfigMap():
+	fp = os.path.join(CLUSTER_HOME_DIR, 'TAKIgniteConfig.xml')
+	if not os.path.isfile(fp):
+		printJson('No TAKIgniteConfig.xml found. It should be located in the root of the cluster directory!')
+		sys.exit(1)
+
+	print('Loading TAKIgniteConfig.xml found in cluster root into the cluster ConfigMap.')
+	config_map_cmd = 'kubectl create configmap tak-ignite-config --from-file="' + fp + '" --dry-run=client -o yaml >' + CLUSTER_HOME_DIR +  '/deployments/helm/templates/tak-ignite-config.yaml'
+	runCmd(config_map_cmd)
 
 # Deploy Takserver Core
 def publishTakserverCoreImages():
@@ -470,6 +484,7 @@ def publishTakserverCoreImages():
 	if cmd_status == 0:
 		build_dependent_dockerfiles_cmd = ('cd ' + CLUSTER_HOME_DIR + ' && docker build -t ' + AWS_ECR_URI + ':messaging-provisioned -f docker-files/Dockerfile.takserver-messaging --build-arg TAKSERVER_IMAGE_REPO=' + AWS_ECR_URI + ' .'
 						  + ' && docker build -t ' + AWS_ECR_URI + ':api-provisioned -f docker-files/Dockerfile.takserver-api --build-arg TAKSERVER_IMAGE_REPO=' + AWS_ECR_URI + ' .'
+						  + ' && docker build -t ' + AWS_ECR_URI + ':config-provisioned -f docker-files/Dockerfile.takserver-config --build-arg TAKSERVER_IMAGE_REPO=' + AWS_ECR_URI + ' .'
 						 + ' && docker push ' + AWS_ECR_URI + ' --all-tags')
 
 		build_dependent_dockerfiles_cmd_status = runCmd(build_dependent_dockerfiles_cmd)
@@ -657,10 +672,18 @@ def validate_helm_deployment():
 	installHelmChart(True)
 
 def installHelmChart(dry_run=False):
-	max_tak_pods = int(TAK_CLUSTER_NODE_COUNT) * 3
+	max_tak_pods = int(TAK_CLUSTER_NODE_COUNT) * TAK_POD_MULTIPLIER
+
+	# Negating one to account for configuration pod
+	total_msg = math.floor(max_tak_pods * TAK_POD_MESSAGING_PERCENTAGE - 1)
+
+	# If plugins are enabled negate one more pod from the msg process to account for it
+	if TAK_PLUGINS == '1':
+		total_msg = total_msg - 1
+
+	# Allocate the remaining pods to api minus one for the config service
+	total_api = max_tak_pods - total_msg - 1
 
-	total_msg = math.floor(max_tak_pods * .667)
-	total_api = max_tak_pods - total_msg
 	total_ignite = max(1, int(round(total_msg / 5, 0)))
 	total_nats = max(1, int(round(total_msg / 5, 0)))
 	password = runCmd("aws ecr get-login-password")
@@ -686,8 +709,10 @@ def installHelmChart(dry_run=False):
 	        + ' -f ' + PROPERTIES_FILE
 			+ ' --set certConfigMapName=' + configmap
 			+ ' --set takserver.plugins.enabled=' + str(TAK_PLUGINS == '1')
+			+ ' --set takserver.config.replicas=1'
 			+ ' --set takserver.messaging.replicas=' + str(total_msg)
 			+ ' --set takserver.api.replicas=' + str(total_api)
+			+ ' --set takserver.config.image.repository=' + AWS_ECR_URI
 			+ ' --set takserver.messaging.image.repository=' + AWS_ECR_URI
 			+ ' --set takserver.api.image.repository=' + AWS_ECR_URI
 			+ ' --set takserver.plugins.image.repository=' + AWS_ECR_URI
@@ -726,6 +751,8 @@ def installHelmChart(dry_run=False):
 		generateTakseverCertificates()
 		print("\n---------- Adding CoreConfigMap ----------")
 		addCoreConfigMap()
+		print("\n---------- Adding IgniteConfigMap ----------")
+		addIgniteConfigMap()
 		print("\n---------- Publishing Takserver Core Docker Images ----------")
 		publishTakserverCoreImages()
 		if TAK_PLUGINS == '1':
diff --git a/src/takserver-common/build.gradle b/src/takserver-common/build.gradle
index 2f2c9d77..635c5757 100644
--- a/src/takserver-common/build.gradle
+++ b/src/takserver-common/build.gradle
@@ -60,13 +60,14 @@ dependencies {
   implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: log4j_api_version
 
   implementation group: 'org.glassfish.jaxb', name: 'jaxb-runtime', version: jaxb_glassfish_version
-  implementation group: 'org.glassfish.jaxb', name: 'jaxb-core', version: jaxb_glassfish_core_version
-  implementation group: 'javax.activation', name: 'activation', version: javax_activation_version
+  implementation group: 'org.glassfish.jaxb', name: 'jaxb-core', version: jaxb_glassfish_version
+  //implementation group: 'javax.activation', name: 'activation', version: javax_activation_version
 
   jaxb group: 'org.glassfish.jaxb', name: 'jaxb-xjc', version: jaxb_glassfish_version
-  jaxb group: 'org.glassfish.jaxb', name: 'jaxb-core', version: jaxb_glassfish_core_version
+  jaxb group: 'org.glassfish.jaxb', name: 'jaxb-core', version: jaxb_glassfish_version
   jaxb group: 'org.glassfish.jaxb', name: 'jaxb-runtime', version: jaxb_glassfish_version
-  jaxb group: 'javax.activation', name: 'activation', version: javax_activation_version
+  //jaxb group: 'javax.activation', name: 'activation', version: javax_activation_version
+  jaxb group: 'jakarta.activation', name: 'jakarta.activation-api', version: jakarta_activation_api_version
 
   api group: 'com.google.guava', name: 'guava', version: guava_version
   api group: 'com.intellij', name: 'annotations', version: intellij_annotations_version // IntelliJ @NotNull annotation
@@ -74,8 +75,11 @@ dependencies {
   implementation group: 'jaxen', name: 'jaxen', version: jaxen_version
   implementation group: 'joda-time', name: 'joda-time', version: joda_version
   implementation group: 'org.slf4j', name: 'slf4j-api', version: slf4j_version
+  implementation group: 'ch.qos.logback.contrib', name: 'logback-json-classic', version: logback_jackson_version
   api group: 'org.springframework', name: 'spring-context', version: spring_version
 
+  api group: 'commons-io', name: 'commons-io', version: commons_io_version
+
   // apache ignite (cache and distributed service grid)
   api group: 'org.apache.ignite', name: 'ignite-indexing', version: ignite_version
   api group: 'org.apache.ignite', name: 'ignite-slf4j', version: ignite_version
@@ -93,6 +97,12 @@ dependencies {
   // grab the xerces sax parser
   testImplementation group: 'xerces', name: 'xercesImpl', version: xerces_version
   testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: logback_version
+  
+  implementation group: 'jakarta.persistence', name: 'jakarta.persistence-api', version: jakarta_persistence_api_version
+
+  implementation group: 'org.springframework.security', name: 'spring-security-core', version: spring_security_version
+  api group: 'com.beust', name: 'jcommander', version: jcommander_version
+
 }
 
 sourceSets {
diff --git a/src/takserver-common/src/main/java/com/bbn/cluster/ClusterGroupDefinition.java b/src/takserver-common/src/main/java/com/bbn/cluster/ClusterGroupDefinition.java
index 06fcec99..24da881a 100644
--- a/src/takserver-common/src/main/java/com/bbn/cluster/ClusterGroupDefinition.java
+++ b/src/takserver-common/src/main/java/com/bbn/cluster/ClusterGroupDefinition.java
@@ -53,6 +53,11 @@ public static ClusterGroup getRetentionClusterDeploymentGroup(Ignite ignite) {
 		return ignite.cluster().forAttribute(Constants.TAK_PROFILE_KEY, Constants.RETENTION_PROFILE_NAME);
 	}
 
+	public static ClusterGroup getConfigClusterDeploymentGroup(Ignite ignite) {
+		return getClusterGroup(ignite, ignite.cluster(), Constants.CONFIG_PROFILE_NAME);
+	}
+
+
 	private static ClusterGroup getClusterGroup(Ignite ignite, ClusterGroup cluster, String requestedProfile) {
 		// all takserver ignite nodes will be clients in the cluster
 		if (isCluster) {
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/AuditLogJsonLayout.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/AuditLogJsonLayout.java
new file mode 100755
index 00000000..fe696cae
--- /dev/null
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/AuditLogJsonLayout.java
@@ -0,0 +1,19 @@
+package com.bbn.marti.remote;
+
+import ch.qos.logback.classic.spi.ILoggingEvent;
+import ch.qos.logback.contrib.json.classic.JsonLayout;
+
+import java.util.Map;
+
+public class AuditLogJsonLayout extends JsonLayout {
+
+    public AuditLogJsonLayout() {
+        this.setIncludeMDC(false);
+    }
+
+    @Override
+    protected void addCustomDataToJsonMap(Map<String, Object> map, ILoggingEvent event) {
+        map.putAll(event.getMDCPropertyMap());
+        super.addCustomDataToJsonMap(map, event);
+    }
+}
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/BadgeOfShame.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/BadgeOfShame.java
index 66a29b7b..aa599544 100644
--- a/src/takserver-common/src/main/java/com/bbn/marti/remote/BadgeOfShame.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/BadgeOfShame.java
@@ -49,7 +49,7 @@ public BadgeOfShame(String content, String source, Exception exception) {
 		if (content != null) {
 			this.cot = content;
 		}
-		if(source != null) {
+		if (source != null) {
 		  this.source = source;
 		}
 		this.exception = exception;
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/CoreConfig.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/CoreConfig.java
index 8f7645f4..6469fedb 100644
--- a/src/takserver-common/src/main/java/com/bbn/marti/remote/CoreConfig.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/CoreConfig.java
@@ -2,22 +2,32 @@
 
 package com.bbn.marti.remote;
 
+import java.rmi.RemoteException;
+import java.util.List;
 import java.util.Set;
 
+import org.jetbrains.annotations.NotNull;
+
 import com.bbn.marti.config.Auth;
 import com.bbn.marti.config.Auth.Ldap;
 import com.bbn.marti.config.Buffer.LatestSA;
 import com.bbn.marti.config.CertificateSigning;
 import com.bbn.marti.config.Configuration;
+import com.bbn.marti.remote.groups.ConnectionModifyResult;
+import com.bbn.marti.config.DataFeed;
 import com.bbn.marti.config.Federation;
 import com.bbn.marti.config.Federation.FederationServer;
+import com.bbn.marti.config.Input;
 import com.bbn.marti.config.Qos;
 import com.bbn.marti.config.Repository;
 import com.bbn.marti.config.Tls;
 import com.bbn.marti.config.Vbm;
+import com.bbn.marti.remote.groups.NetworkInputAddResult;
 
 public interface CoreConfig {
 
+    static final String DEFAULT_TRUSTSTORE = "certs/files/fed-truststore.jks";
+
     void saveChanges();
 
     Configuration getRemoteConfiguration();
@@ -48,4 +58,32 @@ public interface CoreConfig {
     boolean isContactApiFilter();
     
     Set<String> getContactApiWriteOnlyGroups();
+
+    NetworkInputAddResult addInputAndSave(@NotNull Input input);
+
+    void removeInputAndSave(String name) throws RemoteException;
+
+    List<Input> getNetworkInputs();
+
+    List<DataFeed> getNetworkDataFeeds();
+
+    Input getInputByName(@NotNull String inputName);
+
+    ConnectionModifyResult updateInputGroupsNoSave(String inputName, String[] groupList) throws RemoteException;
+
+    ConnectionModifyResult setArchiveFlagNoSave(String inputName, boolean desiredState);
+
+    ConnectionModifyResult setArchiveOnlyFlagNoSave(String inputName, boolean desiredState);
+
+    ConnectionModifyResult setFederatedFlagNoSave(String inputName, boolean desiredState);
+
+    ConnectionModifyResult updateTagsNoSave(String inputName, List<String> newTagList) throws RemoteException;
+
+    ConnectionModifyResult setSyncCacheRetentionSeconds(String inputName, int desiredState);
+
+    ConnectionModifyResult setSyncFlagNoSave(String dataFeedName, boolean desiredState);
+
+    void removeDataFeedAndSave(String name) throws RemoteException;
+
+    boolean isCluster();
 }
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/FederationManager.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/FederationManager.java
index d8839b89..ecc88e13 100644
--- a/src/takserver-common/src/main/java/com/bbn/marti/remote/FederationManager.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/FederationManager.java
@@ -63,13 +63,14 @@ public interface FederationManager {
 
 	// will throw exception if output with same name already exists
 	void addOutgoingConnection(String name, String host, int port, int reconnect, int maxRetries, boolean unlimitedRetries, boolean enable, int protocolVersion, String fallback);
+	void updateOutgoingConnection(Federation.FederationOutgoing original, Federation.FederationOutgoing update);
 	void removeOutgoing(String name);
 
 	List<X509Certificate> getCAList();
 	void addCA(X509Certificate ca);
 	void removeCA(X509Certificate ca);
 
-	void updateFederateDetails(String federateId, boolean archive, boolean shareAlerts, boolean federatedGroupMapping, boolean automaticGroupMapping, String notes, int maxHops);
+	void updateFederateDetails(String federateId, boolean archive, boolean shareAlerts, boolean federatedGroupMapping, boolean automaticGroupMapping, boolean fallbackWhenNoGroupMappings, String notes, int maxHops);
 	void removeFederate(String federateId);
 
 	List<Federate> getConfiguredFederates();
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/MessagingConfigurator.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/MessagingConfigurator.java
index 7379d870..85506514 100644
--- a/src/takserver-common/src/main/java/com/bbn/marti/remote/MessagingConfigurator.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/MessagingConfigurator.java
@@ -1,23 +1,29 @@
 package com.bbn.marti.remote;
 
-import java.io.IOException;
-import java.util.Collection;
-import java.util.HashMap;
-
 import com.bbn.marti.config.Input;
 import com.bbn.marti.remote.groups.ConnectionModifyResult;
 import com.bbn.marti.remote.groups.NetworkInputAddResult;
 
+import java.io.IOException;
+import java.util.Collection;
+import java.util.HashMap;
+
 public interface MessagingConfigurator {
 
     NetworkInputAddResult addInputAndSave(Input input);
 
+    NetworkInputAddResult addInputNoSave(Input input);
+
     void removeInputAndSave(String name);
 
+    void removeInputNoSave(String name);
+
     Collection<InputMetric> getInputMetrics(boolean excludeDataFeeds);
-        
+
     ConnectionModifyResult modifyInputAndSave(String inputName, Input input);
 
+    ConnectionModifyResult modifyInputNoSave(String inputName, Input input);
+
     MessagingConfigInfo getMessagingConfig();
 
     void modifyMessagingConfig(MessagingConfigInfo info);
@@ -26,23 +32,27 @@ public interface MessagingConfigurator {
 
     void updateMetric(Input input);
 
-	InputMetric getMetric(Input input);
+    InputMetric getMetric(Input input);
+
+    AuthenticationConfigInfo getAuthenticationConfig();
+
+    void modifyAuthenticationConfig(AuthenticationConfigInfo info);
+
+    SecurityConfigInfo getSecurityConfig();
 
-	AuthenticationConfigInfo getAuthenticationConfig();
+    void modifySecurityConfig(SecurityConfigInfo info);
 
-	void modifyAuthenticationConfig(AuthenticationConfigInfo info);
+    Collection<Integer> getNonSecurePorts();
 
-	SecurityConfigInfo getSecurityConfig();
+    HashMap<String, Boolean> verifyConfiguration();
 
-	void modifySecurityConfig(SecurityConfigInfo info);
+    void addInputAndSave(Input newInput, boolean cluster) throws IOException;
 
-	Collection<Integer> getNonSecurePorts();
+    void addInputNoSave(Input newInput, boolean cluster) throws IOException;
 
-	HashMap<String, Boolean> verifyConfiguration();
-	
-	void addInput(Input newInput, boolean cluster) throws IOException;
+    void removeDataFeedAndSave(String name);
 
-	void removeDataFeedAndSave(String name);
+    void removeDataFeedNoSave(String name);
 
-	InputMetric getInputMetric(String name);
+    InputMetric getInputMetric(String name);
 }
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/RemoteContact.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/RemoteContact.java
index 055a7aed..f604d55f 100644
--- a/src/takserver-common/src/main/java/com/bbn/marti/remote/RemoteContact.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/RemoteContact.java
@@ -60,7 +60,7 @@ public RemoteContact setLastHeardFromMillis(long millis) {
 
     @Override
 	public boolean equals(Object otherContact) {
-		if(otherContact != null && 
+		if (otherContact != null && 
                       otherContact instanceof RemoteContact &&
                       this.uid.equals( ((RemoteContact)otherContact).uid)) 
                 {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/config/ConfigHelper.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/config/ConfigHelper.java
similarity index 93%
rename from src/takserver-core/src/main/java/com/bbn/marti/config/ConfigHelper.java
rename to src/takserver-common/src/main/java/com/bbn/marti/remote/config/ConfigHelper.java
index 6ceeab81..c0e472cf 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/config/ConfigHelper.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/config/ConfigHelper.java
@@ -1,8 +1,12 @@
-package com.bbn.marti.config;
+package com.bbn.marti.remote.config;
 
 import java.util.HashSet;
 import java.util.List;
 
+import com.bbn.marti.config.Auth;
+import com.bbn.marti.config.Configuration;
+import com.bbn.marti.config.Input;
+import com.bbn.marti.remote.config.InvalidConfigurationException;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/config/CoreConfigFacade.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/config/CoreConfigFacade.java
new file mode 100644
index 00000000..e5c5b435
--- /dev/null
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/config/CoreConfigFacade.java
@@ -0,0 +1,385 @@
+package com.bbn.marti.remote.config;
+
+import com.bbn.cluster.ClusterGroupDefinition;
+import com.bbn.marti.config.*;
+import com.bbn.marti.config.Auth.Ldap;
+import com.bbn.marti.config.Buffer.LatestSA;
+import com.bbn.marti.config.Federation.FederationServer;
+import com.bbn.marti.remote.AuthenticationConfigInfo;
+import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.remote.MessagingConfigInfo;
+import com.bbn.marti.remote.SecurityConfigInfo;
+import com.bbn.marti.remote.groups.ConnectionModifyResult;
+import com.bbn.marti.remote.groups.NetworkInputAddResult;
+import org.apache.ignite.cluster.ClusterGroup;
+import org.jetbrains.annotations.NotNull;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import tak.server.Constants;
+import tak.server.ignite.IgniteHolder;
+import tak.server.util.ActiveProfiles;
+
+import java.rmi.RemoteException;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * This facade class hides access to the DistributedConfiguration and LocalConfiguration classes which
+ * are only local to the ConfigService Microservice process and makes it "appear" local.  Note, the ConfigService
+ * must be started *FIRST* before any others for this reason.
+ */
+public class CoreConfigFacade implements CoreConfig {
+
+    private static final String MASK_WORD_FOR_DISPLAY = "********";
+
+    private static final Logger logger = LoggerFactory.getLogger(CoreConfigFacade.class);
+
+    // Singleton instance
+    private static CoreConfigFacade instance = null;
+
+    // 2 minutes should be more than long enough for the config service to start.  Otherwise, something is wrong.
+    private static long DEFAULT_TIMEOUT_MILLIS = 120000;
+
+    // The CoreConfig instance that we are wrapping / the facade for
+    private CoreConfig coreConfig = null;
+
+    // Local instance of the remoteConfiguration to avoid Ignite call behind the scenes
+    private Configuration remoteConfig = null;
+
+    // Local instance of the cachedConfiguration to avoid Ignite call behind the scenes
+    private Configuration cachedConfig = null;
+
+    private CoreConfigFacade() {
+        if (ActiveProfiles.getInstance().isConfigProfileActive()) {
+            coreConfig = DistributedConfiguration.getInstance();
+        } else {
+            // initial setting of coreConfig instance
+            refreshConfiguration();
+            // setup listener for updates to the
+            IgniteHolder.getInstance().getIgnite().message().localListen(
+                Constants.CONFIG_TOPIC_KEY, (nodeId, message) -> {
+                    refreshConfiguration();
+                    return true;
+                });
+        }
+    }
+
+    public static CoreConfigFacade getInstance() {
+        if (instance == null) {
+            synchronized (CoreConfigFacade.class) {
+                if (instance == null) {
+                    instance = new CoreConfigFacade();
+                }
+            }
+        }
+        return instance;
+    }
+
+
+    public void saveChanges() {
+        coreConfig.saveChanges();
+        notifyConfigDirty();
+    }
+
+    public Configuration getRemoteConfiguration() {
+        if (remoteConfig == null) {
+            remoteConfig = coreConfig.getRemoteConfiguration();
+        }
+        return remoteConfig;
+    }
+
+    public void saveChangesAndUpdateCache() {
+        coreConfig.saveChangesAndUpdateCache();
+        notifyConfigDirty();
+    }
+
+    public void loadConfigFromCache() {
+        coreConfig.loadConfigFromCache();
+    }
+
+    public Configuration getCachedConfiguration() {
+        if (cachedConfig == null) {
+            cachedConfig = coreConfig.getCachedConfiguration();
+        }
+        return cachedConfig;
+    }
+
+    public void setAndSaveFederation(Federation federation) {
+        coreConfig.setAndSaveFederation(federation);
+        notifyConfigDirty();
+    }
+
+    public void setAndSaveLDAP(Ldap ldap) {
+        coreConfig.setAndSaveLDAP(ldap);
+        notifyConfigDirty();
+    }
+
+    public void setAndSaveMessagingConfig(LatestSA latestSA, Repository repository) {
+        coreConfig.setAndSaveMessagingConfig(latestSA, repository);
+        notifyConfigDirty();
+    }
+
+    public void setAndSaveSecurityConfig(Tls tls, Auth auth, FederationServer fedServer) {
+        coreConfig.setAndSaveSecurityConfig(tls, auth, fedServer);
+        notifyConfigDirty();
+    }
+
+    public void setAndSaveCertificateSigningConfig(CertificateSigning certificateSigningConfig) {
+        coreConfig.setAndSaveCertificateSigningConfig(certificateSigningConfig);
+        notifyConfigDirty();
+    }
+
+    public void setAndSaveQos(Qos qos) {
+        coreConfig.setAndSaveQos(qos);
+        notifyConfigDirty();
+    }
+
+    public void setAndSaveStoreForwardChatEnabled(boolean storeForwardChatEnabled) {
+        coreConfig.setAndSaveStoreForwardChatEnabled(storeForwardChatEnabled);
+        notifyConfigDirty();
+    }
+
+    public void setAndSaveVbmConfiguration(Vbm vbm) {
+        coreConfig.setAndSaveVbmConfiguration(vbm);
+        notifyConfigDirty();
+    }
+
+    public boolean isContactApiFilter() {
+        return coreConfig.isContactApiFilter();
+    }
+
+    public boolean isCluster() {
+        return coreConfig.isCluster();
+    }
+
+    public Set<String> getContactApiWriteOnlyGroups() {
+        return coreConfig.getContactApiWriteOnlyGroups();
+    }
+
+    public NetworkInputAddResult addInputAndSave(@NotNull Input input) {
+        NetworkInputAddResult nia = coreConfig.addInputAndSave(input);
+        notifyConfigDirty();
+        return nia;
+    }
+
+    public void removeInputAndSave(String name) throws RemoteException {
+        coreConfig.removeInputAndSave(name);
+        notifyConfigDirty();
+    }
+
+    public List<Input> getNetworkInputs() {
+        return coreConfig.getNetworkInputs();
+    }
+
+    public List<DataFeed> getNetworkDataFeeds() {
+        return coreConfig.getNetworkDataFeeds();
+    }
+
+    public Input getInputByName(@NotNull String inputName) {
+        return coreConfig.getInputByName(inputName);
+    }
+
+    public ConnectionModifyResult updateInputGroupsNoSave(String inputName, String[] groupList) throws RemoteException {
+        ConnectionModifyResult cmr = coreConfig.updateInputGroupsNoSave(inputName, groupList);
+        notifyConfigDirty();
+        return cmr;
+    }
+
+    public ConnectionModifyResult setArchiveFlagNoSave(String inputName, boolean desiredState) {
+        ConnectionModifyResult cmr = coreConfig.setArchiveFlagNoSave(inputName, desiredState);
+        notifyConfigDirty();
+        return cmr;
+    }
+
+    public ConnectionModifyResult setArchiveOnlyFlagNoSave(String inputName, boolean desiredState) {
+        ConnectionModifyResult cmr = coreConfig.setArchiveOnlyFlagNoSave(inputName, desiredState);
+        notifyConfigDirty();
+        return cmr;
+    }
+
+    public ConnectionModifyResult setFederatedFlagNoSave(String inputName, boolean desiredState) {
+        ConnectionModifyResult cmr = coreConfig.setFederatedFlagNoSave(inputName, desiredState);
+        notifyConfigDirty();
+        return cmr;
+    }
+
+    public ConnectionModifyResult updateTagsNoSave(String inputName, List<String> newTagList) throws RemoteException {
+        ConnectionModifyResult cmr = coreConfig.updateTagsNoSave(inputName, newTagList);
+        notifyConfigDirty();
+        return cmr;
+    }
+
+    public ConnectionModifyResult setSyncCacheRetentionSeconds(String inputName, int desiredState) {
+        ConnectionModifyResult cmr = coreConfig.setSyncCacheRetentionSeconds(inputName, desiredState);
+        notifyConfigDirty();
+        return cmr;
+    }
+
+    public ConnectionModifyResult setSyncFlagNoSave(String dataFeedName, boolean desiredState) {
+        ConnectionModifyResult cmr = coreConfig.setSyncFlagNoSave(dataFeedName, desiredState);
+        notifyConfigDirty();
+        return cmr;
+    }
+
+    public void removeDataFeedAndSave(String name) throws RemoteException {
+        coreConfig.removeDataFeedAndSave(name);
+        notifyConfigDirty();
+    }
+
+    /**
+     * Internal method to refresh the DistributedConfiguration instance we are holding locally
+     * Note that DistributedConfiguration implements the CoreConfig interface.
+     *
+     * @param group the clustergroup to retrieve the configuration for.
+     * @return the CoreConfig implementation used by this process
+     */
+    private CoreConfig getConfiguration(ClusterGroup group) {
+        CoreConfig distributedConfiguration = IgniteHolder.getInstance()
+            .getIgnite()
+            .services(group)
+            .serviceProxy(Constants.DISTRIBUTED_CONFIGURATION, CoreConfig.class, false, DEFAULT_TIMEOUT_MILLIS);
+
+        if (distributedConfiguration == null) {
+            logger.error("Unable to retrieve configuration remotely from the Configuration Microservice.  The " +
+                "Configuration Microservice must be started *before* the other services.  Please make sure it is " +
+                "running and check /opt/tak/takserver-config.log for any errors in startup.");
+        }
+
+        return distributedConfiguration;
+    }
+
+    public void modifyMessagingConfig(MessagingConfigInfo info) {
+        Configuration conf = getRemoteConfiguration();
+        Repository repository = conf.getRepository();
+        LatestSA latestSA = conf.getBuffer().getLatestSA();
+        latestSA.setEnable(info.isLatestSA());
+        repository.setNumDbConnections(info.getNumDbConnections());
+        repository.setConnectionPoolAutoSize(info.isConnectionPoolAutoSize());
+        repository.setArchive(info.isArchive());
+        repository.getConnection().setUsername(info.getDbUsername());
+        if (!info.getDbPassword().equals(MASK_WORD_FOR_DISPLAY)) {
+            repository.getConnection().setPassword(info.getDbPassword());
+        }
+        repository.getConnection().setUrl(info.getDbUrl());
+        repository.getConnection().setSslEnabled(info.isSslEnabled());
+        repository.getConnection().setSslMode(info.getSslMode());
+        repository.getConnection().setSslCert(info.getSslCert());
+        repository.getConnection().setSslKey(info.getSslKey());
+        repository.getConnection().setSslRootCert(info.getSslRootCert());
+        setAndSaveMessagingConfig(latestSA, repository);
+    }
+
+    public void modifyAuthenticationConfig(AuthenticationConfigInfo info) {
+        Configuration localConfig = getRemoteConfiguration();
+
+        Ldap ldap = localConfig.getAuth().getLdap();
+        if (ldap == null) {
+            ldap = new Ldap();
+        }
+        ldap.setUrl(info.getUrl());
+        ldap.setUserstring(info.getUserString());
+        ldap.setUpdateinterval(info.getUpdateInterval());
+        ldap.setGroupprefix(info.getGroupPrefix());
+        ldap.setServiceAccountDN(info.getServiceAccountDN());
+        ldap.setServiceAccountCredential(info.getServiceAccountCredential());
+        ldap.setGroupBaseRDN(info.getGroupBaseRDN());
+        if (logger.isDebugEnabled()) {
+            logger.debug("group prefix is now: " + ldap.getGroupprefix());
+        }
+        setAndSaveLDAP(ldap);
+    }
+
+    public void modifySecurityConfig(SecurityConfigInfo info) {
+        Configuration conf = getRemoteConfiguration();
+        Tls tls = conf.getSecurity().getTls();
+        FederationServer fedServer = conf.getFederation().getFederationServer();
+        Auth auth = conf.getAuth();
+        tls.setKeystoreFile(info.getKeystoreFile());
+        tls.setTruststoreFile(info.getTruststoreFile());
+        tls.setKeystorePass(info.getKeystorePass());
+        tls.setTruststorePass(info.getTruststorePass());
+        tls.setContext(info.getTlsVersion());
+        auth.setX509Groups(info.isX509Groups());
+        auth.setX509AddAnonymous(info.isX509addAnon());
+        fedServer.getTls().setKeystoreFile(info.getKeystoreFile());
+        fedServer.getTls().setKeystorePass(info.getKeystorePass());
+        if (auth.getLdap() != null) {
+            auth.getLdap().setX509Groups(info.isX509Groups());
+            auth.getLdap().setX509AddAnonymous(info.isX509addAnon());
+        }
+        setAndSaveSecurityConfig(tls, auth, fedServer);
+
+        if (info.isEnableEnrollment()) {
+            CertificateSigning certificateSigning = CoreConfigFacade.getInstance().getRemoteConfiguration().getCertificateSigning();
+            if (certificateSigning == null) {
+                certificateSigning = new CertificateSigning();
+            }
+
+            CertificateConfig certificateConfig = certificateSigning.getCertificateConfig();
+            if (certificateConfig == null) {
+                certificateConfig = new CertificateConfig();
+                certificateSigning.setCertificateConfig(certificateConfig);
+            }
+
+            NameEntries nameEntries = certificateConfig.getNameEntries();
+            if (nameEntries == null) {
+                nameEntries = new NameEntries();
+
+                NameEntry nameEntry = new NameEntry();
+                nameEntry.setName("O");
+                nameEntry.setValue("TAK");
+                nameEntries.getNameEntry().add(nameEntry);
+
+                nameEntry = new NameEntry();
+                nameEntry.setName("OU");
+                nameEntry.setValue("TAK");
+                nameEntries.getNameEntry().add(nameEntry);
+
+                certificateConfig.setNameEntries(nameEntries);
+            }
+
+            certificateSigning.setCA(CAType.fromValue(info.getCaType()));
+
+            if (certificateSigning.getCA() == CAType.TAK_SERVER) {
+                TAKServerCAConfig takServerCAConfig = new TAKServerCAConfig();
+                takServerCAConfig.setKeystore("JKS");
+                takServerCAConfig.setSignatureAlg("SHA256WithRSA");
+                takServerCAConfig.setKeystoreFile(info.getSigningKeystoreFile());
+                takServerCAConfig.setKeystorePass(info.getSigningKeystorePass());
+                takServerCAConfig.setValidityDays(info.getValidityDays());
+                certificateSigning.setTAKServerCAConfig(takServerCAConfig);
+
+            } else if (certificateSigning.getCA() == CAType.MICROSOFT_CA) {
+                MicrosoftCAConfig microsoftCAConfig = new MicrosoftCAConfig();
+                microsoftCAConfig.setUsername(info.getMscaUserName());
+                microsoftCAConfig.setPassword(info.getMscaPassword());
+                microsoftCAConfig.setTruststore(info.getMscaTruststore());
+                microsoftCAConfig.setTruststorePass(info.getMscaTruststorePass());
+                microsoftCAConfig.setTemplateName(info.getMscaTemplateName());
+                certificateSigning.setMicrosoftCAConfig(microsoftCAConfig);
+            }
+
+            setAndSaveCertificateSigningConfig(certificateSigning);
+        }
+    }
+
+    /**
+     * Notifies all configuration facades that the configuration is dirty.
+     */
+    private void notifyConfigDirty() {
+        IgniteHolder.getInstance().getIgnite().message().send(Constants.CONFIG_TOPIC_KEY, "");
+    }
+
+    /**
+     * Called by the ConfigServiceConfiguration when there is an update and this needs to be updated
+     */
+    public void refreshConfiguration() {
+        if (!ActiveProfiles.getInstance().isConfigProfileActive()) {
+            coreConfig = getConfiguration(ClusterGroupDefinition.getConfigClusterDeploymentGroup(
+                IgniteHolder.getInstance().getIgnite()));
+            remoteConfig = coreConfig.getRemoteConfiguration();
+            cachedConfig = coreConfig.getCachedConfiguration();
+        }
+    }
+}
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/DistributedConfiguration.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/config/DistributedConfiguration.java
similarity index 95%
rename from src/takserver-core/src/main/java/com/bbn/marti/service/DistributedConfiguration.java
rename to src/takserver-common/src/main/java/com/bbn/marti/remote/config/DistributedConfiguration.java
index 261ef41d..b623da25 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/DistributedConfiguration.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/config/DistributedConfiguration.java
@@ -1,6 +1,6 @@
 
 
-package com.bbn.marti.service;
+package com.bbn.marti.remote.config;
 
 import java.io.FileNotFoundException;
 import java.io.IOException;
@@ -12,7 +12,7 @@
 import java.util.concurrent.ConcurrentSkipListSet;
 
 import javax.cache.event.CacheEntryEvent;
-import javax.xml.bind.JAXBException;
+import jakarta.xml.bind.JAXBException;
 
 import org.apache.ignite.IgniteCache;
 import org.apache.ignite.cache.CacheAtomicityMode;
@@ -24,6 +24,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import tak.server.util.ActiveProfiles;
 import com.bbn.marti.config.Async;
 import com.bbn.marti.config.Auth;
 import com.bbn.marti.config.Auth.Ldap;
@@ -52,18 +53,16 @@
 import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.groups.ConnectionModifyResult;
 import com.bbn.marti.remote.groups.NetworkInputAddResult;
-import com.bbn.marti.util.MessageConversionUtil;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 import tak.server.Constants;
 import tak.server.ignite.IgniteHolder;
+import tak.server.util.JAXBUtils;
 
 public class DistributedConfiguration implements CoreConfig, org.apache.ignite.services.Service {
 
 	private static final long serialVersionUID = -2752863566907557239L;
 
-    public static final String DEFAULT_TRUSTSTORE = "certs/files/fed-truststore.jks";
-    
     private static final String CORE_CONFIG_CACHE_KEY = "coreConfig";
 
     static DistributedConfiguration instance = null;
@@ -116,7 +115,7 @@ public void execute(ServiceContext ctx) throws Exception {
 		}
 	}
 
-	private IgniteCache<String, Configuration> getConfigurationCache() {
+    private IgniteCache<String, Configuration> getConfigurationCache() {
 
 		if (configurationCache == null) {
 			CacheConfiguration<String, Configuration> cfg = new CacheConfiguration<String, Configuration>();
@@ -175,6 +174,11 @@ public synchronized void removeDataFeedAndSave(String name) throws RemoteExcepti
         }
     }
 
+    @Override
+    public boolean isCluster() {
+        return getRemoteConfiguration().getCluster().isEnabled();
+    }
+
     @SuppressWarnings("rawtypes")
 	public synchronized ConnectionModifyResult updateInputGroupsNoSave(String inputName, String[] groupList) throws RemoteException {
         Input input = getInputByName(inputName);
@@ -239,7 +243,6 @@ public ConnectionModifyResult setSyncCacheRetentionSeconds(String inputName, int
     }
 
 
-
     @SuppressWarnings("rawtypes")
 	public synchronized ConnectionModifyResult updateTagsNoSave(String inputName, List<String> newTagList) throws RemoteException {
 		Input input = getInputByName(inputName);
@@ -284,18 +287,17 @@ public ConnectionModifyResult setSyncFlagNoSave(String dataFeedName, boolean des
     @Override
     public void saveChanges() {
     	// if TAK Server processes are local to each other and we're not on the messaging process, don't save
-    	if (IgniteHolder.getInstance().areTakserverIgnitesLocal() && !LocalConfiguration.getInstance().isMessagingProfileActive()) {
+    	if (IgniteHolder.getInstance().areTakserverIgnitesLocal() && !ActiveProfiles.getInstance().isConfigProfileActive()) {
     		return;
     	}
     	
     	
-    	
-    	// if TAK Server processes are local to each other and we're not on the messaging process or in the cluster, don't save
-    	if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled() 
-				|| (IgniteHolder.getInstance().areTakserverIgnitesLocal() && LocalConfiguration.getInstance().isMessagingProfileActive())) {
+    	// if TAK Server processes are local to each other and we're not on the config process or in the cluster, don't save
+    	if (getRemoteConfiguration().getCluster().isEnabled()
+				|| (IgniteHolder.getInstance().areTakserverIgnitesLocal() && ActiveProfiles.getInstance().isConfigProfileActive())) {
     		try {
 				synchronized (DistributedConfiguration.class) {
-					MessageConversionUtil.saveJAXifiedObject(LocalConfiguration.CONFIG_FILE, getRemoteConfiguration(), false);
+					JAXBUtils.saveJAXifiedObject(LocalConfiguration.CONFIG_FILE, getRemoteConfiguration(), false);
 				}
 			} catch (FileNotFoundException fnfe) {
 				// do nothing. Happens in unit test.
@@ -303,7 +305,9 @@ public void saveChanges() {
 				throw new RuntimeException(e);
 			}
 		} else {
-			logger.debug("Skipping Core Config Save for this process");
+            if (logger.isDebugEnabled()) {
+                logger.debug("Skipping Core Config Save for this process");
+            }
 		}
     }
 
@@ -494,7 +498,6 @@ public void loadConfigFromCache() {
 		setConfiguration(getConfigurationCache().get(CORE_CONFIG_CACHE_KEY));
 		saveChanges();
 	}
-
 	
 
 	@Override
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/config/InvalidConfigurationException.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/config/InvalidConfigurationException.java
similarity index 86%
rename from src/takserver-core/src/main/java/com/bbn/marti/config/InvalidConfigurationException.java
rename to src/takserver-common/src/main/java/com/bbn/marti/remote/config/InvalidConfigurationException.java
index 4414ad7f..efb37312 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/config/InvalidConfigurationException.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/config/InvalidConfigurationException.java
@@ -1,4 +1,4 @@
-package com.bbn.marti.config;
+package com.bbn.marti.remote.config;
 
 public class InvalidConfigurationException extends RuntimeException {
 
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/LocalConfiguration.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/config/LocalConfiguration.java
similarity index 73%
rename from src/takserver-core/src/main/java/com/bbn/marti/service/LocalConfiguration.java
rename to src/takserver-common/src/main/java/com/bbn/marti/remote/config/LocalConfiguration.java
index 6c8bdc44..35394e4c 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/LocalConfiguration.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/config/LocalConfiguration.java
@@ -1,4 +1,4 @@
-package com.bbn.marti.service;
+package com.bbn.marti.remote.config;
 
 import java.io.ByteArrayInputStream;
 import java.io.File;
@@ -13,9 +13,13 @@
 import java.rmi.RemoteException;
 import java.util.List;
 
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBException;
+import jakarta.xml.bind.Unmarshaller;
+
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
+import com.google.common.base.Charsets;
+import com.google.common.base.Strings;
 
 import org.apache.commons.io.IOUtils;
 import org.dom4j.Document;
@@ -26,10 +30,10 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import tak.server.util.ActiveProfiles;
 import com.bbn.marti.config.Auth;
 import com.bbn.marti.config.Buffer;
 import com.bbn.marti.config.Cluster;
-import com.bbn.marti.config.ConfigHelper;
 import com.bbn.marti.config.Configuration;
 import com.bbn.marti.config.Connection;
 import com.bbn.marti.config.DosLimitRule;
@@ -43,6 +47,7 @@
 import com.bbn.marti.config.Network.Connector;
 import com.bbn.marti.config.Plugins;
 import com.bbn.marti.config.Qos;
+import com.bbn.marti.config.Queue;
 import com.bbn.marti.config.ReadRateLimiter;
 import com.bbn.marti.config.Repeater;
 import com.bbn.marti.config.DeliveryRateLimiter;
@@ -57,12 +62,9 @@
 import com.bbn.marti.config.Vbm;
 import com.bbn.marti.remote.exception.NotFoundException;
 import com.bbn.marti.remote.exception.TakException;
-import com.bbn.marti.util.MessageConversionUtil;
-import com.google.common.base.Charsets;
-import com.google.common.base.Strings;
 
 import tak.server.Constants;
-import tak.server.ignite.IgniteConfigurationHolder;
+import tak.server.util.JAXBUtils;
 
 public class LocalConfiguration {
 	private static final Logger logger = LoggerFactory.getLogger(LocalConfiguration.class);
@@ -84,37 +86,26 @@ public void setConfiguration(Configuration configuration) {
 		this.configuration = configuration;
 	}
 	
-	String profile = "";
-	boolean monolithProfileActive = false;
-	boolean messagingProfileActive = false;
-	boolean apiProfileActive = false;
-
-	public String getProfile() {
-		return profile;
-	}
-	
-	public boolean isMonolithProfileActive() {
-		return monolithProfileActive;
-	}
-
-	public boolean isMessagingProfileActive() {
-		return messagingProfileActive;
-	}
-
-	public boolean isApiProfileActive() {
-		return apiProfileActive;
-	}
-
 	private static LocalConfiguration instance;
 
 	public static LocalConfiguration getInstance() {
 		if (instance == null) {
-			synchronized (LocalConfiguration.class) {
+			synchronized(LocalConfiguration.class) {
 				if (instance == null) {
 					try {
-						instance = new LocalConfiguration();
-					} catch (RemoteException e) {
-						throw new RuntimeException(e);
+						instance = SpringContextBeanForApi.getSpringContext().getBean(
+								LocalConfiguration.class);
+					}catch (Exception e) {
+						try {
+							instance = new LocalConfiguration();
+						}
+						catch (Exception e2)
+						{
+							if (logger.isErrorEnabled()) {
+								logger.error("Exception instantiating LocalConfiguration : {} ", e2);
+							}
+						}
+
 					}
 				}
 			}
@@ -124,24 +115,7 @@ public static LocalConfiguration getInstance() {
 	}
 
 	private LocalConfiguration() throws RemoteException {
-		String profilesActive = System.getProperty("spring.profiles.active");
 
-		if (profilesActive != null) {
-			// Due to initialization order, can't use spring environment and therefore
-			// ProfileTracker class yet, so look at the expected system property.
-			
-			if (profilesActive.toLowerCase().contains(Constants.MONOLITH_PROFILE_NAME)) {
-				monolithProfileActive = true;
-				profile = Constants.MONOLITH_PROFILE_NAME;
-			} else if (profilesActive.toLowerCase().contains(Constants.MESSAGING_PROFILE_NAME)) {
-				messagingProfileActive = true;
-				profile = Constants.MESSAGING_PROFILE_NAME;
-			} else if (profilesActive.toLowerCase().contains(Constants.API_PROFILE_NAME)) {
-				apiProfileActive = true;
-				profile = Constants.API_PROFILE_NAME;
-			}
-		}
-		
 		// Load CoreConfig.xml from file. This always needs to be done first - even
 		// when using the cluster. We need to look at the config file to figure if
 		// clustering is enabled, and
@@ -166,8 +140,9 @@ private LocalConfiguration() throws RemoteException {
 				}
 			}
 
-			conf = MessageConversionUtil.loadJAXifiedXML(CONFIG_FILE, Configuration.class.getPackage().getName());
-		} catch (javax.xml.bind.UnmarshalException ue) {
+			conf = JAXBUtils.loadJAXifiedXML(CONFIG_FILE, Configuration.class.getPackage().getName());
+
+		} catch (jakarta.xml.bind.UnmarshalException ue) {
 			// There is a good chance it is lacking a namespace if it is an older file.
 			// Let's check...
 			try {
@@ -191,23 +166,23 @@ private LocalConfiguration() throws RemoteException {
 					JAXBContext jc = JAXBContext.newInstance(Configuration.class.getPackage().getName());
 					Unmarshaller u = jc.createUnmarshaller();
 					conf = (Configuration) u.unmarshal(new ByteArrayInputStream(str.getBytes()));
-					MessageConversionUtil.saveJAXifiedObject(CONFIG_FILE, conf, false);
+					JAXBUtils.saveJAXifiedObject(CONFIG_FILE, conf, false);
 
 				} else {
 					// It has a namespace. No idea what happened....
 					throw new RuntimeException(ue);
 				}
-				
+
 				// It still didn't like the file. No idea what happened...
-			
+
 			} catch (DocumentException | JAXBException | IOException e0) {
 				throw new RuntimeException(e0);
 			}
 
 		} catch (NotFoundException | NoSuchFileException nfe) {
-			logger.debug("config file does not exist");
+			logger.error("Config file does not exist.");
 		} catch (Exception e) {
-			logger.error("exception parsing config", e);
+			logger.error("Exception parsing config", e);
 			throw new TakException(e);
 		}
 
@@ -219,8 +194,8 @@ private LocalConfiguration() throws RemoteException {
 		setConfiguration(conf);
 
 		boolean changedDefaults = setDefaults();
-		
-		
+
+
 		// Lets force outgoing federation connections to be disabled in
 		// the cluster.. otherwise the first node to join will always start all the connections.
 		// By forcing this off, it will have to be enabled in the UI, which will attempt to
@@ -233,16 +208,16 @@ private LocalConfiguration() throws RemoteException {
 		}
 
 		boolean changedUpgrade = false;
-		
+
 		boolean upgradedQoS = doUpgradeQoS();
-		
+
 		if (upgradedQoS) {
 			logger.info("saving upgraded QoS configuration");
 			saveChanges();
 		}
-		
+
 		boolean detectedUpgrade = detectUpgrade(configuration.getNetwork().getVersion());
-		
+
 		if (detectedUpgrade) {
 			logger.info("upgrade detected");
 		}
@@ -257,88 +232,6 @@ private LocalConfiguration() throws RemoteException {
 		}
 
 		ConfigHelper.validateConfiguration(configuration);
-
-		Cluster clusterConf = configuration.getCluster();
-
-		boolean useEmbeddedIgnite = monolithProfileActive || messagingProfileActive || configuration.getBuffer().isEmbeddedIgnite();
-
-		String igniteProfile = "";
-		if (monolithProfileActive)
-			igniteProfile = Constants.MONOLITH_PROFILE_NAME;
-		else if (apiProfileActive)
-			igniteProfile = Constants.API_PROFILE_NAME;
-		else if (messagingProfileActive)
-			igniteProfile = Constants.MESSAGING_PROFILE_NAME;
-
-		long offHeapInitialSizeBytes;
-		long offHeapMaxSizeBytes;
-		
-		// Note - using System.out here instead of logger due to logger init race
-		if (configuration.getBuffer().getQueue().getCacheOffHeapMaxSizeBytes() == -1) {
-			System.out.println("messaging process Xmx (bytes) " + Runtime.getRuntime().maxMemory());
-			
-			// this RAM calculation is a rough estimate based on JVM maxMemory(). Use explicit size (CoreConfig cacheOffHeapMaxSizeBytes to be exact).
-			offHeapMaxSizeBytes = (long) (Runtime.getRuntime().maxMemory() * configuration.getBuffer().getQueue().getCacheOffHeapPercentageMax());
-			System.out.println("cache computed offheap max size " + offHeapMaxSizeBytes + " bytes");
-		} else {
-			offHeapMaxSizeBytes = configuration.getBuffer().getQueue().getCacheOffHeapMaxSizeBytes();
-			System.out.println("cache explicit offheap max size " + offHeapMaxSizeBytes + " bytes");
-		}
-		
-		if (configuration.getBuffer().getQueue().getCacheOffHeapInitialSizeBytes() == -1) {
-			// this RAM calculation is a rough estimate based on JVM maxMemory(). Use explicit size (CoreConfig cacheOffHeapMaxSizeBytes to be exact).
-			offHeapInitialSizeBytes = (long) (Runtime.getRuntime().maxMemory() * configuration.getBuffer().getQueue().getCacheOffHeapPercentageInitial());
-			System.out.println("cache computed offheap initial size " + offHeapInitialSizeBytes + " bytes");
-		} else {
-			offHeapInitialSizeBytes = configuration.getBuffer().getQueue().getCacheOffHeapInitialSizeBytes();
-			System.out.println("cache computed offheap initial offheap max size " + offHeapMaxSizeBytes + " bytes");
-		}
-
-		System.out.println("cache offheap initial size " + offHeapInitialSizeBytes + " bytes");
-		
-		int ignitePoolSize = configuration.getBuffer().getQueue().getIgnitePoolSize();
-		
-		
-		// set ignite pool size based on processor count
-		if (ignitePoolSize < 1) {
-			
-			ignitePoolSize = Runtime.getRuntime().availableProcessors() * configuration.getBuffer().getQueue().getIgnitePoolSizeMultiplier();
-			
-			if (ignitePoolSize > 1024) { // ignite hard limit on pool size
-				ignitePoolSize = 1024;
-			}
-		}
-		
-		System.out.println("ignite thread pool size: " + ignitePoolSize);
-
-		boolean isIgniteApiServerMode = false;
-		
-		if (isApiProfileActive() && configuration.getBuffer().getQueue().isIgniteApiServerMode()) {
-			isIgniteApiServerMode = true;
-		}
-		
-		IgniteConfigurationHolder.getInstance()
-				.setConfiguration(IgniteConfigurationHolder.getInstance()
-						.getIgniteConfiguration(igniteProfile, configuration.getBuffer().getIgniteHost(),clusterConf.isEnabled(), clusterConf.isKubernetes(),
-								useEmbeddedIgnite, configuration.getBuffer().isIgniteMulticast(),
-								configuration.getBuffer().getIgniteNonMulticastDiscoveryPort(),
-								configuration.getBuffer().getIgniteNonMulticastDiscoveryPortCount(),
-								configuration.getBuffer().getIgniteCommunicationPort(),
-								configuration.getBuffer().getIgniteCommunicationPortCount(),
-								configuration.getBuffer().getQueue().getCapacity(),
-								configuration.getBuffer().getIgniteWorkerTimeoutMilliseconds(),
-								offHeapInitialSizeBytes,
-								offHeapMaxSizeBytes,
-								ignitePoolSize,
-								configuration.getBuffer().getQueue().isEnableCachePersistence(),
-								configuration.getBuffer().getQueue().getCacheOffHeapEvictionThreshold(),
-								configuration.getBuffer().getQueue().isIgnitePoolSizeUseDefaultsForApi(),
-								configuration.getBuffer().getQueue().isIgniteDefaultSpiConnectionsPerNode(),
-								configuration.getBuffer().getQueue().getIgniteExplicitSpiConnectionsPerNode(),
-								isIgniteApiServerMode,
-								configuration.getBuffer().getQueue().getIgniteFailureDetectionTimeoutSeconds() * 1000, // to ms
-								configuration.getBuffer().getQueue().getIgniteClientConnectionTimeoutSeconds() * 1000, // to ms
-								configuration.getBuffer().getQueue().getIgniteConnectionTimeoutSeconds() * 1000)); // to ms
 	}
 
 	public boolean setDefaults() {
@@ -390,12 +283,12 @@ public boolean setDefaults() {
 			changed = true;
 		}
 		if (configuration.getBuffer().getQueue() == null) {
-			configuration.getBuffer().setQueue(new Buffer.Queue());
+			configuration.getBuffer().setQueue(new Queue());
 			changed = true;
 		}
 
 		if (configuration.getBuffer().getQueue().getPriority() == null) {
-			configuration.getBuffer().getQueue().setPriority(new Buffer.Queue.Priority());
+			configuration.getBuffer().getQueue().setPriority(new Queue.Priority());
 			changed = true;
 		}
 
@@ -555,7 +448,7 @@ private boolean doUpgrade() {
 		// CoreConfig
 		try {
 			if (configuration.getNetwork() != null && configuration.getNetwork().getConnector().isEmpty()
-					&& apiProfileActive) {
+					&& ActiveProfiles.getInstance().isApiProfileActive()) {
 
 				List<Connector> connectors = configuration.getNetwork().getConnector();
 
@@ -780,8 +673,8 @@ private String getCurrentVer() {
 
 	public void saveChanges() {
 		try {
-			synchronized (DistributedConfiguration.class) {
-				MessageConversionUtil.saveJAXifiedObject(CONFIG_FILE, configuration, false);
+			synchronized (LocalConfiguration.class) {
+				JAXBUtils.saveJAXifiedObject(CONFIG_FILE, configuration, false);
 			}
 		} catch (FileNotFoundException fnfe) {
 			// do nothing. Happens in unit test.
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/exception/RemoteLookupFailureException.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/exception/RemoteLookupFailureException.java
new file mode 100644
index 00000000..30892ed9
--- /dev/null
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/exception/RemoteLookupFailureException.java
@@ -0,0 +1,28 @@
+
+
+package com.bbn.marti.remote.exception;
+
+public class RemoteLookupFailureException extends RuntimeException {
+
+	private static final long serialVersionUID = 7652374657L;
+
+	public RemoteLookupFailureException() {
+		super();
+	}
+
+	public RemoteLookupFailureException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+		super(message, cause, enableSuppression, writableStackTrace);
+	}
+
+	public RemoteLookupFailureException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+	public RemoteLookupFailureException(String message) {
+		super(message);
+	}
+
+	public RemoteLookupFailureException(Throwable cause) {
+		super(cause);
+	}
+}
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/FileUserManagementInterface.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/FileUserManagementInterface.java
index 2f2d7a48..6688c5eb 100644
--- a/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/FileUserManagementInterface.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/FileUserManagementInterface.java
@@ -10,7 +10,7 @@
 import java.util.Map;
 import java.util.Set;
 
-import javax.xml.bind.JAXBException;
+import jakarta.xml.bind.JAXBException;
 
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/GroupManager.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/GroupManager.java
index 0434c9f1..52a69d79 100644
--- a/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/GroupManager.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/GroupManager.java
@@ -162,7 +162,7 @@ public interface GroupManager {
     /*
      * Finds all active Core users for the current username and reauthenticates them
      */
-    void authenticateCoreUsers(String type, String username);
+    void authenticateCoreUsers(String username);
 
     /**
      * Searches ldap groups (e.g., to help user configure items that require a group distinguished name reference)
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/User.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/User.java
index 9c807b05..b319c623 100644
--- a/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/User.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/groups/User.java
@@ -37,9 +37,13 @@ public abstract class User implements Node, Comparable<User>, Serializable {
     protected final Date created;
     protected final X509Certificate cert;
     protected final Set<String> authorities;
+
     @JsonIgnore
     protected final UUID originNode;
-    
+
+    @JsonIgnore
+    protected String token;
+
     public User(@NotNull String id, @NotNull String connectionId, @NotNull ConnectionType type, @NotNull String name, @NotNull String address, @Nullable X509Certificate cert) {
         
         // allowing empty string address
@@ -103,6 +107,10 @@ public Set<String> getAuthorities() {
         return authorities;
     }
 
+    public void setToken(String token) { this.token = token; }
+
+    public String getToken() { return token; }
+
     // User nodes are always leaves
     @Override
     @JsonIgnore
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/service/InputManager.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/service/InputManager.java
index 85dd0de2..a4d110a2 100644
--- a/src/takserver-common/src/main/java/com/bbn/marti/remote/service/InputManager.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/service/InputManager.java
@@ -1,7 +1,5 @@
 package com.bbn.marti.remote.service;
 
-import java.util.Collection;
-
 import com.bbn.marti.config.DataFeed;
 import com.bbn.marti.config.Input;
 import com.bbn.marti.remote.InputMetric;
@@ -9,25 +7,28 @@
 import com.bbn.marti.remote.groups.ConnectionModifyResult;
 import com.bbn.marti.remote.groups.NetworkInputAddResult;
 
+import java.util.Collection;
+
 /**
+ *
  */
 public interface InputManager {
-	
-	NetworkInputAddResult createInput(Input input);
-	
-	NetworkInputAddResult createDataFeed(DataFeed dataFeed);
-
-	ConnectionModifyResult modifyInput(String id, Input input);
-	
-	void updateFederationDataFeed(DataFeed dataFeed);
-	
-	void deleteInput(String name);
-	
-	void deleteDataFeed(String name);
-
-	Collection<InputMetric> getInputMetrics(boolean excludeDataFeeds);
-	
-	MessagingConfigInfo getConfigInfo();
-	
-	void modifyConfigInfo(MessagingConfigInfo messagingConfigInfo);
+
+    NetworkInputAddResult createInput(Input input, boolean saveConfig);
+
+    NetworkInputAddResult createDataFeed(DataFeed dataFeed, boolean saveConfig);
+
+    ConnectionModifyResult modifyInput(String id, Input input, boolean saveConfig);
+
+    void updateFederationDataFeed(DataFeed dataFeed);
+
+    void deleteInput(String name, boolean saveConfig);
+
+    void deleteDataFeed(String name, boolean saveConfig);
+
+    Collection<InputMetric> getInputMetrics(boolean excludeDataFeeds);
+
+    MessagingConfigInfo getConfigInfo();
+
+    void modifyConfigInfo(MessagingConfigInfo messagingConfigInfo);
 }
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/util/LoggingConfigPropertiesSetupUtil.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/util/LoggingConfigPropertiesSetupUtil.java
new file mode 100644
index 00000000..4e22c4f1
--- /dev/null
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/util/LoggingConfigPropertiesSetupUtil.java
@@ -0,0 +1,44 @@
+package com.bbn.marti.remote.util;
+
+import com.bbn.cluster.ClusterGroupDefinition;
+import com.bbn.marti.config.Configuration;
+import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import org.apache.ignite.Ignite;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import tak.server.Constants;
+
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ExecutionException;
+
+/*
+ *  Utility class that sets System Properties based on Logging Configurations from CoreConfig
+ */
+public class LoggingConfigPropertiesSetupUtil {
+
+    private static final Logger logger = LoggerFactory.getLogger(LoggingConfigPropertiesSetupUtil.class);
+    private final CoreConfig coreConfig = CoreConfigFacade.getInstance();
+
+    private static LoggingConfigPropertiesSetupUtil instance = new LoggingConfigPropertiesSetupUtil();
+
+    public static LoggingConfigPropertiesSetupUtil getInstance() {
+        return instance;
+    }
+
+    public LoggingConfigPropertiesSetupUtil() {}
+
+    public void setupLoggingConfiguration() {
+        Configuration config = coreConfig.getRemoteConfiguration();
+        setupLoggingProperties(config);
+    }
+
+    public void setupLoggingProperties(Configuration config) {
+        if (config.getLogging() != null) {
+            System.setProperty("logging.json.enabled", String.valueOf(config.getLogging().isJsonFormatEnabled()));
+            System.setProperty("logging.audit.enabled", String.valueOf(config.getLogging().isAuditLoggingEnabled()));
+            System.setProperty("logging.pretty.enabled", String.valueOf(config.getLogging().isPrettyLoggingEnabled()));
+        }
+    }
+
+}
diff --git a/src/takserver-common/src/main/java/com/bbn/marti/remote/util/RemoteUtil.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/util/RemoteUtil.java
index 3ff45d46..03e1a04d 100644
--- a/src/takserver-common/src/main/java/com/bbn/marti/remote/util/RemoteUtil.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/util/RemoteUtil.java
@@ -10,7 +10,7 @@
 import java.util.Set;
 import java.util.concurrent.ConcurrentSkipListSet;
 
-import javax.xml.bind.DatatypeConverter;
+import jakarta.xml.bind.DatatypeConverter;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.ignite.Ignite;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/SpringContextBeanForApi.java b/src/takserver-common/src/main/java/com/bbn/marti/remote/util/SpringContextBeanForApi.java
similarity index 94%
rename from src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/SpringContextBeanForApi.java
rename to src/takserver-common/src/main/java/com/bbn/marti/remote/util/SpringContextBeanForApi.java
index 5d685cdd..795c17f5 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/SpringContextBeanForApi.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/remote/util/SpringContextBeanForApi.java
@@ -1,6 +1,6 @@
 
 
-package com.bbn.marti.util.spring;
+package com.bbn.marti.remote.util;
 
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
diff --git a/src/takserver-core/src/main/java/tak/server/config/websocket/MartiSocketUserDetails.java b/src/takserver-common/src/main/java/com/bbn/marti/util/spring/MartiSocketUserDetails.java
similarity index 84%
rename from src/takserver-core/src/main/java/tak/server/config/websocket/MartiSocketUserDetails.java
rename to src/takserver-common/src/main/java/com/bbn/marti/util/spring/MartiSocketUserDetails.java
index e26127df..d5371be5 100644
--- a/src/takserver-core/src/main/java/tak/server/config/websocket/MartiSocketUserDetails.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/util/spring/MartiSocketUserDetails.java
@@ -1,4 +1,4 @@
-package tak.server.config.websocket;
+package com.bbn.marti.util.spring;
 
 import java.security.cert.X509Certificate;
 
@@ -13,4 +13,6 @@ public interface MartiSocketUserDetails extends UserDetails {
 
     X509Certificate getCert();
 
+    String getToken();
+
 }
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/util/spring/MartiSocketUserDetailsImpl.java b/src/takserver-common/src/main/java/com/bbn/marti/util/spring/MartiSocketUserDetailsImpl.java
similarity index 95%
rename from src/takserver-core/src/main/java/com/bbn/marti/util/spring/MartiSocketUserDetailsImpl.java
rename to src/takserver-common/src/main/java/com/bbn/marti/util/spring/MartiSocketUserDetailsImpl.java
index c15ebe14..fa5bf21f 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/util/spring/MartiSocketUserDetailsImpl.java
+++ b/src/takserver-common/src/main/java/com/bbn/marti/util/spring/MartiSocketUserDetailsImpl.java
@@ -5,7 +5,6 @@
 import com.bbn.marti.remote.groups.User;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import tak.server.config.websocket.MartiSocketUserDetails;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
 import java.util.Collections;
@@ -72,6 +71,11 @@ public X509Certificate getCert() {
         return user.getCert();
     }
 
+    @Override
+    public String getToken() {
+        return user.getToken();
+    }
+
     @Override
     public String toString() {
         return "TakServerUserDetails " + getUsername() + " " + getCert();
diff --git a/src/takserver-common/src/main/java/tak/server/cache/TakIgniteSpringCacheManager.java b/src/takserver-common/src/main/java/tak/server/cache/TakIgniteSpringCacheManager.java
index f49a12de..4f9b202c 100644
--- a/src/takserver-common/src/main/java/tak/server/cache/TakIgniteSpringCacheManager.java
+++ b/src/takserver-common/src/main/java/tak/server/cache/TakIgniteSpringCacheManager.java
@@ -19,20 +19,17 @@
 import org.apache.ignite.configuration.NearCacheConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.Cache;
 import org.springframework.cache.support.SimpleValueWrapper;
 import org.springframework.context.event.ContextRefreshedEvent;
 
 import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 import tak.server.Constants;
 
 public class TakIgniteSpringCacheManager extends SpringCacheManager {
 
-	@Autowired
-	CoreConfig config;
-
 	private static final Logger logger = LoggerFactory.getLogger(TakIgniteSpringCacheManager.class);
 
 	private Ignite visibleIgnite = null;
@@ -84,6 +81,7 @@ public TakIgniteSpringCacheManager(Ignite ignite) {
 		if (cache == null) {
 
 			CacheConfiguration<Object, Object> cacheConfig = new CacheConfiguration<>(name);
+			CoreConfig config = CoreConfigFacade.getInstance();
 
 			if (config.getRemoteConfiguration().getBuffer().getQueue().isEnableCacheGroupPerName()) {
 				cacheConfig.setGroupName("takserver-cache-group-" + name);
diff --git a/src/takserver-common/src/main/java/tak/server/feeds/DataFeedStatsHelper.java b/src/takserver-common/src/main/java/tak/server/feeds/DataFeedStatsHelper.java
index 79e1cfa4..c53f1acc 100644
--- a/src/takserver-common/src/main/java/tak/server/feeds/DataFeedStatsHelper.java
+++ b/src/takserver-common/src/main/java/tak/server/feeds/DataFeedStatsHelper.java
@@ -170,16 +170,16 @@ public boolean addStatsForDataFeedMessage(String dfUUID, String dfCotType, doubl
             Double latObj = Double.valueOf(dfLat);
             Double lonObj = Double.valueOf(dfLon);
             dfMinLat = ignite.atomicReference(getDataFeedMinLatKey(dfUUID), latObj, true);
-            if(latObj.compareTo(dfMinLat.get()) < 0)
+            if (latObj.compareTo(dfMinLat.get()) < 0)
                 dfMinLat.set(latObj);
             dfMaxLat = ignite.atomicReference(getDataFeedMaxLatKey(dfUUID), latObj, true);
-            if(latObj.compareTo(dfMaxLat.get()) > 0)
+            if (latObj.compareTo(dfMaxLat.get()) > 0)
                 dfMaxLat.set(latObj);
             dfMinLon = ignite.atomicReference(getDataFeedMinLonKey(dfUUID), lonObj, true);
-            if(lonObj.compareTo(dfMinLon.get()) < 0)
+            if (lonObj.compareTo(dfMinLon.get()) < 0)
                 dfMinLon.set(lonObj);
             dfMaxLon = ignite.atomicReference(getDataFeedMaxLonKey(dfUUID), lonObj, true);
-            if(lonObj.compareTo(dfMaxLon.get()) > 0)
+            if (lonObj.compareTo(dfMaxLon.get()) > 0)
                 dfMaxLon.set(lonObj);
         } catch(IgniteException ie) {
             logger.error("Unable to update the min/max for Lat/Lon for Datafeed UUID: {} - {}", dfUUID, ie.getMessage());
diff --git a/src/takserver-common/src/main/java/tak/server/ignite/IgniteConfigurationHolder.java b/src/takserver-common/src/main/java/tak/server/ignite/IgniteConfigurationHolder.java
index ea0f1a67..85709a18 100644
--- a/src/takserver-common/src/main/java/tak/server/ignite/IgniteConfigurationHolder.java
+++ b/src/takserver-common/src/main/java/tak/server/ignite/IgniteConfigurationHolder.java
@@ -1,10 +1,16 @@
 package tak.server.ignite;
 
+import java.io.FileNotFoundException;
+import java.io.IOException;
 import java.nio.file.FileSystem;
 import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.concurrent.TimeUnit;
 
 import org.apache.ignite.IgniteCheckedException;
 import org.apache.ignite.IgniteLogger;
@@ -24,7 +30,15 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.bbn.marti.config.TAKIgniteConfiguration;
+import com.bbn.marti.remote.exception.NotFoundException;
+import com.bbn.marti.remote.exception.TakException;
+
 import tak.server.Constants;
+import tak.server.util.ActiveProfiles;
+import tak.server.util.JAXBUtils;
+
+import jakarta.xml.bind.JAXBException;
 
 public class IgniteConfigurationHolder {
 
@@ -32,6 +46,57 @@ public class IgniteConfigurationHolder {
 
 	private static final Logger logger = LoggerFactory.getLogger(IgniteConfigurationHolder.class);
 
+	public String CONFIG_FILE = null;
+	private final String DEFAULT_CONFIG_FILE = "TAKIgniteConfig.xml";
+	private final String EXAMPLE_BASE_CONFIG_FILE = "TAKIgniteConfig.example.xml";
+	private final int IGNITE_POOL_SIZE_LIMIT = 1024;
+
+
+	// our TAK specific Ignite configuration
+	private TAKIgniteConfiguration takIgniteConfiguration;
+	// Ignite's configuration
+	private IgniteConfiguration configuration;
+
+	private IgniteConfigurationHolder() {
+		// Load TAKIgniteConfig.xml from file. This always needs to be done first - even
+		// when using the cluster. We need to look at the config file to figure if
+		// clustering is enabled, and
+		// whether we are using Kubernetes. This info is important for ignite
+		// (distributed cache) initialization.
+		TAKIgniteConfiguration conf = null;
+		try {
+			CONFIG_FILE = DEFAULT_CONFIG_FILE;
+			Path configPath = Paths.get(CONFIG_FILE);
+
+			if (!Files.exists(configPath)) {
+			   if (!Files.exists(Paths.get(EXAMPLE_BASE_CONFIG_FILE))) {
+				   throw new NotFoundException("The TAKIgniteConfiguration file '" + CONFIG_FILE + "' and the example file '" +
+						  EXAMPLE_BASE_CONFIG_FILE + "' do not exist!");
+			   } else {
+				   Files.copy(Paths.get(EXAMPLE_BASE_CONFIG_FILE), configPath);
+				   configPath.toFile().setWritable(true);
+			   }
+			}
+
+			conf = JAXBUtils.loadJAXifiedXML(CONFIG_FILE, TAKIgniteConfiguration.class.getPackage().getName());
+
+		} catch (NotFoundException | NoSuchFileException nfe) {
+			logger.debug("Config file does not exist");
+		} catch (Exception e) {
+			logger.error("Exception parsing config", e);
+			throw new TakException(e);
+		}
+
+		// for unit tests - this was copied from LocalConfiguration but we shouldn't have test code in production code.
+		// TODO: Use a mock or better approach
+		if (conf == null) {
+			conf = new TAKIgniteConfiguration();
+		}
+
+		this.takIgniteConfiguration = conf;
+
+	}
+
 	public static IgniteConfigurationHolder getInstance() {
 		if (instance == null) {
 			synchronized (IgniteConfigurationHolder.class) {
@@ -44,38 +109,149 @@ public static IgniteConfigurationHolder getInstance() {
 		return instance;
 	}
 
-	private IgniteConfiguration configuration;
+	public void setIgniteConfiguration(IgniteConfiguration configuration) {
+		this.configuration = configuration;
+	}
+
+	/**
+	 * This is the underlying XML configuration used to configure the IgniteConfiguration initially from the file
+	 * @return
+	 */
+	public TAKIgniteConfiguration getTAKIgniteConfiguration()
+	{
+		return takIgniteConfiguration;
+	}
 
-	public IgniteConfiguration getConfiguration() {
+	/**
+	 * This is the underlying XML configuration used to configure the IgniteConfiguration initially from the file
+	 * @return
+	 */
+	public void setTAKIgniteConfiguration(TAKIgniteConfiguration takIgniteConfiguration)
+	{
+		this.takIgniteConfiguration = takIgniteConfiguration;
+	}
 
+	public IgniteConfiguration getIgniteConfiguration()
+	{
 		if (configuration == null) {
-			logger.warn("ignite configuration not populated yet");
+
+			System.out.println("messaging process Xmx (bytes) " + Runtime.getRuntime().maxMemory());
+
+			// Note - using System.out here instead of logger due to logger init race
+			if (takIgniteConfiguration.getCacheOffHeapMaxSizeBytes() == -1) {
+				// this RAM calculation is a rough estimate based on JVM maxMemory(). Use explicit size (CoreConfig cacheOffHeapMaxSizeBytes to be exact).
+				takIgniteConfiguration.setCacheOffHeapMaxSizeBytes((long) (Runtime.getRuntime().maxMemory() * takIgniteConfiguration.getCacheOffHeapPercentageMax()));
+			}
+			System.out.println("cache computed offheap max size " + takIgniteConfiguration.getCacheOffHeapMaxSizeBytes() + " bytes");
+
+			if (takIgniteConfiguration.getCacheOffHeapInitialSizeBytes() == -1) {
+				// this RAM calculation is a rough estimate based on JVM maxMemory(). Use explicit size (CoreConfig cacheOffHeapMaxSizeBytes to be exact).
+				takIgniteConfiguration.setCacheOffHeapInitialSizeBytes((long) (Runtime.getRuntime().maxMemory() * takIgniteConfiguration.getCacheOffHeapPercentageInitial()));
+			}
+			System.out.println("cache computed offheap initial size " + takIgniteConfiguration.getCacheOffHeapInitialSizeBytes() + " bytes");
+
+
+			if ((!takIgniteConfiguration.isEmbeddedIgnite())	&& (ActiveProfiles.getInstance().isApiProfileActive() || ActiveProfiles.getInstance().isMonolithProfileActive() ||
+				ActiveProfiles.getInstance().isMessagingProfileActive() || ActiveProfiles.getInstance().isConfigProfileActive())) {
+				takIgniteConfiguration.setEmbeddedIgnite(true);
+			}
+
+			System.out.println("ignite thread pool size: " + takIgniteConfiguration.getIgnitePoolSize());
+
+			// set ignite pool size based on processor count
+			if (takIgniteConfiguration.getIgnitePoolSize() < 1) {
+				takIgniteConfiguration.setIgnitePoolSize(Runtime.getRuntime().availableProcessors() * takIgniteConfiguration.getIgnitePoolSizeMultiplier());
+
+				if (takIgniteConfiguration.getIgnitePoolSize() > IGNITE_POOL_SIZE_LIMIT) { // ignite hard limit on pool size
+					takIgniteConfiguration.setIgnitePoolSize(IGNITE_POOL_SIZE_LIMIT);
+				}
+			}
+
+			configuration = getIgniteConfiguration(ActiveProfiles.getInstance().getProfile(), takIgniteConfiguration);
 		}
-	
+
 		return configuration;
 	}
 
-	public void setConfiguration(IgniteConfiguration configuration) {
-		this.configuration = configuration;
+	// It is preferred to let the class set this from the config file but this allows overriding the values for the legacy
+	// code that touches this directly
+	public TAKIgniteConfiguration getTAKIgniteConfiguration(String igniteHost, boolean isCluster, boolean isKubernetes, boolean isEmbedded,
+															boolean isMulticastDiscovery, @Nullable Integer nonMulticastDiscoveryPort,
+													  @Nullable Integer nonMulticastDiscoveryPortCount, Integer communicationPort,
+															Integer communicationPortCount, int maxQueue, long workerTimeoutMilliseconds,
+															long dataRegionInitialSize, long dataRegionMaxSize) {
+		return getTAKIgniteConfiguration(igniteHost, isCluster, isKubernetes, isEmbedded, isMulticastDiscovery,
+				nonMulticastDiscoveryPort, nonMulticastDiscoveryPortCount, communicationPort, communicationPortCount,
+				maxQueue, workerTimeoutMilliseconds, dataRegionInitialSize, dataRegionMaxSize, -1, false,
+				-1.f, false, false, -1,
+				false, -1, -1, -1);
 	}
-	
-	public IgniteConfiguration getIgniteConfiguration(String igniteProfile, String igniteHost, boolean isCluster, boolean isKubernetes, boolean isEmbedded, boolean isMulticastDiscovery, @Nullable Integer nonMulticastDiscoveryPort,
-            @Nullable Integer nonMulticastDiscoveryPortCount, Integer communicationPort, Integer communicationPortCount, int maxQueue, long workerTimeoutMilliseconds, long dataRegionInitialSize, long dataRegionMaxSize) {
-		return getIgniteConfiguration(igniteProfile, igniteHost, isCluster, isKubernetes, isEmbedded, isMulticastDiscovery, nonMulticastDiscoveryPort, nonMulticastDiscoveryPortCount, communicationPort, communicationPortCount, 
-				maxQueue, workerTimeoutMilliseconds, dataRegionInitialSize, dataRegionMaxSize, -1, false, -1.f, false, false, -1, false, -1, -1, -1);
+
+	// It is preferred to let the class set this from the config file but this allows overriding the values for the legacy
+	// code that touches this directly
+	public TAKIgniteConfiguration getTAKIgniteConfiguration(String igniteHost, boolean isCluster, boolean isKubernetes,
+															boolean isEmbedded, boolean isMulticastDiscovery, @Nullable Integer nonMulticastDiscoveryPort,
+													        @Nullable Integer nonMulticastDiscoveryPortCount, Integer communicationPort,
+															Integer communicationPortCount, int maxQueue, long workerTimeoutMilliseconds,
+															long dataRegionInitialSize, long dataRegionMaxSize, int poolSize,
+															boolean enablePersistence, float evictionThreshold, boolean ignitePoolSizeUseDefaultsForApi,
+															boolean igniteDefaultSpiConnectionsPerNode, int igniteExplicitSpiConnectionsPerNode,
+															boolean apiServiceIgniteServer, long spiConnectionTimeoutMs,
+															long clientConnectionTimeoutMs, long failureDetectionTimeoutMs) {
+
+		takIgniteConfiguration.setIgniteHost(igniteHost);
+		takIgniteConfiguration.setClusterEnabled(isCluster);
+		takIgniteConfiguration.setClusterKubernetes(isKubernetes);
+		takIgniteConfiguration.setEmbeddedIgnite(isEmbedded);
+		takIgniteConfiguration.setIgniteMulticast(isMulticastDiscovery);
+		takIgniteConfiguration.setIgniteNonMulticastDiscoveryPort(nonMulticastDiscoveryPort);
+		takIgniteConfiguration.setIgniteNonMulticastDiscoveryPortCount(nonMulticastDiscoveryPortCount);
+		takIgniteConfiguration.setIgniteCommunicationPort(communicationPort);
+		takIgniteConfiguration.setIgniteCommunicationPortCount(communicationPortCount);
+		takIgniteConfiguration.setCapacity(maxQueue);
+		takIgniteConfiguration.setIgniteWorkerTimeoutMilliseconds(Long.valueOf(workerTimeoutMilliseconds));
+		takIgniteConfiguration.setCacheOffHeapInitialSizeBytes(dataRegionInitialSize);
+		takIgniteConfiguration.setCacheOffHeapMaxSizeBytes(dataRegionMaxSize);
+		takIgniteConfiguration.setIgnitePoolSize(poolSize);
+		takIgniteConfiguration.setEnableCachePersistence(enablePersistence);
+		takIgniteConfiguration.setCacheOffHeapEvictionThreshold(evictionThreshold);
+		takIgniteConfiguration.setIgnitePoolSizeUseDefaultsForApi(ignitePoolSizeUseDefaultsForApi);
+		takIgniteConfiguration.setIgniteDefaultSpiConnectionsPerNode(igniteDefaultSpiConnectionsPerNode);
+		takIgniteConfiguration.setIgniteExplicitSpiConnectionsPerNode(igniteExplicitSpiConnectionsPerNode);
+		takIgniteConfiguration.setIgniteApiServerMode(apiServiceIgniteServer);
+		if (spiConnectionTimeoutMs < 0) {
+			takIgniteConfiguration.setIgniteConnectionTimeoutSeconds(spiConnectionTimeoutMs);
+		} else {
+			takIgniteConfiguration.setIgniteConnectionTimeoutSeconds(TimeUnit.MILLISECONDS.toSeconds(spiConnectionTimeoutMs));
+		}
+
+		if (clientConnectionTimeoutMs < 0) {
+			takIgniteConfiguration.setIgniteClientConnectionTimeoutSeconds(clientConnectionTimeoutMs);
+		} else {
+			takIgniteConfiguration.setIgniteClientConnectionTimeoutSeconds(TimeUnit.MILLISECONDS.toSeconds(clientConnectionTimeoutMs));
+		}
+
+		if (failureDetectionTimeoutMs < 0) {
+			takIgniteConfiguration.setIgniteFailureDetectionTimeoutSeconds(failureDetectionTimeoutMs);
+		} else {
+			takIgniteConfiguration.setIgniteFailureDetectionTimeoutSeconds(TimeUnit.MILLISECONDS.toSeconds(failureDetectionTimeoutMs));
+		}
+
+		return takIgniteConfiguration;
 	}
 
-	public IgniteConfiguration getIgniteConfiguration(String igniteProfile, String igniteHost, boolean isCluster, boolean isKubernetes, boolean isEmbedded, boolean isMulticastDiscovery, @Nullable Integer nonMulticastDiscoveryPort,
-	                                                  @Nullable Integer nonMulticastDiscoveryPortCount, Integer communicationPort, Integer communicationPortCount, int maxQueue, long workerTimeoutMilliseconds, long dataRegionInitialSize, long dataRegionMaxSize, int poolSize, boolean enablePersistence, double evictionThreashold,
-	                                                  boolean ignitePoolSizeUseDefaultsForApi, boolean igniteDefaultSpiConnectionsPerNode, int igniteExplicitSpiConnectionsPerNode, boolean apiServiceIgniteServer,
-	                                                  long spiConnectionTimeoutMs, long clientConnectionTimeoutMs, long failureDetectionTimeoutMs) {
-		
-		if (isCluster) {
+
+	// It is preferred to let the class set this from the config file but this allows overriding the values for the legacy
+	// code that touches this directly
+	public IgniteConfiguration getIgniteConfiguration(String igniteProfile, TAKIgniteConfiguration takIgniteConfiguration) {
+
+
+		if (takIgniteConfiguration.isClusterEnabled()) {
 			IgniteConfiguration clusterConf = new IgniteConfiguration();
 
 			TcpDiscoverySpi tds = new TcpDiscoverySpi();
 
-			if (isKubernetes) {
+			if (takIgniteConfiguration.isClusterKubernetes()) {
 
 				TcpDiscoveryKubernetesIpFinder ipFinder = new TcpDiscoveryKubernetesIpFinder();
 
@@ -109,9 +285,6 @@ public IgniteConfiguration getIgniteConfiguration(String igniteProfile, String i
 
 		} else {
 
-			@SuppressWarnings("unused")
-			boolean isMessagingProfile = igniteProfile.equals(Constants.MESSAGING_PROFILE_NAME);
-
 			IgniteConfiguration standaloneConf = new IgniteConfiguration();
 
 			String defaultWorkDir = "/opt/tak";
@@ -125,74 +298,77 @@ public IgniteConfiguration getIgniteConfiguration(String igniteProfile, String i
 
 			TcpDiscoverySpi spi = new TcpDiscoverySpi();
 			
-			if (!isMulticastDiscovery) {
+			if (!takIgniteConfiguration.isIgniteMulticast()) {
 
 				TcpDiscoveryVmIpFinder ipFinder = new TcpDiscoveryVmIpFinder();
 
-				String address = igniteHost + ":" + nonMulticastDiscoveryPort + ".." + (nonMulticastDiscoveryPort + nonMulticastDiscoveryPortCount); 
+				String address = takIgniteConfiguration.getIgniteHost() + ":" + takIgniteConfiguration.getIgniteNonMulticastDiscoveryPort() +
+						".." + (takIgniteConfiguration.getIgniteNonMulticastDiscoveryPort() + takIgniteConfiguration.getIgniteNonMulticastDiscoveryPortCount());
 				ipFinder.setAddresses(Arrays.asList(address));
 				
 				logger.trace("ignite grid discovery address: {}", address);
 
 				spi.setIpFinder(ipFinder);
 
-				if (nonMulticastDiscoveryPort != null) {
-					spi.setLocalPort(nonMulticastDiscoveryPort);
-				}
-				if (nonMulticastDiscoveryPortCount != null) {
-					spi.setLocalPortRange(nonMulticastDiscoveryPortCount);
-				}
+				spi.setLocalPort(takIgniteConfiguration.getIgniteNonMulticastDiscoveryPort());
+				spi.setLocalPortRange(takIgniteConfiguration.getIgniteNonMulticastDiscoveryPortCount());
 			}
 			
 			standaloneConf.setDiscoverySpi(spi);
 			TcpCommunicationSpi tcpSpiConf = new TcpCommunicationSpi();
-			tcpSpiConf.setLocalPort(communicationPort);
-			tcpSpiConf.setLocalPortRange(communicationPortCount);
-			tcpSpiConf.setLocalAddress(igniteHost);
-			tcpSpiConf.setMessageQueueLimit(maxQueue);
-			
-			if (spiConnectionTimeoutMs > -1) {
-				tcpSpiConf.setConnectTimeout(spiConnectionTimeoutMs); // milliseconds
+			tcpSpiConf.setLocalPort(takIgniteConfiguration.getIgniteCommunicationPort());
+			tcpSpiConf.setLocalPortRange(takIgniteConfiguration.getIgniteCommunicationPortCount());
+			tcpSpiConf.setLocalAddress(takIgniteConfiguration.getIgniteHost());
+			tcpSpiConf.setMessageQueueLimit(takIgniteConfiguration.getCapacity());
+
+			if (takIgniteConfiguration.getIgniteConnectionTimeoutSeconds() > -1) {
+				tcpSpiConf.setConnectTimeout(TimeUnit.SECONDS.toMillis(takIgniteConfiguration.getIgniteConnectionTimeoutSeconds())); // milliseconds
 			}
 
-            standaloneConf.setLocalHost(igniteHost);
+            standaloneConf.setLocalHost(takIgniteConfiguration.getIgniteHost());
 
-            if (igniteDefaultSpiConnectionsPerNode) {
+            if (takIgniteConfiguration.isIgniteDefaultSpiConnectionsPerNode()) {
 				// use default
-			} else if (igniteExplicitSpiConnectionsPerNode < 1) {
+			} else if (takIgniteConfiguration.getIgniteExplicitSpiConnectionsPerNode() < 1) {
 				// autodetect to num CPU cores
 				tcpSpiConf.setConnectionsPerNode(Runtime.getRuntime().availableProcessors());
 			} else {
-				tcpSpiConf.setConnectionsPerNode(igniteExplicitSpiConnectionsPerNode);
+				tcpSpiConf.setConnectionsPerNode(takIgniteConfiguration.getIgniteExplicitSpiConnectionsPerNode());
 			}
 			
 			// Using System.out due to log init race
 			System.out.println("Ignite SPI connections per node: " + tcpSpiConf.getConnectionsPerNode());
 			
 			standaloneConf.setCommunicationSpi(tcpSpiConf);
-			
+
+			boolean isIgniteApiServerMode = false;
+			if (ActiveProfiles.getInstance().isApiProfileActive() && takIgniteConfiguration.isIgniteApiServerMode()) {
+				isIgniteApiServerMode = true;
+			}
+
 			// If this process is the API micro-service, optionally run in ignite embedded server mode. In standalone, messaging service is always an ignite server. Plugin manager and retention service are always ignite clients. 
-			if (apiServiceIgniteServer) {
+			if (isIgniteApiServerMode) {
 				standaloneConf.setClientMode(false);
 			} else {
-				standaloneConf.setClientMode(!isEmbedded);
+				standaloneConf.setClientMode(!takIgniteConfiguration.isEmbeddedIgnite());
 			}
 			standaloneConf.setIgniteInstanceName(Constants.IGNITE_INSTANCE_NAME);
 
 			standaloneConf.setUserAttributes(Collections.singletonMap(Constants.TAK_PROFILE_KEY, igniteProfile));
 			
 			standaloneConf.setFailureHandler(new NoOpFailureHandler());
-			
-			if (clientConnectionTimeoutMs > -1) {
-				standaloneConf.setClientFailureDetectionTimeout(clientConnectionTimeoutMs);
+
+			if (takIgniteConfiguration.getIgniteClientConnectionTimeoutSeconds() > -1) {
+				standaloneConf.setClientFailureDetectionTimeout(TimeUnit.SECONDS.toMillis(takIgniteConfiguration.getIgniteClientConnectionTimeoutSeconds()));
 			}
-			
-			if (failureDetectionTimeoutMs > -1) {
+
+			if (takIgniteConfiguration.getIgniteFailureDetectionTimeoutSeconds() > -1) {
+				long failureDetectionTimeoutMs = TimeUnit.SECONDS.toMillis(takIgniteConfiguration.getIgniteFailureDetectionTimeoutSeconds());
 				standaloneConf.setFailureDetectionTimeout(failureDetectionTimeoutMs);
 				standaloneConf.setSystemWorkerBlockedTimeout(failureDetectionTimeoutMs);
 			}
 			
-			if (isEmbedded) {
+			if (takIgniteConfiguration.isEmbeddedIgnite()) {
 
 				DataStorageConfiguration storageConfig = new DataStorageConfiguration();
 
@@ -200,25 +376,20 @@ public IgniteConfiguration getIgniteConfiguration(String igniteProfile, String i
 				takserverStorageRegion.setName("takserver-cache-region");
 				takserverStorageRegion.setPageEvictionMode(DataPageEvictionMode.RANDOM_2_LRU); // cache eviction policy
 
-				if (evictionThreashold != -1.f) {
-					takserverStorageRegion.setEvictionThreshold(evictionThreashold);
-				}
-				
-				takserverStorageRegion.setInitialSize(dataRegionInitialSize);
-				takserverStorageRegion.setMaxSize(dataRegionMaxSize);
-				
-				if (enablePersistence) {
-					takserverStorageRegion.setPersistenceEnabled(true);
+				if (takIgniteConfiguration.getCacheOffHeapEvictionThreshold() != -1.f) {
+					takserverStorageRegion.setEvictionThreshold(takIgniteConfiguration.getCacheOffHeapEvictionThreshold());
 				}
-			
+
+
+				takserverStorageRegion.setInitialSize(takIgniteConfiguration.getCacheOffHeapInitialSizeBytes());
+				takserverStorageRegion.setMaxSize(takIgniteConfiguration.getCacheOffHeapMaxSizeBytes());
+
 				storageConfig.setDefaultDataRegionConfiguration(takserverStorageRegion);
-				
-				if (enablePersistence) {
-					
+
+				if (takIgniteConfiguration.isEnableCachePersistence()) {
+					takserverStorageRegion.setPersistenceEnabled(true);
 					String basePath = Paths.get("").toAbsolutePath().toString();
-					
 					FileSystem fs = FileSystems.getDefault();
-					
 					storageConfig.setStoragePath(basePath + fs.getSeparator() + "tmp" + fs.getSeparator() + "cache-" +  igniteProfile);
 				}
 
@@ -226,12 +397,13 @@ public IgniteConfiguration getIgniteConfiguration(String igniteProfile, String i
 			} else { // client mode - API process
 				ClientConnectorConfiguration ccc = standaloneConf.getClientConnectorConfiguration();
 
-				if (poolSize > ccc.getThreadPoolSize()) {
-					ccc.setThreadPoolSize(poolSize);
+				if (takIgniteConfiguration.getIgnitePoolSize() > ccc.getThreadPoolSize()) {
+					ccc.setThreadPoolSize(takIgniteConfiguration.getIgnitePoolSize());
 				}
 			}
 
-			if (!isEmbedded && !ignitePoolSizeUseDefaultsForApi) {
+			if (!takIgniteConfiguration.isEmbeddedIgnite() && !takIgniteConfiguration.isIgnitePoolSizeUseDefaultsForApi()) {
+				int poolSize = takIgniteConfiguration.getIgnitePoolSize();
 				if (poolSize > 0) {
 					// ignite thread pools
 					standaloneConf.setSystemThreadPoolSize(poolSize + 1);
@@ -251,4 +423,17 @@ public IgniteConfiguration getIgniteConfiguration(String igniteProfile, String i
 			return standaloneConf;
 		}
 	}
+
+	public void saveChanges() {
+		try {
+			synchronized (TAKIgniteConfiguration.class) {
+				JAXBUtils.saveJAXifiedObject(CONFIG_FILE, takIgniteConfiguration, false);
+			}
+		} catch (FileNotFoundException fnfe) {
+			// do nothing. Happens in unit test.
+		} catch (JAXBException | IOException e) {
+			throw new RuntimeException(e);
+		}
+	}
+
 }
diff --git a/src/takserver-common/src/main/java/tak/server/ignite/IgniteHolder.java b/src/takserver-common/src/main/java/tak/server/ignite/IgniteHolder.java
index 3dfbacc5..8dd39470 100644
--- a/src/takserver-common/src/main/java/tak/server/ignite/IgniteHolder.java
+++ b/src/takserver-common/src/main/java/tak/server/ignite/IgniteHolder.java
@@ -20,7 +20,7 @@ public class IgniteHolder {
 	private String igniteStringId = null;
 	
 	private IgniteHolder() {
-		ignite = Ignition.getOrStart(IgniteConfigurationHolder.getInstance().getConfiguration());
+		ignite = Ignition.getOrStart(IgniteConfigurationHolder.getInstance().getIgniteConfiguration());
 
 		ignite.cluster().active(true);
 	}
diff --git a/src/takserver-common/src/main/java/tak/server/ignite/cache/IgniteCacheHolder.java b/src/takserver-common/src/main/java/tak/server/ignite/cache/IgniteCacheHolder.java
index 37de274c..ef226d03 100644
--- a/src/takserver-common/src/main/java/tak/server/ignite/cache/IgniteCacheHolder.java
+++ b/src/takserver-common/src/main/java/tak/server/ignite/cache/IgniteCacheHolder.java
@@ -1,14 +1,23 @@
 package tak.server.ignite.cache;
 
 import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
 
 import org.apache.ignite.IgniteCache;
+import org.apache.ignite.cache.query.QueryCursor;
+import org.apache.ignite.cache.query.SqlFieldsQuery;
 import org.apache.ignite.cache.query.annotations.QuerySqlFunction;
 import org.apache.ignite.configuration.CacheConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import com.bbn.marti.remote.RemoteSubscription;
+import com.bbn.marti.remote.util.RemoteUtil;
 
 import tak.server.Constants;
+import tak.server.cot.CotEventContainer;
 import tak.server.ignite.IgniteHolder;
 
 public final class IgniteCacheHolder {
@@ -16,9 +25,14 @@ public final class IgniteCacheHolder {
 	private static IgniteCache<String, RemoteSubscription>  igniteSubscriptionUidTrackerCache = null;
 	private static IgniteCache<String, RemoteSubscription>  igniteSubscriptionClientUidTrackerCache = null;
 
+	private static IgniteCache<String, String>  igniteLatestSAConnectionUidCache = null;
+	
 	private static IgniteCache<String, String>  iginteUserOutboundGroupCache = null;
 	private static IgniteCache<String, String>  iginteUserInboundGroupCache = null;
+	private static final Logger logger = LoggerFactory.getLogger(IgniteCacheHolder.class);
 	
+	 public static final int GROUPS_BIT_VECTOR_LEN = 32768;
+	 
 	public static void cacheRemoteSubscription(RemoteSubscription sub) {
 		sub.prepareForSerialization();
 		
@@ -55,6 +69,17 @@ public static IgniteCache<String, RemoteSubscription> getIgniteSubscriptionClien
 		return igniteSubscriptionClientUidTrackerCache;
 	}
 	
+	public static IgniteCache<String, String> getIgniteLatestSAConnectionUidCache() {
+    	if (igniteLatestSAConnectionUidCache == null) {
+    		initGroupCaches();
+    		CacheConfiguration<String, String> cacheCfg = new CacheConfiguration<>(Constants.INGITE_LATEST_SA_CONNECTION_UID_CACHE);
+    		cacheCfg.setIndexedTypes(String.class, String.class);
+    		igniteLatestSAConnectionUidCache = IgniteHolder.getInstance().getIgnite().getOrCreateCache(cacheCfg);
+		}
+		
+		return igniteLatestSAConnectionUidCache;
+	}
+	
 	public static IgniteCache<String, String> getIgniteUserOutboundGroupCache() {
     	if (iginteUserOutboundGroupCache == null) {
     		CacheConfiguration<String, String> cacheCfg = new CacheConfiguration<>(Constants.IGNITE_USER_OUTBOUND_GROUP_CACHE);
@@ -87,6 +112,24 @@ public static int groupVectorAnd(String fromCache, String toMatch) {
 	    }
 	}
 	
+	public static Collection<String> getAllLatestSAsForGroupVector(String groupVector) {	
+		Collection<String> sas = new ArrayList<>();
+
+		SqlFieldsQuery qry = new SqlFieldsQuery("Select lsa._VAL from \"" + Constants.INGITE_LATEST_SA_CONNECTION_UID_CACHE + "\".String lsa, \"" + Constants.IGNITE_USER_OUTBOUND_GROUP_CACHE +  "\".String og where lsa._KEY = og._KEY "
+		+" and bitand(cast(lpad(?," + GROUPS_BIT_VECTOR_LEN + ",'0') as binary), cast(lpad(og._VAL, " + GROUPS_BIT_VECTOR_LEN + ", '0') as binary)) <> cast(lpad('0000', " + GROUPS_BIT_VECTOR_LEN + " ,'0') as long)");
+		qry.setArgs(groupVector);	
+		SqlFieldsQuery saQry = qry;
+		try (QueryCursor<List<?>> cursor = getIgniteLatestSAConnectionUidCache().query(saQry)) {
+			for (List<?> row : cursor) {
+				for (Object cotColumn : row) {
+					sas.add(cotColumn.toString());
+				}
+			}
+		}
+		
+		return sas;
+	}
+	
 	private static void initGroupCaches() {
 		getIgniteUserInboundGroupCache();
 		getIgniteUserOutboundGroupCache();
diff --git a/src/takserver-common/src/main/java/tak/server/ignite/grid/SubscriptionManagerProxyHandler.java b/src/takserver-common/src/main/java/tak/server/ignite/grid/SubscriptionManagerProxyHandler.java
index ee8a6384..af3dec23 100644
--- a/src/takserver-common/src/main/java/tak/server/ignite/grid/SubscriptionManagerProxyHandler.java
+++ b/src/takserver-common/src/main/java/tak/server/ignite/grid/SubscriptionManagerProxyHandler.java
@@ -2,6 +2,7 @@
 
 import java.util.UUID;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.ignite.cluster.ClusterGroup;
 
 import com.bbn.cluster.ClusterGroupDefinition;
@@ -13,15 +14,11 @@
 import tak.server.ignite.cache.IgniteCacheHolder;
 
 public class SubscriptionManagerProxyHandler {
-	
-	private CoreConfig coreConfig;
-	
-	public SubscriptionManagerProxyHandler(CoreConfig coreConfig) {
-		this.coreConfig = coreConfig;
-	}
+
+	public SubscriptionManagerProxyHandler() { }
 
 	public SubscriptionManagerLite getSubscriptionManagerForClientUid(String uid) {
-		if (coreConfig.getRemoteConfiguration().getCluster().isEnabled()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
 			return getSubscriptionManager(ClusterGroupDefinition.getMessagingClusterDeploymentGroup(IgniteHolder.getInstance().getIgnite())
 					.forNodeId(IgniteCacheHolder.getIgniteSubscriptionClientUidTackerCache().get(uid).originNode));
 		} else {
@@ -30,7 +27,7 @@ public SubscriptionManagerLite getSubscriptionManagerForClientUid(String uid) {
 	}
 
 	public SubscriptionManagerLite getSubscriptionManagerForSubscriptionUid(String uid) {
-		if (coreConfig.getRemoteConfiguration().getCluster().isEnabled()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
 			return getSubscriptionManager(ClusterGroupDefinition.getMessagingClusterDeploymentGroup(IgniteHolder.getInstance().getIgnite())
 					.forNodeId(IgniteCacheHolder.getIgniteSubscriptionUidTackerCache().get(uid).originNode));
 		} else {
diff --git a/src/takserver-common/src/main/java/tak/server/util/ActiveProfiles.java b/src/takserver-common/src/main/java/tak/server/util/ActiveProfiles.java
new file mode 100644
index 00000000..69d7f1bc
--- /dev/null
+++ b/src/takserver-common/src/main/java/tak/server/util/ActiveProfiles.java
@@ -0,0 +1,112 @@
+package tak.server.util;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import tak.server.Constants;
+
+public class ActiveProfiles {
+	private static final Logger logger = LoggerFactory.getLogger(ActiveProfiles.class);
+
+	// Profiles are ways that the same Spring framework can bootstrap the different microservices.  Since they are
+	// *NOT* in common to each other, they are moved here since this facade will be local to each process.
+	String profile = "";
+	boolean monolithProfileActive = false;
+	boolean messagingProfileActive = false;
+	boolean apiProfileActive = false;
+	boolean configProfileActive = false;
+	boolean pluginsProfileActive = false;
+	boolean retentionProfileActive = false;
+	boolean consoleProfileActive = false;
+
+	// Singleton instance
+	private static ActiveProfiles instance = null;
+
+
+	private ActiveProfiles() {
+		String profilesActive = System.getProperty("spring.profiles.active");
+		if (profilesActive != null) {
+			// Due to initialization order, can't use spring environment and therefore
+			// ProfileTracker class yet, so look at the expected system property.
+			String lcProfilesActive = profilesActive.toLowerCase();
+
+			if (lcProfilesActive.contains(tak.server.Constants.MONOLITH_PROFILE_NAME)) {
+				monolithProfileActive = true;
+				profile = tak.server.Constants.MONOLITH_PROFILE_NAME;
+			}
+			if (lcProfilesActive.contains(tak.server.Constants.MESSAGING_PROFILE_NAME)) {
+				messagingProfileActive = true;
+				profile = tak.server.Constants.MESSAGING_PROFILE_NAME;
+			}
+			if (lcProfilesActive.contains(tak.server.Constants.API_PROFILE_NAME)) {
+				apiProfileActive = true;
+				profile = tak.server.Constants.API_PROFILE_NAME;
+			}
+			if (lcProfilesActive.contains(Constants.PLUGINS_ENABLED_PROFILE_NAME)) {
+				pluginsProfileActive = true;
+				profile = Constants.PLUGINS_ENABLED_PROFILE_NAME;
+			}
+			if (lcProfilesActive.contains(Constants.RETENTION_PROFILE_NAME)) {
+				retentionProfileActive = true;
+				profile = Constants.RETENTION_PROFILE_NAME;
+			}
+			if (lcProfilesActive.contains(tak.server.Constants.CONFIG_PROFILE_NAME)) {
+				configProfileActive = true;
+				profile = tak.server.Constants.CONFIG_PROFILE_NAME;
+			}
+
+			if (lcProfilesActive.contains("consolelog")) {
+				consoleProfileActive = true;
+			}
+		}
+	}
+
+	public static ActiveProfiles getInstance() {
+		if (instance == null) {
+			synchronized (ActiveProfiles.class) {
+				if (instance == null) {
+					try {
+						instance = new ActiveProfiles();
+					} catch (Exception e) {
+						if (logger.isErrorEnabled()) {
+							logger.error("Exception instantiating ActiveProfiles : {} ", e);
+						}
+					}
+				}
+			}
+		}
+
+		return instance;
+	}
+
+	public String getProfile() {
+		return profile;
+	}
+
+	public boolean isMonolithProfileActive() {
+		return monolithProfileActive;
+	}
+
+	public boolean isMessagingProfileActive() {
+		return messagingProfileActive;
+	}
+
+	public boolean isApiProfileActive() {
+		return apiProfileActive;
+	}
+
+	public boolean isConfigProfileActive() {
+		return configProfileActive;
+	}
+
+	public boolean isPluginProfileActive() {
+		return pluginsProfileActive;
+	}
+
+	public boolean isRetentionProfileActive() {
+		return retentionProfileActive;
+	}
+
+	public boolean isConsoleProfileActive() {
+		return consoleProfileActive;
+	}
+}
\ No newline at end of file
diff --git a/src/takserver-common/src/main/java/tak/server/util/Association.java b/src/takserver-common/src/main/java/tak/server/util/Association.java
index 08193d05..e58717d3 100644
--- a/src/takserver-common/src/main/java/tak/server/util/Association.java
+++ b/src/takserver-common/src/main/java/tak/server/util/Association.java
@@ -36,7 +36,7 @@ public V setValue(V value) {
 	
 	@Override
 	public boolean equals(Object other) {
-		if(this != other) {
+		if (this != other) {
 			if (other != null && other instanceof Association) {
 				Association that = (Association) other;
 				return getKey().equals(that.getKey());
diff --git a/src/takserver-common/src/main/java/tak/server/util/DataSourceUtils.java b/src/takserver-common/src/main/java/tak/server/util/DataSourceUtils.java
index f9a785fc..0c28251c 100644
--- a/src/takserver-common/src/main/java/tak/server/util/DataSourceUtils.java
+++ b/src/takserver-common/src/main/java/tak/server/util/DataSourceUtils.java
@@ -4,12 +4,12 @@
 import java.sql.ResultSet;
 import java.util.Properties;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.bbn.marti.config.Repository;
 import com.bbn.marti.config.Connection;
-import com.bbn.marti.remote.CoreConfig;
 import com.zaxxer.hikari.HikariConfig;
 import com.zaxxer.hikari.HikariDataSource;
 
@@ -18,9 +18,9 @@ public class DataSourceUtils {
 	
 	private static final Logger logger = LoggerFactory.getLogger(DataSourceUtils.class);
 
-	public static HikariDataSource setupDataSourceFromCoreConfig(CoreConfig coreConfig) {
+	public static HikariDataSource setupDataSourceFromCoreConfig() {
 		
-	    Repository repository = coreConfig.getRemoteConfiguration().getRepository();
+	    Repository repository = CoreConfigFacade.getInstance().getRemoteConfiguration().getRepository();
 	    Connection coreDbConnection = repository.getConnection();
 
         int max_connections = 0;
@@ -50,7 +50,7 @@ public static HikariDataSource setupDataSourceFromCoreConfig(CoreConfig coreConf
         // cpus (c5.24xlarge) (max is 1045 regardless)
         int numDbConnections;
         if (repository.isConnectionPoolAutoSize()) {
-            numDbConnections = coreConfig.getRemoteConfiguration().getRepository().getPoolScaleFactor() + (int) Math.min(845, (Runtime.getRuntime().availableProcessors() - 4) * 9.2);
+            numDbConnections = repository.getPoolScaleFactor() + (int) Math.min(845, (Runtime.getRuntime().availableProcessors() - 4) * 9.2);
             numDbConnections = Math.min(Math.max(1, (max_connections - 2) / 2), numDbConnections);
         } else {
             numDbConnections = repository.getNumDbConnections();
diff --git a/src/takserver-common/src/main/java/tak/server/util/JAXBUtils.java b/src/takserver-common/src/main/java/tak/server/util/JAXBUtils.java
new file mode 100644
index 00000000..1b89bd1f
--- /dev/null
+++ b/src/takserver-common/src/main/java/tak/server/util/JAXBUtils.java
@@ -0,0 +1,109 @@
+package tak.server.util;
+
+import org.apache.commons.io.FileUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBException;
+import jakarta.xml.bind.Marshaller;
+import jakarta.xml.bind.Unmarshaller;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+public class JAXBUtils {
+
+    private static final Logger logger = LoggerFactory.getLogger(JAXBUtils.class);
+
+    /**
+     * Parses an XML resource stream to the specified packageName.  It assumes the packageName is valid and that is has been
+     * generated from the schema
+     *
+     * @param xmlInputStream The input stream for the XML data to load
+     * @param packageName    The getConsistentUniqueReadableIdentifier of the package that corresponds to the contents of the file
+     * @param <T>            The type corresponding to the packagename
+     * @return The object of type {@link T} if the file exists, null if it does not
+     * @throws FileNotFoundException If the file was not found
+     * @throws JAXBException         If a parsing exception occurs
+     */
+    public static <T> T loadJAXifiedXML(InputStream xmlInputStream, String packageName) throws FileNotFoundException, JAXBException {
+        JAXBContext jc = JAXBContext.newInstance(packageName);
+        Unmarshaller u = jc.createUnmarshaller();
+        return (T) u.unmarshal(xmlInputStream);
+    }
+
+    /**
+     * Parses an XML file to the specified packageName.  It issumes the packageName is valid and that is has been
+     * generated from the schema
+     *
+     * @param xmlFile     The file to open
+     * @param packageName The name of the package that corresponds to the contents of the file
+     * @param <T>         The type corresponding to the packagename
+     * @return The object of type {@link T} if the file exists, null if it does not
+     * @throws FileNotFoundException If the file was not found
+     * @throws JAXBException         If a parsing exception occurs
+     */
+    public static <T> T loadJAXifiedXML(String xmlFile, String packageName) throws FileNotFoundException, JAXBException {
+
+        File f = new File(xmlFile);
+
+        try {
+            InputStream is = new FileInputStream(f);
+            JAXBContext jc = JAXBContext.newInstance(packageName);
+            Unmarshaller u = jc.createUnmarshaller();
+            Object result = u.unmarshal(is);
+            is.close();
+            return (T) result;
+        } catch (FileNotFoundException ex) {
+            logger.error(xmlFile + " not found.");
+            return null;
+        } catch (IOException ex) {
+            logger.error("Error loading XML from " + xmlFile, ex);
+            return null;
+        }
+    }
+
+    /**
+     * Saves The object created with JAXB to an xml file
+     *
+     * @param xmlFile              The target file
+     * @param obj                  THe object to serialize
+     * @param createNewIfNecessary If true, a new file will be created if one does not exist
+     * @throws IOException   If an IOException occurs. May result in a mangled file
+     * @throws JAXBException If a JAXBException occurs. Will not result in a mangled file
+     */
+    public static void saveJAXifiedObject(String xmlFile, Object obj, boolean createNewIfNecessary) throws IOException, JAXBException {
+        // First write it into a ByteArrayOutputStream so JAXBExceptions don't result in a mangled original file
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        String packageName = obj.getClass().getPackage().getName();
+        JAXBContext jc = JAXBContext.newInstance(packageName, obj.getClass().getClassLoader());
+        Marshaller m = jc.createMarshaller();
+        m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+        m.marshal(obj, baos);
+
+        // Yay, not JAXBException. Now write to the file
+        File file = new File(xmlFile);
+
+        // Create a new file if necessary and allowed
+        if (!file.exists() && createNewIfNecessary) {
+            file.createNewFile();
+        } else {
+            File copied = new File(xmlFile + ".backup");
+            FileUtils.copyFile(file, copied);
+        }
+
+        OutputStream fos = new FileOutputStream(file);
+        // Write to the file
+        baos.writeTo(fos);
+        fos.flush();
+        fos.close();
+    }
+
+
+}
diff --git a/src/takserver-common/src/main/xsd/CoreConfig.xsd b/src/takserver-common/src/main/xsd/CoreConfig.xsd
index 810271f0..3ca31b05 100644
--- a/src/takserver-common/src/main/xsd/CoreConfig.xsd
+++ b/src/takserver-common/src/main/xsd/CoreConfig.xsd
@@ -20,6 +20,7 @@
         <xs:element ref="buffer" minOccurs="1"/>
         <xs:element ref="dissemination" minOccurs="1"/>
         <xs:element ref="certificateSigning" minOccurs="0"/>
+        <xs:element ref="logging" minOccurs="0"/>
         <xs:element ref="security" minOccurs="1"/>
         <xs:element ref="ferry" minOccurs="0"/>
         <xs:element ref="async" minOccurs="0"/>
@@ -95,6 +96,10 @@
       <xs:attribute name="takServerHost" type="xs:string"/>
       <xs:attribute name="useLinuxEpoll" type="xs:boolean" default="true"/>
       <xs:attribute name="allowAllOrigins" type="xs:boolean" default="false"/>
+      <xs:attribute name="allowOrigins" type="xs:string"/>
+      <xs:attribute name="allowMethods" type="xs:string" default="POST, PUT, GET, HEAD, OPTIONS, DELETE"/>
+      <xs:attribute name="allowHeaders" type="xs:string"/>
+      <xs:attribute name="allowCredentials" type="xs:boolean" default="false"/>
       <xs:attribute name="enableHSTS" type="xs:boolean" default="true"/>
       <xs:attribute name="esyncEnableCache" type="xs:int" default="-1"/>
       <xs:attribute name="esyncEnableCotFilter" type="xs:boolean" default="false"/>
@@ -161,7 +166,7 @@
             <xs:attribute name="userstring" type="xs:string" use="required"/>
             <xs:attribute name="updateinterval" type="xs:int" use="optional"/>
             <xs:attribute name="groupprefix" type="xs:string" default=""/>
-            <xs:attribute name="groupNameExtractorRegex" type="xs:string" default=""/>
+            <xs:attribute name="groupNameExtractorRegex" type="xs:string" default="CN=(.*?)(?:,|$)"/>
             <xs:attribute name="style" type="ldapStyle" use="required"/>
             <xs:attribute name="ldapSecurityType" type="ldapSecurityType" default="simple"/>
             <xs:attribute name="serviceAccountDN" type="xs:string" use="optional"/>
@@ -225,167 +230,85 @@
         <xs:documentation>Buffer and Cache Settings</xs:documentation>
       </xs:annotation>
       <xs:all>
+        <xs:element ref="queue" minOccurs="1"/>
         <xs:element name="latestSA" minOccurs="1" maxOccurs="1">
           <xs:complexType>
             <xs:attribute name="enable" type="xs:boolean" default="false"/>
           </xs:complexType>
         </xs:element>
-        <xs:element name="queue" minOccurs="1" maxOccurs="1">
+      </xs:all>
+    </xs:complexType>
+  </xs:element>
+
+  <xs:element name="queue">
+    <xs:complexType>
+      <xs:annotation>
+        <xs:documentation>Queue settings</xs:documentation>
+      </xs:annotation>
+      <xs:sequence>
+        <xs:element name="priority" minOccurs="0" maxOccurs="1">
           <xs:complexType>
             <xs:annotation>
-              <xs:documentation>Queue</xs:documentation>
+              <xs:documentation>Priority</xs:documentation>
             </xs:annotation>
-            <xs:sequence>
-              <xs:element name="priority" minOccurs="0" maxOccurs="1">
-                <xs:complexType>
-                  <xs:annotation>
-                    <xs:documentation>Priority</xs:documentation>
-                  </xs:annotation>
-                  <xs:attribute name="levels" type="xs:int" default="3"/>
-                </xs:complexType>
-              </xs:element>
-            </xs:sequence>
-            <xs:attribute name="monitor" type="xs:boolean" default="true"/>
-            <xs:attribute name="capacity" type="xs:int" default="2048"/>
-            <xs:attribute name="pubSubCapacity" type="xs:int" default="512"/>
-            <xs:attribute name="outboundCapacity" type="xs:int" default="4"/>
-            <xs:attribute name="inboundCapacity" type="xs:int" default="4096"/>
-            <xs:attribute name="codecWrapperCapacity" type="xs:int" default="2048"/>
-            <xs:attribute name="tcpWriteQueueCapacity" type="xs:int" default="32768"/>
-            <xs:attribute name="disconnectOnFull" type="xs:boolean" default="false"/>
-            <xs:attribute name="maxWriteQueueSize" type="xs:int" default="2048"/>
-            <xs:attribute name="defaultExecQueueSize" type="xs:int" default="1024"/>
-            <xs:attribute name="defaultMaxPoolSize" type="xs:int" default="8"/>
-            <xs:attribute name="defaultMaxPoolFactor" type="xs:int" default="2"/>
-            <xs:attribute name="messageWriteQueueSize" type="xs:int" default="32"/>
-            <xs:attribute name="messageWriteExecutorQueueSize" type="xs:int" default="16384"/>
-            <xs:attribute name="codecViewPendingCapacity" type="xs:int" default="2048"/>
-            <xs:attribute name="queueSizeInitial" type="xs:int" default="1"/>
-            <xs:attribute name="queueSizeIncrement" type="xs:int" default="2"/>
-            <xs:attribute name="coreExecutorCapacity" type="xs:int" default="32768"/>
-            <xs:attribute name="throwOnAssertionFail" type="xs:boolean" default="false"/>
-            <xs:attribute name="disconnectOnPendingExceeded" type="xs:boolean" default="true"/>
-            <xs:attribute name="flushInterval" type="xs:int" default="1000"/>
-            <xs:attribute name="websocketSendBufferSizeLimit" type="xs:int" default="65536"/>
-            <xs:attribute name="websocketMaxBinaryMessageBufferSize" type="xs:int" default="65536"/>
-            <xs:attribute name="websocketMaxSessionIdleTimeout" type="xs:long" default="-1"/>
-            <xs:attribute name="websocketSendTimeoutMs" type="xs:int" default="5000"/>
-            <xs:attribute name="missionUidLimit" type="xs:int" default="8192"/>
-            <xs:attribute name="missionContentLimit" type="xs:int" default="4096"/>
-            <xs:attribute name="nearCacheMaxSize" type="xs:int" default="0"/>
-            <xs:attribute name="cotCacheMaxSize" type="xs:int" default="0"/>
-            <xs:attribute name="cotCacheBatchSize" type="xs:int" default="-1"/>
-            <xs:attribute name="cotCacheMaxMemorySize" type="xs:int" default="-1"/>
-            <xs:attribute name="springCacheMaxSize" type="xs:int" default="-1"/>
-            <xs:attribute name="springCacheBatchSize" type="xs:int" default="-1"/>
-            <xs:attribute name="springCacheMaxMemorySize" type="xs:int" default="-1"/>
-            <xs:attribute name="springCacheSizeScalingFactor" type="xs:int" default="8"/>
-            <xs:attribute name="onHeapEnabled" type="xs:boolean" default="false"/>
-            <xs:attribute name="cacheOffHeapMaxSizeBytes" type="xs:long" default="-1">
-             <xs:annotation>
-              <xs:documentation>Explicity set the off-heap cache max size (bytes). -1 means autodetect.</xs:documentation>
-             </xs:annotation>
-            </xs:attribute>
-            <xs:attribute name="cacheOffHeapInitialSizeBytes" type="xs:long" default="-1">
-              <xs:annotation>
-                <xs:documentation>Explicity set the off-heap cache initial size (bytes). -1 means autodetect</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            <xs:attribute name="cacheOffHeapPercentageMax" type="xs:float" default="0.99">
-              <xs:annotation>
-                <xs:documentation>Set the autodetected off-heap cache max size as factor of messaging process Xmx (bytes).</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            <xs:attribute name="cacheOffHeapPercentageInitial" type="xs:float" default="0.29">
-              <xs:annotation>
-                <xs:documentation>Set the autodetected off-heap cache initial size as factor of messaging process Xmx (bytes).</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            <xs:attribute name="cacheOffHeapEvictionThreshold" type="xs:float" default="0.7"/>
-            <xs:attribute name="cacheLastTouchedExpiryMinutes" type="xs:int" default="10"/>
-            <xs:attribute name="enableCacheGroup" type="xs:boolean" default="true" />
-            <xs:attribute name="enableCacheGroupPerName" type="xs:boolean" default="false" />
-            <xs:attribute name="enableCacheWarmer" type="xs:boolean" default="false"/>
-            <xs:attribute name="ignitePoolSize" type="xs:int" default="-1"/>
-            <xs:attribute name="ignitePoolSizeMultiplier" type="xs:int" default="16">
-              <xs:annotation>
-                <xs:documentation>Set the multiplier for autodetected ignite thread pool size. The optimal value varies based on system capabilities (CPU core count).</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            
-            <xs:attribute name="igniteApiServerMode" type="xs:boolean" default="true">
-              <xs:annotation>
-                <xs:documentation>Run API micro-service in Ignite embedded server mode. If disabled, run in client mode.</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            
-            <xs:attribute name="ignitePoolSizeUseDefaultsForApi" type="xs:boolean" default="false">
-              <xs:annotation>
-                <xs:documentation>Use default ignite pool size for API process.</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            
-            <xs:attribute name="igniteDefaultSpiConnectionsPerNode" type="xs:boolean" default="false">
-              <xs:annotation>
-                <xs:documentation>Use default ignite settings for TCP SPI connections.</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            
-            <xs:attribute name="igniteExplicitSpiConnectionsPerNode" type="xs:int" default="-1">
-              <xs:annotation>
-                <xs:documentation>Explicitly set internal ignite option for TCP SPI connections. -1 means autodetect.</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            
-            <xs:attribute name="igniteFailureDetectionTimeoutSeconds" type="xs:long" default="600">
-              <xs:annotation>
-                <xs:documentation>Ignite critical thread blocked detection timeout.</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            
-            <xs:attribute name="igniteClientConnectionTimeoutSeconds" type="xs:long" default="300">
-              <xs:annotation>
-                <xs:documentation>Ignite client connection timeout.</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            
-            <xs:attribute name="igniteConnectionTimeoutSeconds" type="xs:long" default="300">
-              <xs:annotation>
-                <xs:documentation>Ignite connection timeout.</xs:documentation>
-              </xs:annotation>
-            </xs:attribute> 
-            
-            <xs:attribute name="cacheCotInRepository" type="xs:boolean" default="false"/> 
-            
-            <xs:attribute name="enableCachePersistence" type="xs:boolean" default="false"/> 
-            <xs:attribute name="messageTimestampCacheSizeItems" type="xs:long" default="-1"/> 
-            <xs:attribute name="enableStoreForwardChat" type="xs:boolean" default="false"/>
-            <xs:attribute name="storeForwardQueryBufferMs" type="xs:long" default="1000"/>
-            <xs:attribute name="storeForwardSendBufferMs" type="xs:long" default="200"/>
-            <xs:attribute name="enableClientEndpointCache" type="xs:boolean" default="true"/>
-            <xs:attribute name="contactCacheUpdateRateLimitSeconds" type="xs:long" default="5"/>
-            <xs:attribute name="contactCacheRecencyLimitSeconds" type="xs:long" default="86400"/>
-            <xs:attribute name="pluginDatafeedCacheSeconds" type="xs:int" default="300"/>
-            
-            <xs:attribute name="caffeineFileCacheSeconds" type="xs:int" default="120">
-              <xs:annotation>
-                <xs:documentation>Cache TTL for caffeine file cache (if enabled). Default 120 seconds.</xs:documentation>
-              </xs:annotation>
-            </xs:attribute>
-            
-           </xs:complexType>
+            <xs:attribute name="levels" type="xs:int" default="3"/>
+          </xs:complexType>
         </xs:element>
-      </xs:all>
-      <xs:attribute name="embeddedIgnite" type="xs:boolean" default="false"/>
-      <xs:attribute name="igniteMulticast" type="xs:boolean" default="false"/>
-      <xs:attribute name="igniteNonMulticastDiscoveryPort" default="47500" type="xs:int"/>
-      <xs:attribute name="igniteNonMulticastDiscoveryPortCount" default="100" type="xs:int"/>
-      <xs:attribute name="igniteCommunicationPort" default="47100" type="xs:int"/>
-      <xs:attribute name="igniteCommunicationPortCount" default="100" type="xs:int"/>
-      <xs:attribute name="igniteHost" default="127.0.0.1" type="xs:string"/>
-      <xs:attribute name="igniteWorkerTimeoutMilliseconds" default="2600000" type="xs:int"/>
+      </xs:sequence>
+      <xs:attribute name="pubSubCapacity" type="xs:int" default="512"/>
+      <xs:attribute name="outboundCapacity" type="xs:int" default="4"/>
+      <xs:attribute name="inboundCapacity" type="xs:int" default="4096"/>
+      <xs:attribute name="codecWrapperCapacity" type="xs:int" default="2048"/>
+      <xs:attribute name="tcpWriteQueueCapacity" type="xs:int" default="32768"/>
+      <xs:attribute name="disconnectOnFull" type="xs:boolean" default="false"/>
+      <xs:attribute name="maxWriteQueueSize" type="xs:int" default="2048"/>
+      <xs:attribute name="defaultExecQueueSize" type="xs:int" default="1024"/>
+      <xs:attribute name="defaultMaxPoolSize" type="xs:int" default="8"/>
+      <xs:attribute name="defaultMaxPoolFactor" type="xs:int" default="2"/>
+      <xs:attribute name="messageWriteQueueSize" type="xs:int" default="32"/>
+      <xs:attribute name="messageWriteExecutorQueueSize" type="xs:int" default="16384"/>
+      <xs:attribute name="codecViewPendingCapacity" type="xs:int" default="2048"/>
+      <xs:attribute name="queueSizeInitial" type="xs:int" default="1"/>
+      <xs:attribute name="queueSizeIncrement" type="xs:int" default="2"/>
+      <xs:attribute name="queueSizeMaxCapacity" type="xs:int" default="2048"/>
+      <xs:attribute name="coreExecutorCapacity" type="xs:int" default="32768"/>
+      <xs:attribute name="throwOnAssertionFail" type="xs:boolean" default="false"/>
+      <xs:attribute name="disconnectOnPendingExceeded" type="xs:boolean" default="true"/>
+      <xs:attribute name="flushInterval" type="xs:int" default="1000"/>
+      <xs:attribute name="websocketSendBufferSizeLimit" type="xs:int" default="65536"/>
+      <xs:attribute name="websocketMaxBinaryMessageBufferSize" type="xs:int" default="65536"/>
+      <xs:attribute name="websocketMaxSessionIdleTimeout" type="xs:long" default="-1"/>
+      <xs:attribute name="websocketSendTimeoutMs" type="xs:int" default="5000"/>
+      <xs:attribute name="missionUidLimit" type="xs:int" default="8192"/>
+      <xs:attribute name="missionContentLimit" type="xs:int" default="4096"/>
+      <xs:attribute name="nearCacheMaxSize" type="xs:int" default="0"/>
+      <xs:attribute name="cotCacheMaxSize" type="xs:int" default="0"/>
+      <xs:attribute name="cotCacheBatchSize" type="xs:int" default="-1"/>
+      <xs:attribute name="cotCacheMaxMemorySize" type="xs:int" default="-1"/>
+      <xs:attribute name="springCacheMaxSize" type="xs:int" default="-1"/>
+      <xs:attribute name="springCacheBatchSize" type="xs:int" default="-1"/>
+      <xs:attribute name="springCacheMaxMemorySize" type="xs:int" default="-1"/>
+      <xs:attribute name="springCacheSizeScalingFactor" type="xs:int" default="8"/>
+      <xs:attribute name="onHeapEnabled" type="xs:boolean" default="false"/>
+      <xs:attribute name="cacheLastTouchedExpiryMinutes" type="xs:int" default="10"/>
+      <xs:attribute name="enableCacheGroup" type="xs:boolean" default="true" />
+      <xs:attribute name="enableCacheGroupPerName" type="xs:boolean" default="false" />
+      <xs:attribute name="enableCacheWarmer" type="xs:boolean" default="false"/>
+      <xs:attribute name="cacheCotInRepository" type="xs:boolean" default="false"/>
+      <xs:attribute name="messageTimestampCacheSizeItems" type="xs:long" default="-1"/>
+      <xs:attribute name="enableStoreForwardChat" type="xs:boolean" default="false"/>
+      <xs:attribute name="storeForwardQueryBufferMs" type="xs:long" default="1000"/>
+      <xs:attribute name="storeForwardSendBufferMs" type="xs:long" default="200"/>
+      <xs:attribute name="enableClientEndpointCache" type="xs:boolean" default="true"/>
+      <xs:attribute name="contactCacheUpdateRateLimitSeconds" type="xs:long" default="5"/>
+      <xs:attribute name="contactCacheRecencyLimitSeconds" type="xs:long" default="86400"/>
+      <xs:attribute name="pluginDatafeedCacheSeconds" type="xs:int" default="300"/>
+      <xs:attribute name="caffeineFileCacheSeconds" type="xs:int" default="120">
+        <xs:annotation>
+          <xs:documentation>Cache TTL for caffeine file cache (if enabled). Default 120 seconds.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
     </xs:complexType>
-
   </xs:element>
 
   <xs:element name="submission">
@@ -559,6 +482,17 @@
     </xs:complexType>
   </xs:element>
 
+  <xs:element name="logging">
+    <xs:complexType>
+      <xs:annotation>
+        <xs:documentation>Logging Configuration</xs:documentation>
+      </xs:annotation>
+      <xs:attribute name="jsonFormatEnabled" type="xs:boolean" default="false"/>
+      <xs:attribute name="auditLoggingEnabled" type="xs:boolean" default="false"/>
+      <xs:attribute name="prettyLoggingEnabled" type="xs:boolean" default="false"/>
+    </xs:complexType>
+  </xs:element>
+
   <xs:element name="security">
     <xs:complexType>
       <xs:annotation>
@@ -656,6 +590,7 @@
         </xs:element>
       </xs:sequence>
       <xs:attribute name="oauthAddAnonymous" type="xs:boolean" default="false"/>
+      <xs:attribute name="oauthUseGroupCache" type="xs:boolean" default="false"/>
       <xs:attribute name="useTakServerLoginPage" type="xs:boolean" default="false"/>
       <xs:attribute name="readOnlyGroup" type="xs:string" use="optional"/>
       <xs:attribute name="readGroupSuffix" type="xs:string" default="_READ"/>
@@ -961,7 +896,7 @@
               </xs:annotation>
             </xs:attribute>
             <xs:attribute name="initializationDelaySeconds" type="xs:int" default="30"/>
-            <xs:attribute name="maxMessageSizeBytes" type="xs:int" default="1073741824"/>
+            <xs:attribute name="maxMessageSizeBytes" type="xs:int" default="268435456"/>
           </xs:complexType>
         </xs:element>
 
@@ -1076,7 +1011,12 @@
                 <xs:annotation>
                   <xs:documentation>How many hops a federate message can make</xs:documentation>
                 </xs:annotation>
-              </xs:attribute>	              	
+              </xs:attribute>	  
+              <xs:attribute name="fallbackWhenNoGroupMappings" type="xs:boolean" default="false">
+                <xs:annotation>
+                  <xs:documentation>How many hops a federate message can make</xs:documentation>
+                </xs:annotation>
+              </xs:attribute>	            	
             </xs:complexType>
           </xs:element>
         </xs:sequence>
@@ -1314,6 +1254,9 @@
             default="true" />
         <xs:attribute name="binaryPayloadWebsocketOnly" type="xs:boolean"
             default="false" />
+        <xs:attribute name="quicConnectionTimeoutSeconds" type="xs:long"
+            default="90" />
+            
 	</xs:complexType>
 	
 	<xs:complexType name="dataFeed">
@@ -1375,6 +1318,7 @@
       <xs:attribute name="ismConnectTimeoutSeconds" type="xs:long" default="-1"/>
       <xs:attribute name="ismReadTimeoutSeconds" type="xs:long" default="-1"/>
       <xs:attribute name="ismStrictEnforcing" type="xs:boolean" default="false"/>
+      <xs:attribute name="networkClassification" type="xs:string" />
     </xs:complexType>
   </xs:element>
 
diff --git a/src/takserver-common/src/main/xsd/TAKCLCommon.xsd b/src/takserver-common/src/main/xsd/TAKCLCommon.xsd
index b85b8a02..a84fd859 100644
--- a/src/takserver-common/src/main/xsd/TAKCLCommon.xsd
+++ b/src/takserver-common/src/main/xsd/TAKCLCommon.xsd
@@ -15,8 +15,10 @@
       <xs:attribute name="modelServerDir" type="xs:string" use="required"/>
       <xs:attribute name="jarName" type="xs:string" use="required"/>
       <xs:attribute name="configFile" type="xs:string" default="CoreConfig.xml"/>
+      <xs:attribute name="TAKIgniteConfigFile" type="xs:string" default="TAKIgniteConfig.xml"/>
       <xs:attribute name="userFile" type="xs:string" default="UserAuthenticationFile.xml"/>
       <xs:attribute name="cleanConfigFile" type="xs:string" default="CoreConfig.example.xml"/>
+      <xs:attribute name="cleanTAKIgniteConfigFile" type="xs:string" default="TAKIgniteConfig.example.xml"/>
       <xs:attribute name="serverFarmDir" type="xs:string" use="required"/>
       <xs:attribute name="certificateDirectory" type="xs:string" use="required"/>
       <xs:attribute name="certToolDirectory" type="xs:string"/>
diff --git a/src/takserver-common/src/main/xsd/TAKIgniteConfig.xsd b/src/takserver-common/src/main/xsd/TAKIgniteConfig.xsd
new file mode 100644
index 00000000..10e83682
--- /dev/null
+++ b/src/takserver-common/src/main/xsd/TAKIgniteConfig.xsd
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  Schema for TAK Server Configuration
+-->
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+           targetNamespace="http://bbn.com/marti/xml/config"
+           xmlns="http://bbn.com/marti/xml/config"
+           elementFormDefault="qualified">
+  <xs:element name="TAKIgniteConfiguration">
+    <xs:complexType>
+      <xs:annotation>
+        <xs:documentation>TAK Ignite Settings</xs:documentation>
+      </xs:annotation>
+      <xs:attribute name="clusterEnabled" type="xs:boolean" default="false" />
+      <xs:attribute name="clusterKubernetes" type="xs:boolean" default="false" />
+      <xs:attribute name="embeddedIgnite" type="xs:boolean" default="false"/>
+      <xs:attribute name="igniteMulticast" type="xs:boolean" default="false"/>
+      <xs:attribute name="igniteNonMulticastDiscoveryPort" default="47500" type="xs:int"/>
+      <xs:attribute name="igniteNonMulticastDiscoveryPortCount" default="100" type="xs:int"/>
+      <xs:attribute name="igniteCommunicationPort" default="47100" type="xs:int"/>
+      <xs:attribute name="igniteCommunicationPortCount" default="100" type="xs:int"/>
+      <xs:attribute name="igniteHost" default="127.0.0.1" type="xs:string"/>
+      <xs:attribute name="igniteWorkerTimeoutMilliseconds" default="2600000" type="xs:long"/>
+      <xs:attribute name="cacheOffHeapMaxSizeBytes" type="xs:long" default="-1">
+        <xs:annotation>
+          <xs:documentation>Explicity set the off-heap cache max size (bytes). -1 means autodetect.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="cacheOffHeapInitialSizeBytes" type="xs:long" default="-1">
+        <xs:annotation>
+          <xs:documentation>Explicity set the off-heap cache initial size (bytes). -1 means autodetect</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="cacheOffHeapPercentageMax" type="xs:float" default="0.99">
+        <xs:annotation>
+          <xs:documentation>Set the autodetected off-heap cache max size as factor of messaging process Xmx (bytes).</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="cacheOffHeapPercentageInitial" type="xs:float" default="0.29">
+        <xs:annotation>
+          <xs:documentation>Set the autodetected off-heap cache initial size as factor of messaging process Xmx (bytes).</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="cacheOffHeapEvictionThreshold" type="xs:float" default="0.7"/>
+      <xs:attribute name="capacity" type="xs:int" default="2048"/>
+      <xs:attribute name="ignitePoolSize" type="xs:int" default="-1"/>
+      <xs:attribute name="ignitePoolSizeMultiplier" type="xs:int" default="16">
+        <xs:annotation>
+          <xs:documentation>Set the multiplier for autodetected ignite thread pool size. The optimal value varies based on system capabilities (CPU core count).</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="igniteApiServerMode" type="xs:boolean" default="true">
+        <xs:annotation>
+          <xs:documentation>Run API micro-service in Ignite embedded server mode. If disabled, run in client mode.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="ignitePoolSizeUseDefaultsForApi" type="xs:boolean" default="false">
+        <xs:annotation>
+          <xs:documentation>Use default ignite pool size for API process.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="igniteDefaultSpiConnectionsPerNode" type="xs:boolean" default="false">
+        <xs:annotation>
+          <xs:documentation>Use default ignite settings for TCP SPI connections.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="igniteExplicitSpiConnectionsPerNode" type="xs:int" default="-1">
+        <xs:annotation>
+          <xs:documentation>Explicitly set internal ignite option for TCP SPI connections. -1 means autodetect.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="igniteFailureDetectionTimeoutSeconds" type="xs:long" default="600">
+        <xs:annotation>
+          <xs:documentation>Ignite critical thread blocked detection timeout.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="igniteClientConnectionTimeoutSeconds" type="xs:long" default="300">
+        <xs:annotation>
+          <xs:documentation>Ignite client connection timeout.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="igniteConnectionTimeoutSeconds" type="xs:long" default="300">
+        <xs:annotation>
+          <xs:documentation>Ignite connection timeout.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="enableCachePersistence" type="xs:boolean" default="false"/>
+    </xs:complexType>
+  </xs:element>
+</xs:schema>
diff --git a/src/takserver-common/src/main/xsd/XmlBindings.xjb b/src/takserver-common/src/main/xsd/XmlBindings.xjb
index 99dcb2fc..17da9b41 100644
--- a/src/takserver-common/src/main/xsd/XmlBindings.xjb
+++ b/src/takserver-common/src/main/xsd/XmlBindings.xjb
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<jxb:bindings xmlns:jxb="http://java.sun.com/xml/ns/jaxb" jxb:version="2.0"
+<jxb:bindings xmlns:jxb="https://jakarta.ee/xml/ns/jaxb" jxb:version="3.0"
               xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc">
 
   <jxb:globalBindings>
diff --git a/src/takserver-core/build.gradle b/src/takserver-core/build.gradle
index 49a8dece..02f5dd21 100644
--- a/src/takserver-core/build.gradle
+++ b/src/takserver-core/build.gradle
@@ -10,7 +10,6 @@ import java.nio.file.Paths
 apply plugin: 'eclipse'
 apply plugin: 'idea'
 apply plugin: 'org.springframework.boot'
-apply plugin: 'io.spring.dependency-management'
 apply plugin: 'war'
 
 
@@ -24,8 +23,9 @@ group = 'tak'
 
 task copyCoreExample(type: Copy, dependsOn: build) {
     from file('example/')
-    include 'CoreConfig.example.cluster.xml', 'UserAuthenticationFile.cluster.xml', 'logging-restrictsize.xml'
+    include 'TAKIgniteConfig.example.cluster.xml', 'CoreConfig.example.cluster.xml', 'UserAuthenticationFile.cluster.xml', 'logging-restrictsize.xml'
     into "$buildDir/cluster/"
+    rename('TAKIgniteConfig.example.cluster.xml', 'TAKIgniteConfig.xml')
     rename('CoreConfig.example.cluster.xml', 'CoreConfig.xml')
     rename('UserAuthenticationFile.cluster.xml', 'UserAuthenticationFile.xml')
 }
@@ -105,7 +105,7 @@ task copyVerFile(type: Copy) {
 writeVerFile.dependsOn compileJava
 copyVerFile.dependsOn writeVerFile
 compileTestJava.dependsOn copyVerFile
-bootWarMainClassName.dependsOn copyVerFile
+// bootWarMainClassName.dependsOn copyVerFile
 test.dependsOn compileIntegrationTestJava
 processResources.dependsOn copyVerFile
 bootWar.dependsOn copyVerFile
@@ -113,6 +113,9 @@ bootJar.dependsOn copyVerFile
 bootWar.dependsOn test
 bootWar.dependsOn ":takserver-tool-ui:deployToCore"
 
+springBoot {
+    mainClass = "tak.server.ServerConfiguration" // Is it correct?
+}
 
 bootWar {
     enabled = true
@@ -146,6 +149,10 @@ dependencies {
   implementation "io.netty:netty-tcnative-boringssl-static:$netty_tcnative_version:osx-aarch_64"
   implementation "io.netty:netty-tcnative-boringssl-static:$netty_tcnative_version:windows-x86_64"
 
+  implementation "io.netty.incubator:netty-incubator-codec-native-quic:$netty_quic_version:linux-x86_64"
+  implementation "io.netty.incubator:netty-incubator-codec-native-quic:$netty_quic_version:osx-x86_64"
+  implementation "io.netty.incubator:netty-incubator-codec-native-quic:$netty_quic_version:windows-x86_64"
+
   implementation group: 'io.netty', name: 'netty-tcnative-classes', version: netty_tcnative_version
 
 //  implementation group: 'io.netty', name: 'netty-tcnative-boringssl-static', version: netty_tcnative_version
@@ -164,7 +171,7 @@ dependencies {
   // required to fix version conflict for h2 between ignite and spring boot
   implementation group: 'com.h2database', name: 'h2', version: h2_version
 
-  implementation group: 'javax.cache', name: 'cache-api', version: '1.1.1'
+  // implementation group: 'javax.cache', name: 'cache-api', version: '1.1.1'
 
   api(project(':takserver-core:takserver-war')) {
     exclude group: 'ch.qos.logback', module: 'logback-classic'
@@ -173,10 +180,12 @@ dependencies {
     // Added to exclude dom4j 1.6.1, a transitive dependency
     exclude group: 'dom4j', module: 'dom4j'
   }
+
   implementation project(':takserver-common')
   implementation project(':federation-common')
 
-  implementation group: 'org.locationtech.spatial4j', name: 'spatial4j', version: '0.6'
+  //implementation group: 'org.locationtech.spatial4j', name: 'spatial4j', version: '0.8'
+  //implementation group: 'org.locationtech.jts', name: 'jts-core', version: jts_version
 
   implementation group: 'org.dom4j', name: 'dom4j', version: dom4j_version
   implementation group: 'com.google.code.gson', name: 'gson', version: gson_version
@@ -192,12 +201,10 @@ dependencies {
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: spring_boot_version
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-cache', version: spring_boot_version
 
-  implementation group: 'io.micrometer', name: 'micrometer-core'
-
-
+  implementation group: 'io.micrometer', name: 'micrometer-core', version: micrometer_version
 
   // cloudwatch metrics
-  implementation group: 'io.micrometer', name: 'micrometer-registry-cloudwatch', version: micrometer_cloudwatch_version
+  implementation group: 'io.micrometer', name: 'micrometer-registry-cloudwatch', version: micrometer_version
 
   implementation group: 'org.slf4j', name: 'log4j-over-slf4j', version: slf4j_version
   implementation group: 'org.slf4j', name: 'jul-to-slf4j', version: slf4j_version
@@ -211,8 +218,9 @@ dependencies {
   implementation group: 'org.apache.tomcat', name: 'tomcat-annotations-api', version: tomcat_version
 
 
-  implementation group: 'javax.servlet', name: 'jstl'
-  implementation group: 'javax.mail', name: 'javax.mail-api'
+  //implementation group: 'javax.servlet', name: 'jstl', version: jstl_version
+  //implementation group: 'javax.mail', name: 'javax.mail-api', version: mail_api_version
+  implementation group: 'jakarta.mail', name: 'jakarta.mail-api', version: jakarta_mail_api_version
   implementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: tomcat_version
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-tomcat', version: spring_boot_version
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa', version: spring_boot_version
@@ -223,26 +231,32 @@ dependencies {
   implementation group: 'org.springframework.security', name: 'spring-security-config', version: spring_security_version
   implementation group: 'org.springframework.security', name: 'spring-security-messaging', version: spring_security_version
   implementation group: 'org.springframework.security', name: 'spring-security-web', version: spring_security_version
-  implementation group: 'org.hibernate', name: 'hibernate-core', version: hibernate_version
-  implementation group: 'org.hibernate', name: 'hibernate-entitymanager', version: hibernate_version
-
+  //implementation group: 'org.hibernate', name: 'hibernate-core', version: hibernate_version
+  //implementation group: 'org.hibernate', name: 'hibernate-entitymanager', version: hibernate_version
+  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-authorization-server', version: spring_security_oauth2_authorization_server_version
+  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-core', version: spring_security_version
+  
+  implementation group: 'org.hibernate.orm', name: 'hibernate-core', version: hibernate_version
+  implementation group: 'org.hibernate.orm', name: 'hibernate-entitymanager', version: hibernate_entitymanager_version
+  
   implementation group: 'org.postgresql', name: 'postgresql', version: postgres_version
 
-
   // core deps
 
   implementation group: 'commons-codec', name: 'commons-codec', version: commons_codec_version
   implementation 'org.apache.commons:commons-lang3:' + commons_lang_version
   implementation group: 'commons-collections', name: 'commons-collections', version: '3.2.2'
-  implementation group: 'org.apache.httpcomponents', name: 'fluent-hc', version: httpcomponents_version
-  implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: httpcomponents_version
-  implementation group: 'org.apache.httpcomponents', name: 'httpmime', version: httpcomponents_version
-
+  //implementation group: 'org.apache.httpcomponents', name: 'fluent-hc', version: httpcomponents_version
+  //implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: httpcomponents_version
+  //implementation group: 'org.apache.httpcomponents', name: 'httpmime', version: httpcomponents_version
 
+  implementation group: 'org.apache.httpcomponents.client5', name: 'httpclient5', version: httpcomponents_version
+  implementation group: 'org.apache.httpcomponents.client5', name: 'httpclient5-fluent', version: httpcomponents_version
+  implementation group: 'org.apache.httpcomponents', name: 'httpmime', version: httpcomponents_httpmime_version
 
   // nats message queue
   implementation group: 'io.nats', name: 'jnats', version: nats_version
-
+  
     // apache ignite (cache and distributed service grid)
   testImplementation group: 'org.apache.ignite', name: 'ignite-indexing', version: ignite_version
   testImplementation group: 'org.apache.ignite', name: 'ignite-kubernetes', version: ignite_version
@@ -252,7 +266,7 @@ dependencies {
   testImplementation group: 'junit', name: 'junit', version: junit_version
   testImplementation group: 'org.mockito', name: 'mockito-core', version: mockito_version
 
-  testImplementation("org.springframework.boot:spring-boot-starter-test") {
+  testImplementation("org.springframework.boot:spring-boot-starter-test:$spring_boot_version") {
     exclude group: "com.vaadin.external.google", module:"android-json"
   }
 
@@ -272,6 +286,10 @@ dependencies {
   integrationTestImplementation group: 'com.h2database', name: 'h2', version: h2_version
   integrationTestImplementation group: 'xerces', name: 'xercesImpl', version: xerces_version
 
+  implementation group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: jakarta_xml_bind_api_version	
+
+  //implementation group: 'org.springframework.security', name: 'spring-security-oauth2-authorization-server', version: '1.1.2'
+
 
 }
 
@@ -353,3 +371,9 @@ project.tasks.named("processIntegrationTestResources") {
     // This duplication strategy de-conflicts logback-test.xml conflict for processIntegrationTestResources task
     duplicatesStrategy = DuplicatesStrategy.EXCLUDE
 }
+
+configurations {
+    all {
+        exclude group: 'commons-logging', module: 'commons-logging'
+    }
+}
diff --git a/src/takserver-core/docker/configureInDocker.sh b/src/takserver-core/docker/configureInDocker.sh
index fc23741d..cc143e5a 100755
--- a/src/takserver-core/docker/configureInDocker.sh
+++ b/src/takserver-core/docker/configureInDocker.sh
@@ -6,6 +6,7 @@ fi
 
 cd /opt/tak
 . ./setenv.sh
+java -jar -Xmx${CONFIG_MAX_HEAP}m -Dspring.profiles.active=config takserver.war &
 java -jar -Xmx${MESSAGING_MAX_HEAP}m -Dspring.profiles.active=messaging takserver.war &
 java -jar -Xmx${API_MAX_HEAP}m -Dspring.profiles.active=api -Dkeystore.pkcs12.legacy takserver.war &
 java -jar -Xmx${RETENTION_MAX_HEAP}m takserver-retention.jar &
diff --git a/src/takserver-core/docker/full/docker_entrypoint.sh b/src/takserver-core/docker/full/docker_entrypoint.sh
index edbeb1ac..66dd3158 100644
--- a/src/takserver-core/docker/full/docker_entrypoint.sh
+++ b/src/takserver-core/docker/full/docker_entrypoint.sh
@@ -5,7 +5,8 @@ set -e
 TR=/opt/tak
 CR=${TR}/certs
 CONFIG=${TR}/data/CoreConfig.xml
-
+TAKIGNITECONFIG=${TR}/data/TAKIgniteConfig.xml
+CONFIG_PID=null
 MESSAGING_PID=null
 API_PID=null
 PM_PID=null
@@ -20,6 +21,11 @@ check_env_var() {
 
 kill() {
 	echo Please wait a moment. It may take serveral seconds to fully shut down TAKServer.
+
+    if [ $CONFIG_PID != null ];then
+        kill $CONFIG_PID
+    fi
+
     if [ $MESSAGING_PID != null ];then
         kill $MESSAGING_PID
     fi
@@ -31,6 +37,7 @@ kill() {
     if [ $PM_PID != null ];then
         kill $PM_PID
     fi
+
 }
 
 trap kill SIGINT
@@ -77,6 +84,19 @@ else
 	echo Using existing CoreConfig.xml.
 fi
 
+# Seed initial TAKIgniteConfig.xml if necessary
+if [[ ! -f "${TAKIGNITECONFIG}" ]];then
+	echo Copying initial TAKIgniteConfig.xml
+	if [[ -f "${TR}/TAKIgniteConfig.xml" ]];then
+		cp ${TR}/TAKIgniteConfig.xml ${TAKIGNITECONFIG}
+		mv ${TR}/TAKIgniteConfig.xml ${TR}/CoreConfig.xml.orig
+	else
+		cp ${TR}/TAKIgniteConfig.example.xml ${TAKIGNITECONFIG}
+	fi
+else
+	echo Using existing TAKIgniteConfig.xml.
+fi
+
 # Symlink the log directory
 ln -s "${TR}/data/logs" "${TR}/logs"
 
@@ -123,6 +143,8 @@ cd ${TR}
 
 . ./setenv.sh
 
+java -jar -Xmx${CONFIG_MAX_HEAP}m -Dspring.profiles.active=config takserver.war &
+CONFIG_PID=$!
 java -jar -Xmx${MESSAGING_MAX_HEAP}m -Dspring.profiles.active=messaging takserver.war &
 MESSAGING_PID=$!
 java -jar -Xmx${API_MAX_HEAP}m -Dspring.profiles.active=api -Dkeystore.pkcs12.legacy takserver.war &
@@ -135,8 +157,12 @@ echo  -e "\033[33;5mWAITING FOR THE SERVER TO START UP BEFORE ADDING THE ADMIN U
 
 # Give some time for the server to start up
 sleep 44
-TAKCL_CORECONFIG_PATH="${CONFIG}" java -jar /opt/tak/utils/UserManager.jar certmod -A "/opt/tak/certs/files/${ADMIN_CERT_NAME}.pem"
+TAKCL_CORECONFIG_PATH="${CONFIG}"
+TAKCL_TAKIGNITECONFIG_PATH="${TAKIGNITECONFIG}"
+java -jar /opt/tak/utils/UserManager.jar certmod -A "/opt/tak/certs/files/${ADMIN_CERT_NAME}.pem"
 
 echo ADMIN USER ADDED
 
-sleep infinity
+# Doing a wait is cleaner than using sleep and will simply exit as soon the PluginManager
+# process completes.   No need to "kill" the process.
+wait $PM_PID
diff --git a/src/takserver-core/docker/hardened/Dockerfile.ca b/src/takserver-core/docker/hardened/Dockerfile.ca
index 348ac3f1..f8c6891b 100644
--- a/src/takserver-core/docker/hardened/Dockerfile.ca
+++ b/src/takserver-core/docker/hardened/Dockerfile.ca
@@ -1,9 +1,32 @@
-# need java for keytool
-FROM eclipse-temurin:17-jammy
-RUN apt update && \
-	apt install -y apt-utils && \
-    apt install -y openssl && \
-    apt install -y vim
+## Environment variables outside image context. These will be available until the first FROM statement.
+ARG BASE_REGISTRY=registry1.dso.mil
+ARG BASE_DEPLOY_IMAGE=ironbank/redhat/openjdk/openjdk17
+ARG BASE_DEPLOY_TAG=1.17
+
+####################################################################################################
+
+## Base deploy image
+FROM ${BASE_REGISTRY}/${BASE_DEPLOY_IMAGE}:${BASE_DEPLOY_TAG} as deploy_container
+
+USER root
+
+# Upgrade first
+RUN dnf -y upgrade --nodocs \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf
+
+COPY tak/security/*.rpm .
+# Install EPEL 8 repo
+RUN rpm -Uvh epel-release-latest-8.noarch.rpm
+
+# Install dependencies
+RUN dnf update -y --disableplugin=subscription-manager --nodocs \
+    && dnf install -y --disableplugin=subscription-manager --nodocs \
+           openssl \
+           vim \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf
+
 
 RUN useradd -g 0 -u 1001 tak \
     && usermod -a -G root tak
diff --git a/src/takserver-core/docker/hardened/full/docker_entrypoint.sh b/src/takserver-core/docker/hardened/full/docker_entrypoint.sh
index bb1ff1bd..60fa88d7 100644
--- a/src/takserver-core/docker/hardened/full/docker_entrypoint.sh
+++ b/src/takserver-core/docker/hardened/full/docker_entrypoint.sh
@@ -5,7 +5,10 @@ TAKDIR=/opt/tak
 CERTDIR=${TAKDIR}/certs
 EXCONFIGFILE=${TAKDIR}/CoreConfig.example.xml
 CONFIGFILE=${TAKDIR}/CoreConfig.xml
+EXTAKIGNITECONFIGFILE=${TAKDIR}/TAKIgniteConfig.example.xml
+TAKIGNITECONFIGFILE=${TAKDIR}/TAKIgniteConfig.xml
 
+CONFIG_PID=null
 MESSAGING_PID=null
 API_PID=null
 PM_PID=null
@@ -20,6 +23,10 @@ check_env_var() {
 
 killall() {
     echo Please wait a moment. It may take serveral seconds to fully shut down TAKServer.
+    if [ $CONFIG_PID != null ];then
+        kill $CONFIG_PID
+    fi
+
     if [ $MESSAGING_PID != null ];then
         kill $MESSAGING_PID
     fi
@@ -53,6 +60,11 @@ if [[ -f "${CONFIGFILE}" ]];then
   EXCONFIGFILE=${CONFIGFILE}
 fi
 
+# If just regenerating the certs.  Variables will need to be updated beforehand.
+if [[ -f "${TAKIGNITECONFIGFILE}" ]];then
+  EXTAKIGNITECONFIGFILE=${TAKIGNITECONFIGFILE}
+fi
+
 if [[ ! -d "${CERTDIR}/files" ]];then
     mkdir "${CERTDIR}/files"
 fi
@@ -111,6 +123,8 @@ if [[ -z "$(ls -A "${CERTDIR}/files")" ]];then
    . ./setenv.sh
 
    echo "Starting the Server in order to add the ADMIN user."
+   java -jar -Xmx${CONFIG_MAX_HEAP}m -Dspring.profiles.active=config takserver.war &
+   CONFIG_PID=$!
    java -jar -Xmx${MESSAGING_MAX_HEAP}m -Dspring.profiles.active=messaging takserver.war &
    MESSAGING_PID=$!
    java -jar -Xmx${API_MAX_HEAP}m -Dspring.profiles.active=api -Dkeystore.pkcs12.legacy takserver.war &
@@ -121,6 +135,7 @@ if [[ -z "$(ls -A "${CERTDIR}/files")" ]];then
 
    echo "Waiting to allow the server to start up"
    sleep 60
+   TAKCL_TAKIGNITECONFIG_PATH="${TAKIGNITECONFIGFILE}"
    TAKCL_CORECONFIG_PATH="${CONFIGFILE}"
    echo "Adding ADMIN certs"
    java -jar ${TAKDIR}/utils/UserManager.jar certmod -A "${CERTDIR}/files/${ADMIN_CERT_NAME}.pem"
@@ -146,6 +161,8 @@ echo "PostgreSQL and PGPool started"
 echo "Starting TAK Server ..."
 cd ${TAKDIR}
 . ./setenv.sh
+java -jar -Xmx${CONFIG_MAX_HEAP}m -Dspring.profiles.active=config takserver.war &
+CONFIG_PID=$!
 java -jar -Xmx${MESSAGING_MAX_HEAP}m -Dspring.profiles.active=messaging takserver.war &
 MESSAGING_PID=$!
 java -jar -Xmx${API_MAX_HEAP}m -Dspring.profiles.active=api -Dkeystore.pkcs12.legacy takserver.war &
diff --git a/src/takserver-core/example/CoreConfig.example.xml b/src/takserver-core/example/CoreConfig.example.xml
index 9289f913..bed863cf 100644
--- a/src/takserver-core/example/CoreConfig.example.xml
+++ b/src/takserver-core/example/CoreConfig.example.xml
@@ -7,8 +7,8 @@
 		<!-- <input _name="stdudp" protocol="udp" port="8087" auth="anonymous"/> -->
 		<!-- <input _name="streamtcp" protocol="stcp" port="8088" auth="anonymous"/> -->
 		<!-- <input _name="stdtcp" protocol="tcp" port="8087" auth="anonymous"/> -->
-		<!-- <input _name="SAproxy" protocol="mcast" group="239.2.3.1" port="6969" proxy="true" auth="anonymous" /> -->
-		<!-- <input _name="GeoChatproxy" protocol="mcast" group="224.10.10.1" port="17012" proxy="true" auth="anonymous" /> -->
+		<!-- <input _name="SAproxy" protocol="mcast" group="239.2.3.1" port="6969" auth="anonymous" /> -->
+		<!-- <input _name="GeoChatproxy" protocol="mcast" group="224.10.10.1" port="17012" auth="anonymous" /> -->
 		<!--<announce enable="true" uid="Marti1" group="239.2.3.1" port="6969" interval="1" ip="192.168.1.137" />-->
 		 <!--<input _name="stdssl" protocol="tls" port="8089"/>-->
 		 <!--<input _name="sslauth" protocol="tls" port="8090" auth="ldap"/> -->
diff --git a/src/takserver-core/example/TAKIgniteConfig.example.cluster.xml b/src/takserver-core/example/TAKIgniteConfig.example.cluster.xml
new file mode 100644
index 00000000..36b10ecd
--- /dev/null
+++ b/src/takserver-core/example/TAKIgniteConfig.example.cluster.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<TAKIgniteConfiguration xmlns="http://bbn.com/marti/xml/config"
+                        clusterEnabled="true"
+                        clusterKubernetes="true"/>
diff --git a/src/takserver-core/example/TAKIgniteConfig.example.xml b/src/takserver-core/example/TAKIgniteConfig.example.xml
new file mode 100644
index 00000000..4d434fee
--- /dev/null
+++ b/src/takserver-core/example/TAKIgniteConfig.example.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<TAKIgniteConfiguration xmlns="http://bbn.com/marti/xml/config">
+</TAKIgniteConfiguration>
diff --git a/src/takserver-core/oas/redoc.html b/src/takserver-core/oas/redoc.html
new file mode 100644
index 00000000..8bf5b082
--- /dev/null
+++ b/src/takserver-core/oas/redoc.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>TAK Server Redoc</title>
+    <!-- needed for adaptive design -->
+    <meta charset="utf-8"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link href="https://fonts.googleapis.com/css?family=Montserrat:300,400,700|Roboto:300,400,700" rel="stylesheet">
+
+    <!--
+    Redoc doesn't change outer page styles
+    -->
+    <style>
+      body {
+        margin: 0;
+        padding: 0;
+      }
+
+    </style>
+</head>
+<body>
+    <!-- Expects openapispec.json in same directory as this html file -->
+    <redoc spec-url='openapispec.json'></redoc>
+    <script src="https://cdn.redoc.ly/redoc/latest/bundles/redoc.standalone.js"></script>
+</body>
+</html>
diff --git a/src/takserver-core/oas/swagger.html b/src/takserver-core/oas/swagger.html
new file mode 100644
index 00000000..50c9ed92
--- /dev/null
+++ b/src/takserver-core/oas/swagger.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>TAK Server SwaggerUI</title>
+    <link rel="stylesheet" href="http://unpkg.com/swagger-ui-dist@4.4.1/swagger-ui.css"/>
+    <script src="http://unpkg.com/swagger-ui-dist@4.4.1/swagger-ui-bundle.js"></script>
+    <script src="http://unpkg.com/swagger-ui-dist@4.4.1/swagger-ui-standalone-preset.js"></script>
+</head>
+<body>
+    <div id="root" class="swagger-ui"/>
+
+    <!-- Expects openapispec.json in same directory as this html file -->
+    <script>
+        const ui = SwaggerUIBundle({
+          url: 'openapispec.json',
+          supportedSubmitMethods: [],
+          dom_id: '#root'
+        });
+    </script>
+</body>
+</html>
\ No newline at end of file
diff --git a/src/takserver-core/scripts/certs/makeCert.sh b/src/takserver-core/scripts/certs/makeCert.sh
index c2851764..e18630fe 100755
--- a/src/takserver-core/scripts/certs/makeCert.sh
+++ b/src/takserver-core/scripts/certs/makeCert.sh
@@ -71,12 +71,24 @@ else
   CONFIG=../config.cfg
 fi
 
+CRYPTO_SETTINGS=""
+
 openssl list -providers 2>&1 | grep "\(invalid command\|unknown option\)" >/dev/null
 if [ $? -ne 0 ] ; then
   echo "Using legacy provider"
-  LEGACY_PROVIDER="-legacy"
+  CRYPTO_SETTINGS="-legacy"
 fi
 
+fips=false
+for var in "$@"
+do
+    echo "$var"
+    if [ "$var" == "-fips" ] || [ "$var" == "--fips" ];then
+      fips=true
+      CRYPTO_SETTINGS='-macalg SHA256 -aes256 -descert -keypbe AES-256-CBC -certpbe AES-256-CBC'
+    fi
+done
+
 SUBJ=$SUBJBASE"CN=$SNAME"
 echo "Making a $1 cert for " $SUBJ
 if [[ "$1" == "ca" ]]; then
@@ -102,15 +114,17 @@ cat ca-trusted.pem >> "${SNAME}"-trusted.pem
 
 # now make pkcs12 and jks keystore files
 if [[ "$1" == "server" ||  "$1" == "client" || "$1" == "dbclient" ]]; then
-  openssl pkcs12 ${LEGACY_PROVIDER} -export -in "${SNAME}".pem -inkey "${SNAME}".key -out "${SNAME}".p12 -name "${SNAME}" -CAfile ca.pem -passin pass:${PASS} -passout pass:${PASS}
+  openssl pkcs12 ${CRYPTO_SETTINGS} -export -in "${SNAME}".pem -inkey "${SNAME}".key -out "${SNAME}".p12 -name "${SNAME}" -CAfile ca.pem -passin pass:${PASS} -passout pass:${PASS}
   keytool -importkeystore -deststorepass "${PASS}" -destkeypass "${PASS}" -destkeystore "${SNAME}".jks -srckeystore "${SNAME}".p12 -srcstoretype PKCS12 -srcstorepass "${PASS}" -alias "${SNAME}"
 else # a CA
-
-  openssl pkcs12 ${LEGACY_PROVIDER} -export -in "${SNAME}"-trusted.pem -out truststore-"${SNAME}".p12 -nokeys -passout pass:${CAPASS}
+  if [ "$fips" = true ];then
+    openssl pkcs12 -legacy -export -in "${SNAME}"-trusted.pem -out truststore-"${SNAME}"-legacy.p12 -nokeys -passout pass:${CAPASS}
+  fi
+  openssl pkcs12 ${CRYPTO_SETTINGS} -export -in "${SNAME}"-trusted.pem -out truststore-"${SNAME}".p12 -nokeys -passout pass:${CAPASS}
   keytool -import -trustcacerts -file "${SNAME}".pem -keystore truststore-"${SNAME}".jks -storepass "${CAPASS}" -noprompt
 
   # include a CA signing keystore; NOT FOR DISTRIBUTION TO CLIENTS
-  openssl pkcs12 ${LEGACY_PROVIDER} -export -in "${SNAME}".pem -inkey "${SNAME}".key -out "${SNAME}"-signing.p12 -name "${SNAME}" -passin pass:${CAPASS} -passout pass:${CAPASS}
+  openssl pkcs12 ${CRYPTO_SETTINGS} -export -in "${SNAME}".pem -inkey "${SNAME}".key -out "${SNAME}"-signing.p12 -name "${SNAME}" -passin pass:${CAPASS} -passout pass:${CAPASS}
   keytool -importkeystore -deststorepass "${CAPASS}" -destkeypass "${CAPASS}" -destkeystore "${SNAME}"-signing.jks -srckeystore "${SNAME}"-signing.p12 -srcstoretype PKCS12 -srcstorepass "${CAPASS}" -alias "${SNAME}"
 
   ## create empty crl 
diff --git a/src/takserver-core/scripts/certs/makeRootCa.sh b/src/takserver-core/scripts/certs/makeRootCa.sh
index 15e55d1d..2966f1d4 100755
--- a/src/takserver-core/scripts/certs/makeRootCa.sh
+++ b/src/takserver-core/scripts/certs/makeRootCa.sh
@@ -13,9 +13,15 @@ if [ -e ca.pem ]; then
   exit -1
 fi
 
-if [ ${#} == 2 ] && [ "${1}" == "--ca-name" ];then
-  CA_NAME=${2}
-else
+CA_NAME=""
+for (( i=1; i <= "$#"; i++ )); do
+  if [ "${!i}" == "--ca-name" ];then
+    NEXT_VAL=$(($i + 1))
+    CA_NAME=${!NEXT_VAL}
+  fi
+done
+
+if [ -z "${CA_NAME}" ]; then
   echo "Please give a name for your CA (no spaces).  It should be unique.  If you don't enter anything, or try something under 5 characters, I will make one for you"
   read CA_NAME
 fi
@@ -25,18 +31,32 @@ if [[ "$canamelen" -lt 5 ]]; then
   CA_NAME=`date +%N`
 fi
 
+CRYPTO_SETTINGS=""
+
 openssl list -providers 2>&1 | grep "\(invalid command\|unknown option\)" >/dev/null
 if [ $? -ne 0 ] ; then
   echo "Using legacy provider"
-  LEGACY_PROVIDER="-legacy"
+  CRYPTO_SETTINGS="-legacy"
 fi
 
+fips=false
+for var in "$@"
+do
+    if [ "$var" == "-fips" ] || [ "$var" == "--fips" ];then
+      fips=true
+    	CRYPTO_SETTINGS='-macalg SHA256 -aes256 -descert -keypbe AES-256-CBC -certpbe AES-256-CBC'
+    fi
+done
+
 SUBJ=$SUBJBASE"CN=$CA_NAME"
 echo "Making a CA for " $SUBJ
 openssl req -new -sha256 -x509 -days 3652 -extensions v3_ca -keyout ca-do-not-share.key -out ca.pem -passout pass:${CAPASS} -config ../config.cfg -subj "$SUBJ"
 openssl x509 -in ca.pem  -addtrust clientAuth -addtrust serverAuth -setalias "${CA_NAME}" -out ca-trusted.pem
 
-openssl pkcs12 ${LEGACY_PROVIDER} -export -in ca-trusted.pem -out truststore-root.p12 -nokeys -caname "${CA_NAME}" -passout pass:${CAPASS}
+if [ "$fips" = true ];then
+  openssl pkcs12 -legacy -export -in ca-trusted.pem -out truststore-root-legacy.p12 -nokeys -caname "${CA_NAME}" -passout pass:${CAPASS}
+fi
+openssl pkcs12 ${CRYPTO_SETTINGS} -export -in ca-trusted.pem -out truststore-root.p12 -nokeys -caname "${CA_NAME}" -passout pass:${CAPASS}
 keytool -import -trustcacerts -file ca.pem -keystore truststore-root.jks -alias "${CA_NAME}" -storepass "${CAPASS}" -noprompt
 cp truststore-root.jks fed-truststore.jks
 
diff --git a/src/takserver-core/scripts/config-readiness.sh b/src/takserver-core/scripts/config-readiness.sh
new file mode 100644
index 00000000..c97226a8
--- /dev/null
+++ b/src/takserver-core/scripts/config-readiness.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+cat '/logs/takserver-config.log' | grep -q 'Started TAK Server config Microservice'
diff --git a/src/takserver-core/scripts/config/takserver-config b/src/takserver-core/scripts/config/takserver-config
new file mode 100644
index 00000000..537031f2
--- /dev/null
+++ b/src/takserver-core/scripts/config/takserver-config
@@ -0,0 +1,77 @@
+#!/bin/bash
+### BEGIN INIT INFO
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: takserver-config init script
+### END INIT INFO
+#
+# /etc/rc.d/init.d/takserver-config
+#
+# (c)2015-2018 Raytheon BBN Technologies. Licensed to US Government with unlimited rights.
+#
+# The Team Awareness Kit (TAK) server is a network server supporting the
+# family of TAK situation-awareness applications, such as the Android
+# Team Awareness Kit (ATAK) and Windows Team Awareness Kit (WinTAK). TAK
+# server provides brokering, filtering, and archiving of Cursor-on-Target
+# (CoT) information and provides interconnectivity to client devices on
+# non-multicast networks.
+#
+# This script starts the takserver-config service
+
+
+# chkconfig: 345 20 40
+# description: Team Awareness Kit (TAK) Configuration service.
+
+# Source function library
+if [ -f /etc/rc.d/init.d/functions ]; then
+    . /etc/rc.d/init.d/functions
+fi
+
+SERVICE="CONFIG"
+TAK_HOME=/opt/tak
+
+case "$1" in
+     start)
+        echo -n "Starting $SERVICE: "
+          su tak -c "cd ${TAK_HOME} && ./takserver-config.sh &> /opt/tak/logs/takserver-config-console.log &"
+          if [ $? -eq 0 ]; then
+	      echo "OK"
+	      else
+		  pkill -9 -f "spring.profiles.active=config"
+		  echo "FAILED"
+		  exit 1
+	      fi
+          touch "/var/lock/subsys/$SERVICE"
+    ;;
+    stop)
+          echo -n "Shutting down $SERVICE: "
+		  pkill -9 -f "spring.profiles.active=config"
+	  rm -f "/var/lock/subsys/$SERVICE"
+	  echo "done."
+    ;;
+    status)
+	RETVAL=0
+	TAK_PID=`pgrep -f "spring.profiles.active=config"`
+        if [ $? -eq 0 ] ; then
+            echo "$SERVICE is running with pid ${TAK_PID}"
+        else
+            echo "$SERVICE is not running."
+            RETVAL=1
+        fi
+	exit $RETVAL
+    ;;
+    restart)
+          $0 stop;
+          $0 start;
+    ;;
+    reload)
+          $0 stop;
+          $0 start;
+    ;;
+    *)
+       echo "Usage: $0 {start|stop|status|restart}"
+       exit 1
+    ;;
+esac
+
+exit 0
diff --git a/src/takserver-core/scripts/config/takserver-config-cluster.sh b/src/takserver-core/scripts/config/takserver-config-cluster.sh
new file mode 100644
index 00000000..c26db9a6
--- /dev/null
+++ b/src/takserver-core/scripts/config/takserver-config-cluster.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+. ./setenv.sh
+
+java -Xmx${API_MAX_HEAP}m -Dspring.profiles.active=config,consolelog -Dkeystore.pkcs12.legacy -jar takserver.war $@
+
diff --git a/src/takserver-core/scripts/config/takserver-config.sh b/src/takserver-core/scripts/config/takserver-config.sh
new file mode 100644
index 00000000..2e7eefee
--- /dev/null
+++ b/src/takserver-core/scripts/config/takserver-config.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+. ./setenv.sh
+
+java -server -XX:+AlwaysPreTouch -XX:+UseG1GC -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC -Xmx${CONFIG_MAX_HEAP}m -Dspring.profiles.active=config -Dkeystore.pkcs12.legacy -jar takserver.war $@
+
diff --git a/src/takserver-core/scripts/launcher/takserver b/src/takserver-core/scripts/launcher/takserver
index ff6096f4..2ecb5206 100644
--- a/src/takserver-core/scripts/launcher/takserver
+++ b/src/takserver-core/scripts/launcher/takserver
@@ -33,6 +33,7 @@ TAK_HOME=/opt/tak
 case "$1" in
      start)
         echo -n "Starting $SERVICE: "
+		    service takserver-config start
 		    service takserver-messaging start
 		    service takserver-api start
 		    service takserver-plugins start
@@ -41,6 +42,7 @@ case "$1" in
     ;;
     stop)
         echo -n "Shutting down $SERVICE: "
+		    service takserver-config stop
     		service takserver-messaging stop
 		    service takserver-api stop
 		    service takserver-plugins stop
@@ -50,6 +52,14 @@ case "$1" in
     ;;
     status)
         RETVAL=0
+        TAK_PID=`pgrep -f "spring.profiles.active=config"`
+        if [ $? -eq 0 ] ; then
+            echo "takserver-config is running with pid ${TAK_PID}"
+        else
+            echo "takserver-config is not running."
+            RETVAL=1
+        fi
+
         TAK_PID=`pgrep -f "spring.profiles.active=messaging"`
         if [ $? -eq 0 ] ; then
             echo "takserver-messaging is running with pid ${TAK_PID}"
diff --git a/src/takserver-core/scripts/setenv-cluster.sh b/src/takserver-core/scripts/setenv-cluster.sh
index aea4f93f..2991e3db 100644
--- a/src/takserver-core/scripts/setenv-cluster.sh
+++ b/src/takserver-core/scripts/setenv-cluster.sh
@@ -4,12 +4,21 @@
 export JDK_JAVA_OPTIONS="${JDK_JAVA_OPTIONS} -Dloader.path=WEB-INF/lib-provided,WEB-INF/lib,WEB-INF/classes,file:lib/ -Dio.netty.tmpdir=/opt/tak -Djava.io.tmpdir=/opt/tak -Dio.netty.native.workdir=/opt/tak -Djava.net.preferIPv4Stack=true -Djava.security.egd=file:/dev/./urandom -DIGNITE_UPDATE_NOTIFIER=false -DIGNITE_QUIET=true -Djdk.tls.client.protocols=TLSv1.2"
 export IGNITE_HOME="/opt/tak"
 
+# If a configmap with certs has been mounted copy it to the certificate directory
+# Although you can mount a configmap file rw, you can't do so with a directory
+# -L follows the relative symlinks since they break without it
+if [ -d /certs-configmap ];then
+	mkdir -p /certs/files
+	cp -Lr /certs-configmap/* /certs/files/
+fi
+
 # get total RAM
 TOTAL=`awk '/MemTotal/ {print $2}' /proc/meminfo`
 
 # convert from KiB to MB"
 TOTAL=$(($TOTAL * 1024 * 30 / 1000 / 1000 / 100))
 
+export CONFIG_MAX_HEAP=7500
 export API_MAX_HEAP=7500
 export MESSAGING_MAX_HEAP=7500
 export PLUGIN_MANAGER_MAX_HEAP=7500
diff --git a/src/takserver-core/scripts/setenv.sh b/src/takserver-core/scripts/setenv.sh
index cc15792a..d893e469 100644
--- a/src/takserver-core/scripts/setenv.sh
+++ b/src/takserver-core/scripts/setenv.sh
@@ -35,8 +35,10 @@ export JDK_JAVA_OPTIONS="${JDK_JAVA_OPTIONS}
 --add-opens=java.base/java.security=ALL-UNNAMED
 --add-opens=java.base/java.security.ssl=ALL-UNNAMED
 --add-opens=java.base/java.security.cert=ALL-UNNAMED
+--add-opens=java.base/sun.security.provider.certpath=ALL-UNNAMED
 --add-opens=java.base/sun.security.rsa=ALL-UNNAMED
 --add-opens=java.base/sun.security.ssl=ALL-UNNAMED
+--add-opens=java.base/sun.security.validator=ALL-UNNAMED
 --add-opens=java.base/sun.security.x500=ALL-UNNAMED
 --add-opens=java.base/sun.security.pkcs12=ALL-UNNAMED
 --add-opens=java.base/sun.security.provider=ALL-UNNAMED
@@ -51,6 +53,11 @@ TOTALRAMBYTES=`awk '/MemTotal/ {print $2}' /proc/meminfo`
 # convert from KiB to MB"
 #TOTAL=$(($TOTARAMBYTES * 1024 * 25 / 1000 / 1000 / 100))
 
+# set CONFIG max if not set already
+if [ -z "$CONFIG_MAX_HEAP" ]; then
+  export CONFIG_MAX_HEAP=$(($TOTALRAMBYTES / 35000))
+fi
+
 # set API max if not set already
 if [ -z "$API_MAX_HEAP" ]; then
   export API_MAX_HEAP=$(($TOTALRAMBYTES / 2700))
@@ -72,6 +79,7 @@ if [ -z "$RETENTION_MAX_HEAP" ]; then
 fi
 
 echo "TOTALRAMBYTES : "$TOTALRAMBYTES
+echo "CONFIG_MAX_HEAP (MB) : "$CONFIG_MAX_HEAP
 echo "API_MAX_HEAP (MB) : "$API_MAX_HEAP
 echo "MESSAGING_MAX_HEAP (MB) : "$MESSAGING_MAX_HEAP
 echo "PLUGIN_MANAGER_MAX_HEAP (MB) : "$PLUGIN_MANAGER_MAX_HEAP
diff --git a/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/FloodManipulator.java b/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/FloodManipulator.java
index 2195ff02..1498c851 100644
--- a/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/FloodManipulator.java
+++ b/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/FloodManipulator.java
@@ -15,8 +15,16 @@
 import com.bbn.marti.test.shared.engines.TestEngine;
 
 import java.net.BindException;
-import java.util.*;
-import java.util.concurrent.*;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Random;
+import java.util.Set;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
 
 /**
  * Created on 11/5/15.
diff --git a/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/GenerateOpenApiSpec.java b/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/GenerateOpenApiSpec.java
new file mode 100644
index 00000000..7dea3f02
--- /dev/null
+++ b/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/GenerateOpenApiSpec.java
@@ -0,0 +1,39 @@
+package com.bbn.marti.tests;
+
+import com.bbn.marti.test.shared.AbstractTestClass;
+import com.bbn.marti.test.shared.data.users.AbstractUser;
+import com.bbn.marti.test.shared.data.generated.ImmutableConnections;
+import com.bbn.marti.test.shared.data.generated.ImmutableUsers;
+import com.bbn.marti.test.shared.data.servers.ImmutableServerProfiles;
+import org.junit.Assert;
+import org.junit.Test;
+
+
+public class GenerateOpenApiSpec extends AbstractTestClass {
+
+    private static final String className = "GenerateOpenApiSpec";
+    protected static final AbstractUser admin = ImmutableUsers.s0_authstcp_authwssuser012_012f;
+
+    @Test(timeout = 600000)
+    public void generateOpenApiSpec() {
+        try {
+            String sessionIdentifier = initTestMethod();
+
+            engine.offlineAddUsersAndConnectionsIfNecessary(ImmutableUsers.s0_authssl_authuser12_012f);
+
+            engine.startServer(ImmutableServerProfiles.SERVER_0, sessionIdentifier);
+
+            engine.connectClientsAndVerify(true,
+                    ImmutableUsers.s0_authssl_authuser12_012f);
+
+            engine.openApiSpecGet(admin);
+
+        } catch (Exception e) {
+            e.printStackTrace();
+            Assert.fail(e.getMessage());
+        } finally {
+            engine.stopServers(ImmutableServerProfiles.SERVER_0);
+        }
+    }
+
+}
diff --git a/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/PointToPointTests.java b/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/PointToPointTests.java
index aaece2fc..0164f489 100644
--- a/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/PointToPointTests.java
+++ b/src/takserver-core/src/integrationTest/java/com/bbn/marti/tests/PointToPointTests.java
@@ -14,7 +14,12 @@
 import org.junit.Test;
 
 import java.io.IOException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Random;
+import java.util.Set;
 
 /**
  * Created on 8/30/16.
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/CotParserCreator.java b/src/takserver-core/src/main/java/com/bbn/cot/CotParserCreator.java
index 9b32ac83..a02c2180 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/CotParserCreator.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/CotParserCreator.java
@@ -2,7 +2,7 @@
 
 package com.bbn.cot;
 
-import com.bbn.marti.service.DistributedConfiguration;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 import tak.server.cot.CotParser;
 
@@ -11,6 +11,6 @@ public class CotParserCreator {
 		
 	public static CotParser newInstance() {
 		
-		return new CotParser(DistributedConfiguration.getInstance().getRemoteConfiguration().getSubmission() == null ? false : DistributedConfiguration.getInstance().getRemoteConfiguration().getSubmission().isValidateXml());
+		return new CotParser(CoreConfigFacade.getInstance().getRemoteConfiguration().getSubmission() == null ? false : CoreConfigFacade.getInstance().getRemoteConfiguration().getSubmission().isValidateXml());
 	}
 }
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/filter/DataFeedFilter.java b/src/takserver-core/src/main/java/com/bbn/cot/filter/DataFeedFilter.java
index c8c182ec..4f6f5ae6 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/filter/DataFeedFilter.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/filter/DataFeedFilter.java
@@ -22,17 +22,14 @@
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.remote.InputMetric;
 import com.bbn.marti.remote.exception.TakException;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.SubmissionService;
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.sync.model.MinimalMission;
 import com.bbn.marti.sync.model.MinimalMissionFeed;
-import com.bbn.marti.sync.model.MissionFeed;
 import com.bbn.marti.sync.service.DistributedDataFeedCotService;
-import com.bbn.marti.sync.service.MissionService;
 import com.bbn.marti.util.GeomUtils;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.github.benmanes.caffeine.cache.Cache;
@@ -40,6 +37,7 @@
 import com.google.common.base.Strings;
 
 import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 import tak.server.federation.FigFederateSubscription;
 import tak.server.feeds.DataFeedDTO;
@@ -117,7 +115,7 @@ public void filter(CotEventContainer cot, DataFeed dataFeed) {
 						
 			// if vbm is enabled, only broker messages to clients subscribed to a mission that is linked to this data feed	
 			// this is achieved by adding an explicit endpoint for the cot, meaning it won't hit implicit brokering
-			if (DistributedConfiguration.getInstance().getRemoteConfiguration().getVbm().isEnabled()) {
+			if (CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled()) {
 
 				String dataFeedUuid = (String) cot.getContextValue(Constants.DATA_FEED_UUID_KEY);
 				
@@ -144,11 +142,11 @@ public void filter(CotEventContainer cot, DataFeed dataFeed) {
 								
 				if (logger.isDebugEnabled()) {
 					logger.debug("deserialized " + feedMissions.size() + " feed missions from JSON");
-					logger.debug("DistributedConfiguration.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool(): {}", DistributedConfiguration.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool());
+					logger.debug("CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool(): {}", CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool());
 				}
 				
 				// if there was a vbm match and we're mission federating, pass the data feed message to each fig client
-				boolean vbmMatch = feedMissions.stream().anyMatch(m -> DistributedConfiguration.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool().equals(m.getTool().toLowerCase()));
+				boolean vbmMatch = feedMissions.stream().anyMatch(m -> CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool().equals(m.getTool().toLowerCase()));
 				if (vbmMatch && isMissionDataFeedFederation()) {
 					
 					DataFeedDTO dataFeedDao = dataFeedService.getDataFeedByUid(dataFeed.getUuid());
@@ -429,12 +427,12 @@ private Cache<String, BoundingBox> cache() {
 	}
 	
 	private boolean isVbm() {
-		return DistributedConfiguration.getInstance().getRemoteConfiguration().getVbm().isEnabled();
+		return CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled();
 	}
 	
 	private boolean isMissionDataFeedFederation() {
-		return DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()
-				&& DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation();
+		return CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()
+				&& CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation();
 	}
 
 }
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/filter/DropEventFilter.java b/src/takserver-core/src/main/java/com/bbn/cot/filter/DropEventFilter.java
index e3c6bcdd..94381e67 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/filter/DropEventFilter.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/filter/DropEventFilter.java
@@ -27,14 +27,14 @@ public DropEventFilter(String type, String detail, long threshold) {
 
 	@Override
 	public CotEventContainer filter(CotEventContainer c) {
-		if(type != null && type.compareTo(c.getType()) != 0) {
+		if (type != null && type.compareTo(c.getType()) != 0) {
 			if (log.isDebugEnabled()) {
 				log.debug("cot event type : " + c.getType() + " didnt match filter type : " + type);
 			}
 			return c;
 		}
 
-		if(detail != null && !c.getDetailXml().contains(detail)) {
+		if (detail != null && !c.getDetailXml().contains(detail)) {
 			if (log.isDebugEnabled()) {
 				log.debug("cot detail : " + c.getDetailXml() + " didnt match filter detail: " + detail);
 			}
@@ -46,9 +46,9 @@ public CotEventContainer filter(CotEventContainer c) {
 			return null;
 		}
 
-		if(seenList.containsKey(c.getUid())) {
+		if (seenList.containsKey(c.getUid())) {
 			long ctime = System.currentTimeMillis();
-			if((seenList.get(c.getUid()) + threshold) < ctime) {
+			if ((seenList.get(c.getUid()) + threshold) < ctime) {
 				if (log.isDebugEnabled()) {
 					log.debug("threshold exceeded for cot type : " + c.getType() + ", uid : " + c.getUid());
 				}
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/filter/FlowTagFilter.java b/src/takserver-core/src/main/java/com/bbn/cot/filter/FlowTagFilter.java
index cebc976e..3805fef7 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/filter/FlowTagFilter.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/filter/FlowTagFilter.java
@@ -42,7 +42,7 @@ public CotEventContainer filter(CotEventContainer c) {
 			// check to make sure detail field exists
 			Element detailElem = c.getDocument().getRootElement()
 					.element("detail");
-			if(detailElem == null)
+			if (detailElem == null)
              {
                 return c;  // invalid CoT, but this isn't the right place to stop it
             }
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/filter/Images.java b/src/takserver-core/src/main/java/com/bbn/cot/filter/Images.java
index c5b3bf61..bb671c63 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/filter/Images.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/filter/Images.java
@@ -17,12 +17,12 @@
 import org.dom4j.Element;
 
 import com.bbn.marti.remote.ImagePref;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.util.Iterables;
 import com.bbn.marti.util.Assertion;
-import com.bbn.marti.util.MessagingDependencyInjectionProxy;
 import com.bbn.marti.util.Tuple;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
+
 /**
  * This has been changed innto a static class of
  * non-mutating processing utilies for images. See the ImageProcessingFilter
@@ -330,7 +330,7 @@ private static BufferedImage createThumbNail(BufferedImage fullSizeImg)
 			throw new Exception(
 					"At least one dimension is invalid.  No image writen to message.");
 		}
-		int pixels = DistributedConfiguration.getInstance().getFilter().getThumbnail().getPixels();
+		int pixels = CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter().getThumbnail().getPixels();
 		if (width > height) { // Ensure ratio is kept
 			height = (int) ((double) (height) / (width) * pixels);
 			width = pixels;
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/filter/ScrubInvalidValues.java b/src/takserver-core/src/main/java/com/bbn/cot/filter/ScrubInvalidValues.java
index c770ce07..89baae04 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/filter/ScrubInvalidValues.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/filter/ScrubInvalidValues.java
@@ -4,23 +4,22 @@
 
 import org.dom4j.Attribute;
 import org.dom4j.Element;
-import org.springframework.beans.factory.annotation.Autowired;
 
-import com.bbn.marti.service.DistributedConfiguration;
+import com.bbn.marti.config.Configuration;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 
 public class ScrubInvalidValues implements CotFilter {
 
   	private static String TRACK_XPATH = "/event/detail/track";
   	private static String POINT_XPATH = "/event/point";
-  	
-  	@Autowired
-  	private DistributedConfiguration config;
-  	
+
+;
+
     @Override
 	public CotEventContainer filter(final CotEventContainer cot) {
-
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 		if (config.getFilter().getScrubber() != null &&
 			config.getFilter().getScrubber().isEnable()) {
 			boolean drop = true;
@@ -45,16 +44,16 @@ public CotEventContainer filter(final CotEventContainer cot) {
 			results[i++] = isInvalidDouble(point.attribute("ce"), 0, 99999999, 0);
 
 			//optional tags:
-			if(track != null && track.attribute("course") != null) {
+			if (track != null && track.attribute("course") != null) {
 				results[i++] = isInvalidDouble(track.attribute("course"), 0, 360, 0);
 			}
-			if(track != null && track.attribute("speed") != null) {
+			if (track != null && track.attribute("speed") != null) {
 				results[i++] = isInvalidDouble(track.attribute("speed"), 0, 999999, 0);
 			}
 
 			if (drop) {
 				for(int j = 0; j<i; j++) {
-					if(results[j] == true)
+					if (results[j] == true)
 						return null;
 				}
 			}
@@ -65,7 +64,7 @@ public CotEventContainer filter(final CotEventContainer cot) {
 	boolean isInvalidInt(Attribute attribute, int lowerBound, int upperBound, int overwriteValue) {
 			try {
 				int i = Integer.parseInt(attribute.getValue());
-				if(i >= lowerBound && i <= upperBound) {
+				if (i >= lowerBound && i <= upperBound) {
 					return false;
 				}
 			} catch(Exception e) {
@@ -78,7 +77,7 @@ boolean isInvalidDouble(Attribute attribute, double lowerBound, double upperBoun
 		try {
                         //logger.warn("Checking attr: " + attribute.getName() + ": " + attribute.getValue());
 			double i = Double.parseDouble(attribute.getValue());
-			if(i >= lowerBound && i <= upperBound) {
+			if (i >= lowerBound && i <= upperBound) {
 				return false;
 			}
                         //logger.warn(" FAILED Bounds check!");
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/filter/StreamingEndpointRewriteFilter.java b/src/takserver-core/src/main/java/com/bbn/cot/filter/StreamingEndpointRewriteFilter.java
index c773eb1d..a4fa1696 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/filter/StreamingEndpointRewriteFilter.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/filter/StreamingEndpointRewriteFilter.java
@@ -2,7 +2,6 @@
 
 package com.bbn.cot.filter;
 
-import javax.naming.ldap.LdapName;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -13,6 +12,8 @@
 import java.util.NavigableSet;
 import java.util.Set;
 
+import javax.naming.ldap.LdapName;
+
 import org.dom4j.Element;
 import org.dom4j.Node;
 import org.slf4j.Logger;
@@ -21,14 +22,14 @@
 import org.springframework.context.ApplicationContext;
 
 import com.atakmap.Tak.ROL;
-import tak.server.federation.DistributedFederationManager;
+import com.bbn.marti.config.Configuration;
 import com.bbn.marti.nio.channel.ChannelHandler;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.sync.MissionContent;
 import com.bbn.marti.remote.sync.MissionMetadata;
 import com.bbn.marti.remote.util.RemoteUtil;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.RepositoryService;
 import com.bbn.marti.service.Resources;
 import com.bbn.marti.service.Subscription;
@@ -36,12 +37,12 @@
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.sync.model.MissionPermission;
 import com.bbn.marti.sync.model.MissionSubscription;
-import com.bbn.marti.sync.repository.MissionSubscriptionRepository;
 import com.bbn.marti.sync.service.MissionService;
 import com.google.common.base.Strings;
 
 import tak.server.Constants;
 import tak.server.cot.CotEventContainer;
+import tak.server.federation.DistributedFederationManager;
 
 public class StreamingEndpointRewriteFilter implements CotFilter {
 
@@ -63,9 +64,6 @@ public class StreamingEndpointRewriteFilter implements CotFilter {
 
   	private static final Logger logger = LoggerFactory.getLogger(StreamingEndpointRewriteFilter.class);
 
-  	@Autowired
-  	private DistributedConfiguration config;
-
   	@Autowired
   	private SubscriptionManager subscriptionManager;
 
@@ -81,8 +79,8 @@ public class StreamingEndpointRewriteFilter implements CotFilter {
    	@Autowired
    	ApplicationContext context;
 
-	@Autowired
-	private MissionSubscriptionRepository missionSubscriptionRepository;
+//	@Autowired
+//	private MissionSubscriptionRepository missionSubscriptionRepository;
 
 	private MissionService missionService;
 	
@@ -96,6 +94,7 @@ public StreamingEndpointRewriteFilter(MissionService missionService) {
 	@SuppressWarnings("unchecked")
     @Override
 	public CotEventContainer filter(final CotEventContainer cot) {
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
 		if (logger.isTraceEnabled()) {
 			logger.trace("StreamingEndpointFilter start");
@@ -152,13 +151,13 @@ public CotEventContainer filter(final CotEventContainer cot) {
 				for (Node destElem : destList) {
 					Element detached = (Element) destElem.detach();
 
-					if(detached.attribute(CALLSIGN_ATTR) != null) {
+					if (detached.attribute(CALLSIGN_ATTR) != null) {
 						callsignList.add(detached.attributeValue(CALLSIGN_ATTR));
-					} else if(detached.attribute(PUBLISH_ATTR) != null) {
+					} else if (detached.attribute(PUBLISH_ATTR) != null) {
 						publishList.add(detached.attributeValue(PUBLISH_ATTR));
-					} else if(detached.attribute(UID_ATTR) != null) {
+					} else if (detached.attribute(UID_ATTR) != null) {
 						uids.add(detached.attributeValue(UID_ATTR));
-					} else if(detached.attribute(MISSION_ATTR) != null) {
+					} else if (detached.attribute(MISSION_ATTR) != null) {
 					    missionNames.add(detached.attributeValue(MISSION_ATTR));
 				        logger.debug("mission destination specified in message: " + detached.attributeValue(MISSION_ATTR));
 
@@ -199,8 +198,8 @@ public CotEventContainer filter(final CotEventContainer cot) {
 						MissionSubscription missionSubscription = null;
 						User user = (User) cot.getContextValue(Constants.USER_KEY);
 						if (user != null) {
-							missionSubscription = missionSubscriptionRepository
-									.findByMissionNameAndClientUidAndUsernameNoMission(
+							missionSubscription = missionService
+									.getMissionSubcriptionByMissionNameAndClientUidAndUsernameNoMission(
 									missionName, clientUid, user.getName());
 
 							if (missionSubscription == null
@@ -209,13 +208,13 @@ public CotEventContainer filter(final CotEventContainer cot) {
 								String cn = new LdapName(user.getCert().getSubjectX500Principal().getName())
 										.getRdns().stream().filter(i -> i.getType().equalsIgnoreCase("CN"))
 											.findFirst().get().getValue().toString();
-								missionSubscription = missionSubscriptionRepository
-										.findByMissionNameAndClientUidAndUsernameNoMission(
+								missionSubscription = missionService
+										.getMissionSubcriptionByMissionNameAndClientUidAndUsernameNoMission(
 										missionName, clientUid, cn);
 							}
 
 						} else {
-							missionSubscription = missionSubscriptionRepository.findByMissionNameAndClientUidNoMission(
+							missionSubscription = missionService.getMissionSubscriptionByMissionNameAndClientUidNoMission(
 									missionName, clientUid);
 						}
 					
@@ -285,8 +284,8 @@ public CotEventContainer filter(final CotEventContainer cot) {
 								}
 							}
 							
-							if (config.getRemoteConfiguration().getFederation().isEnableFederation()
-									&&	config.getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
+							if (config.getFederation().isEnableFederation()
+									&&	config.getFederation().isAllowMissionFederation()) {
 								// federate this mission update (subject to group filtering)
 								try {
 
@@ -328,11 +327,11 @@ public CotEventContainer filter(final CotEventContainer cot) {
 										}
 
 										
-										if (DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isFederateOnlyPublicMissions()) {
+										if (config.getFederation().isFederateOnlyPublicMissions()) {
 											if ("public".equals(mission.getTool())) {
 												// allow public. no action needed as of now
 											} else if (config.getNetwork().getMissionCopTool().equals(mission.getTool())) {
-												if (!DistributedConfiguration.getInstance().getRemoteConfiguration().getVbm().isEnabled()) {
+												if (!config.getVbm().isEnabled()) {
 													logger.debug("not federating vbm mission action for mission " + missionName + " since vbm is disabled");
 													return;
 												}
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/filter/UrlAddingFilter.java b/src/takserver-core/src/main/java/com/bbn/cot/filter/UrlAddingFilter.java
index 551e9c72..3d58514a 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/filter/UrlAddingFilter.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/filter/UrlAddingFilter.java
@@ -5,15 +5,15 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import com.bbn.marti.config.Configuration;
 import org.apache.log4j.Logger;
 import org.dom4j.Attribute;
 import org.dom4j.Element;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.bbn.cot.filter.Images.ImageData;
 import com.bbn.marti.config.Urladd;
-import com.bbn.marti.service.DistributedConfiguration;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 
 /**
@@ -26,15 +26,13 @@
  */
 public class UrlAddingFilter implements CotFilter {
 	
-	@Autowired
-	private DistributedConfiguration config;
-	
 	private static final Logger log = Logger.getLogger(UrlAddingFilter.class);
 
 	public UrlAddingFilter() { }
 
 	public CotEventContainer filter(CotEventContainer cot) {
-		// make sure there's a database			
+		// make sure there's a database
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
 		// if we don't have a database, or we don't have any images
 		if (!config.getRepository().isEnable() || !cot.hasContextKey(CotEventContainer.IMAGE_KEY)) {
@@ -89,7 +87,7 @@ public static ImageData copyImageData(ImageData data) {
 	* by annotating (mutating) the image element
 	*/
 	public void annotateImageData(ImageData imageData) {
-		Urladd urladd = config.getFilter().getUrladd();
+		Urladd urladd = CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter().getUrladd();
 		Element imageElem = imageData.element();
 		
 		//Construct URL
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/filter/VBMSASharingFilter.java b/src/takserver-core/src/main/java/com/bbn/cot/filter/VBMSASharingFilter.java
index eeb05db4..4914431c 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/filter/VBMSASharingFilter.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/filter/VBMSASharingFilter.java
@@ -1,13 +1,14 @@
 package com.bbn.cot.filter;
 
+import com.bbn.marti.config.Configuration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.SubmissionService;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.google.common.base.Strings;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cot.CotEventContainer;
 
@@ -42,14 +43,15 @@ public CotEventContainer filter(CotEventContainer cot) {
 		if (!Strings.isNullOrEmpty(dataFeedUid)) {
 			return cot;
 		}
-		
-		if (DistributedConfiguration.getInstance().getVbm().isEnabled()) {
-			if (DistributedConfiguration.getInstance().getVbm().isDisableChatSharing()) {
+
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+		if (config.getVbm().isEnabled()) {
+			if (config.getVbm().isDisableChatSharing()) {
 				if (isChatMessage(cot)) {
 					return null;
 				}
 			}
-			if (DistributedConfiguration.getInstance().getVbm().isDisableSASharing()) {
+			if (config.getVbm().isDisableSASharing()) {
 				if (!isChatMessage(cot)) {
 					return null;
 				}
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/model/AuthCot.java b/src/takserver-core/src/main/java/com/bbn/cot/model/AuthCot.java
index 6c251f57..d66300e2 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/model/AuthCot.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/model/AuthCot.java
@@ -7,9 +7,9 @@
  * Value class representing the CoT part of an auth message
  * 
  */
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
 
 @XmlAccessorType(XmlAccessType.PROPERTY)
 public class AuthCot {
diff --git a/src/takserver-core/src/main/java/com/bbn/cot/model/AuthMessage.java b/src/takserver-core/src/main/java/com/bbn/cot/model/AuthMessage.java
index 137dff9e..feed214f 100644
--- a/src/takserver-core/src/main/java/com/bbn/cot/model/AuthMessage.java
+++ b/src/takserver-core/src/main/java/com/bbn/cot/model/AuthMessage.java
@@ -2,10 +2,10 @@
 
 package com.bbn.cot.model;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
 
 /*
  * 
diff --git a/src/takserver-core/src/main/java/com/bbn/file/FileConfigurationApi.java b/src/takserver-core/src/main/java/com/bbn/file/FileConfigurationApi.java
index 08a019c6..b3fd71c1 100644
--- a/src/takserver-core/src/main/java/com/bbn/file/FileConfigurationApi.java
+++ b/src/takserver-core/src/main/java/com/bbn/file/FileConfigurationApi.java
@@ -8,7 +8,8 @@
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.bbn.marti.service.DistributedConfiguration;
+import com.bbn.marti.remote.config.CoreConfigFacade;
+
 
 @Validated
 @RestController
@@ -21,7 +22,7 @@ public class FileConfigurationApi {
     public FileConfigurationModel getFileConfiguration() {
     	
     	try {
-    		int uploadSizeLimit = DistributedConfiguration.getInstance().getNetwork().getEnterpriseSyncSizeLimitMB();
+    		int uploadSizeLimit = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
     		FileConfigurationModel config = new FileConfigurationModel();
     		config.setUploadSizeLimit(uploadSizeLimit);			
 			return config;
@@ -39,8 +40,8 @@ public void setFileConfiguration(@RequestBody FileConfigurationModel fileConfigu
     	}
     	
     	try {
-			DistributedConfiguration.getInstance().getNetwork().setEnterpriseSyncSizeLimitMB(fileConfigurationModel.getUploadSizeLimit());
-			DistributedConfiguration.getInstance().saveChangesAndUpdateCache();
+			CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().setEnterpriseSyncSizeLimitMB(fileConfigurationModel.getUploadSizeLimit());
+			CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
 		} catch (Exception e) {
 			logger.error("Error in setFileConfiguration: ", e);
 			throw new RuntimeException(e);
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/AuthenticatorUtil.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/AuthenticatorUtil.java
index b517f8d9..72498673 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/AuthenticatorUtil.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/AuthenticatorUtil.java
@@ -2,15 +2,16 @@
 
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.slf4j.Logger;
 
 import com.bbn.marti.config.Network.Connector;
 import com.bbn.marti.remote.groups.User;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.util.spring.ThreadLocalRequestHolder;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
+
 public class AuthenticatorUtil {
 
     public static final String ROLE_ADMIN = "ROLE_ADMIN";
@@ -36,7 +37,7 @@ public static void setUserRolesBasedOnRequestPort(User user, Logger logger) {
                 logger.debug("requestPort: {}", requestPort);
             }
 
-            List<Connector> connectors = DistributedConfiguration.getInstance().getNetwork().getConnector();
+            List<Connector> connectors = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getConnector();
 
             Connector configConnectorOnTheRequestedPort = null;
             for (Connector connector : connectors) {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/CommonGroupDirectedReachability.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/CommonGroupDirectedReachability.java
index 47ac1b5c..4ee4c4ab 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/CommonGroupDirectedReachability.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/CommonGroupDirectedReachability.java
@@ -17,8 +17,9 @@
 import com.bbn.marti.remote.groups.Node;
 import com.bbn.marti.remote.groups.Reachability;
 import com.bbn.marti.remote.groups.User;
-import com.bbn.marti.service.DistributedConfiguration;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 /*
  *
@@ -73,7 +74,7 @@ public boolean isReachable(User src, User dest) {
 		}
 
 		// don't allow reachability between federates
-		if(DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation() != null) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation() != null) {
 			if (src.getClass().equals(FederateUser.class) && dest.getClass().equals(FederateUser.class)) {
 				if (logger.isDebugEnabled()) {
 					logger.debug("federate " + src + " can't reach federate" + dest);
@@ -158,7 +159,7 @@ public Set<User> getAllReachableFrom(User src) {
 		}
 
 		boolean federateUser = false;
-		if(src instanceof FederateUser) {
+		if (src instanceof FederateUser) {
 			federateUser = true;
 		}
 
@@ -191,7 +192,7 @@ public Set<User> getAllReachableFrom(User src) {
 					for (Node node : inGroup.getNeighbors()) {
 						if (node.isLeaf()) {
 							User user = (User) node;
-							if(fedUser == false || (fedUser && !(user instanceof FederateUser))) {
+							if (fedUser == false || (fedUser && !(user instanceof FederateUser))) {
 								if (!user.equals(src)) {
 									users.add(user);
 								}
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/DistributedPersistentGroupManager.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/DistributedPersistentGroupManager.java
index cc359ac9..964c2a01 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/DistributedPersistentGroupManager.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/DistributedPersistentGroupManager.java
@@ -2,7 +2,13 @@
 
 package com.bbn.marti.groups;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Map;
+import java.util.NavigableSet;
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentSkipListSet;
 import java.util.stream.Collectors;
@@ -328,7 +334,7 @@ public void removeUserFromGroup(User user, Group group) {
         	logger.trace("post-removal " + group + " members: " + group.getNeighbors());
         }
 
-        if(userGroups != null) {
+        if (userGroups != null) {
             // remove group from user -> group map
             userGroups.remove(group);
         }
@@ -561,11 +567,17 @@ public AuthResult authenticate(String type, User user) {
     }
 
     @Override
-    public void authenticateCoreUsers(String type, String username) {
+    public void authenticateCoreUsers(String username) {
         try {
             for (User user : getAllUsers()) {
                 if (user.getConnectionType() == ConnectionType.CORE && user.getName().equals(username)) {
                     try {
+
+                        String type = "X509";
+                        if (user.getCert() == null) {
+                            type = "oauth";
+                        }
+
                         authenticate(type, user);
                     } catch (Exception e) {
                         logger.error("exception in authenticateCoreUsers for user : " + username, e);
@@ -1018,9 +1030,9 @@ public User replicateUserAndGroupMembership(User a) {
         
         // duplicate user a
         User b;
-        if(a instanceof AuthenticatedUser) {
+        if (a instanceof AuthenticatedUser) {
             b = new AuthenticatedUser((AuthenticatedUser)a);
-        } else if(a instanceof FederateUser) {
+        } else if (a instanceof FederateUser) {
             b = new FederateUser((FederateUser)a);
         } else {
             logger.error("Got user of unknown type");
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/DistributedUserManager.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/DistributedUserManager.java
index 5e38669c..36dbef48 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/DistributedUserManager.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/DistributedUserManager.java
@@ -8,7 +8,7 @@
 import java.util.Map;
 import java.util.Set;
 
-import javax.xml.bind.JAXBException;
+import jakarta.xml.bind.JAXBException;
 
 import org.apache.ignite.services.ServiceContext;
 import org.jetbrains.annotations.NotNull;
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/DummyAuthenticator.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/DummyAuthenticator.java
index 4c4a64c8..eefb1032 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/DummyAuthenticator.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/DummyAuthenticator.java
@@ -16,7 +16,7 @@
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.service.Resources;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 /*
  * Dummy authenticator, always succeeds.
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/FileAuthenticator.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/FileAuthenticator.java
index 66c4e181..63371843 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/FileAuthenticator.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/FileAuthenticator.java
@@ -16,7 +16,7 @@
 import java.util.concurrent.ConcurrentSkipListSet;
 
 import javax.security.auth.x500.X500Principal;
-import javax.xml.bind.JAXBException;
+import jakarta.xml.bind.JAXBException;
 
 import org.apache.ignite.Ignite;
 import org.apache.ignite.IgniteCache;
@@ -32,6 +32,7 @@
 import org.springframework.security.crypto.bcrypt.BCrypt;
 
 import com.bbn.cluster.ClusterGroupDefinition;
+import tak.server.util.ActiveProfiles;
 import com.bbn.marti.config.Auth;
 import com.bbn.marti.groups.value.FileAuthenticatorControl;
 import com.bbn.marti.remote.groups.AuthCallback;
@@ -44,8 +45,6 @@
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.groups.FileUserManagementInterface;
 import com.bbn.marti.remote.util.RemoteUtil;
-import com.bbn.marti.service.DistributedConfiguration;
-import com.bbn.marti.service.LocalConfiguration;
 import com.bbn.marti.util.MessageConversionUtil;
 import com.bbn.marti.xml.bindings.Role;
 import com.bbn.marti.xml.bindings.UserAuthenticationFile;
@@ -53,8 +52,10 @@
 import com.google.common.base.Strings;
 import com.google.common.collect.Sets;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.ignite.IgniteHolder;
+import tak.server.util.JAXBUtils;
 
 /**
  * Created on 9/10/15.
@@ -83,14 +84,14 @@ private FileAuthenticator() {
     		logger.debug("FileAuthenticator construct");
     	}
     	
-    	if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
+    	if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
     		CacheConfiguration<String, UserAuthenticationFile.User> cfg = new CacheConfiguration<>();
 			cfg.setName(Constants.USER_AUTH_CACHE_NAME);
 			cfg.setAtomicityMode(CacheAtomicityMode.TRANSACTIONAL);
 			userFileCache = IgniteHolder.getInstance().getIgnite().getOrCreateCache(cfg);
     	}
 
-        if (LocalConfiguration.getInstance().isMessagingProfileActive()) {
+        if (ActiveProfiles.getInstance().isMessagingProfileActive()) {
             initFile();
         }
     }
@@ -116,7 +117,7 @@ private void init() {
     	}
     	
     	// try to get the auth file from the messaging
-    	if (LocalConfiguration.getInstance().isApiProfileActive()) {
+    	if (ActiveProfiles.getInstance().isApiProfileActive()) {
     		try {
     			Ignite ignite = IgniteHolder.getInstance().getIgnite();
     			UserAuthenticationFile tempAuth = ignite
@@ -125,7 +126,9 @@ private void init() {
     				.getUserAuthenticationFile();
     			
     			if (tempAuth != null) {
-    				MessageConversionUtil.saveJAXifiedObject(DistributedConfiguration.getInstance().getAuth().getFile().getLocation(), tempAuth, true);
+    				JAXBUtils.saveJAXifiedObject(
+                            CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getFile().getLocation(),
+                            tempAuth, true);
     			}
    			} catch (Exception e) {
 				e.printStackTrace();
@@ -153,7 +156,7 @@ private void init() {
     }
     
     public synchronized void initFile() {
-    	Auth.File authFileConfig = DistributedConfiguration.getInstance().getAuth().getFile();
+    	Auth.File authFileConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getFile();
 
     	if (authFileConfig == null || Strings.isNullOrEmpty(authFileConfig.getLocation())) {
     		throw new IllegalArgumentException("null or empty authentication file config or uri");
@@ -164,7 +167,7 @@ public synchronized void initFile() {
     	UserAuthenticationFile tmpAuth;
 
     	try {
-    		tmpAuth = MessageConversionUtil.loadJAXifiedXML(authFileName,
+    		tmpAuth = JAXBUtils.loadJAXifiedXML(authFileName,
     				UserAuthenticationFile.class.getPackage().getName());
 
     	} catch (FileNotFoundException fnfe) {
@@ -616,7 +619,7 @@ public synchronized void saveChanges(FileAuthenticatorControl control) throws JA
     	}
     	
     	try {
-    		MessageConversionUtil.saveJAXifiedObject(authFileName, authFile, true);
+    		JAXBUtils.saveJAXifiedObject(authFileName, authFile, true);
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
     			logger.debug("exception saving auth file", e);
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/FileAuthenticatorAgent.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/FileAuthenticatorAgent.java
index 761a2f97..215e960c 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/FileAuthenticatorAgent.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/FileAuthenticatorAgent.java
@@ -7,11 +7,10 @@
 import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.context.event.EventListener;
 
+import tak.server.util.ActiveProfiles;
 import com.bbn.marti.groups.value.FileAuthenticatorControl;
-import com.bbn.marti.service.DistributedConfiguration;
-import com.bbn.marti.service.LocalConfiguration;
-import com.bbn.marti.util.MessageConversionUtil;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.ignite.IgniteHolder;
 
@@ -52,8 +51,8 @@ private void init() {
 						break;
 					}
 					
-					if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled() 
-							|| (IgniteHolder.getInstance().areTakserverIgnitesLocal() && LocalConfiguration.getInstance().isMessagingProfileActive())) {
+					if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()
+							|| (IgniteHolder.getInstance().areTakserverIgnitesLocal() && ActiveProfiles.getInstance().isMessagingProfileActive())) {
 						FileAuthenticator.getInstance().saveChanges(null);
 					} 
 				}
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/GroupFederationUtil.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/GroupFederationUtil.java
index a6cb85d6..58958e49 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/GroupFederationUtil.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/GroupFederationUtil.java
@@ -25,7 +25,12 @@
 import java.util.concurrent.ConcurrentSkipListSet;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.Collectors;
-
+import org.apache.ignite.IgniteCache;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.base.Splitter;
+import com.google.common.base.Strings;
+import com.google.common.collect.Multimap;
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -39,6 +44,7 @@
 import com.bbn.marti.config.Federation;
 import com.bbn.marti.config.Input;
 import com.bbn.marti.nio.channel.base.AbstractBroadcastingChannelHandler;
+import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.groups.AuthenticatedUser;
 import com.bbn.marti.remote.groups.ConnectionInfo;
 import com.bbn.marti.remote.groups.Direction;
@@ -48,26 +54,23 @@
 import com.bbn.marti.remote.groups.Reachability;
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.DateUtil;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.FederatedSubscriptionManager;
 import com.bbn.marti.service.SSLConfig;
 import com.bbn.marti.service.Subscription;
 import com.bbn.marti.service.SubscriptionManager;
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.util.MessageConversionUtil;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.base.Splitter;
-import com.google.common.base.Strings;
-import com.google.common.collect.Multimap;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 import mil.af.rl.rol.value.ResourceDetails;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 import tak.server.federation.FederateSubscription;
 import tak.server.federation.FigFederateSubscription;
 import tak.server.federation.MissionPackageAnnounce;
 import tak.server.federation.MissionPackageDestinations;
+import tak.server.ignite.cache.IgniteCacheHolder;
 
 /*
  * Utility class for groups and federation
@@ -171,12 +174,19 @@ public void trackLatestSA(Subscription subscription, CotEventContainer cot, bool
             throw new IllegalArgumentException("null subscription or cot");
         }
         
+        logger.debug("trackLatestSA called with sub: " + subscription.toString() + " and cot: " + cot.asXml());
+        
 		cot.setStored(true);
 
         if (cot.getUid() != null && subscription.clientUid != null && (force || cot.getUid().equals(subscription.clientUid))) {
-
+        	
             // save a defensive copy of this cot object
-            subscription.setLatestSA(cot.copy());      
+            subscription.setLatestSA(cot.copy());   
+            // Only utilize Ignite cache if running in clustered mode
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled() && subscription.getUser().getConnectionId() != null) {
+            	IgniteCacheHolder.getIgniteLatestSAConnectionUidCache().put(subscription.getUser().getConnectionId(), cot.asXml());
+            }
+            
         }
     }
     
@@ -424,7 +434,7 @@ public X509Certificate loadX509Cert(File caFile) throws CertificateException, IO
     
 	public MissionPackageAnnounce createPackageAnnounceCot(ResourceDetails dt) {
 		
-		final String baseUrl = DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getWebBaseUrl();
+		final String baseUrl = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getWebBaseUrl();
 
 		String localMpUrl = baseUrl + "/sync/content?hash=" + dt.getSha256();
 		
@@ -726,7 +736,7 @@ public void collectRemoteFederateGroups(Set<String> groups, Federation.Federate
 	public boolean isRemoteCASelfCA(X509Certificate remote) {
 		if (remote == null) return false;
 		try {
-			SSLConfig sslConfig = SSLConfig.getInstance(DistributedConfiguration.getInstance()
+			SSLConfig sslConfig = SSLConfig.getInstance(CoreConfigFacade.getInstance()
 					.getRemoteConfiguration()
 					.getFederation()
 					.getFederationServer()
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/LdapAuthenticator.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/LdapAuthenticator.java
index 842b6d1d..c0ff31f5 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/LdapAuthenticator.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/LdapAuthenticator.java
@@ -4,7 +4,14 @@
 
 import java.io.Serializable;
 import java.rmi.RemoteException;
-import java.util.*;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentSkipListSet;
 import java.util.concurrent.CopyOnWriteArrayList;
@@ -41,10 +48,11 @@
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.GroupNameExtractor;
-import com.bbn.marti.service.DistributedConfiguration;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.bbn.marti.xml.bindings.UserAuthenticationFile;
+
 import tak.server.cache.ActiveGroupCacheHelper;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 public class LdapAuthenticator extends AbstractAuthenticator implements Serializable {
 
@@ -67,6 +75,8 @@ public Auth.Ldap getConf() {
     // attributes to apply to the user object, which will return only attributes indicating group membership.
     private final String[] groupUserAttrs = {"memberOf", "ntUserWorkstations"};
     private final String[] distinguishedNameAttr = {"distinguishedName"};
+    private final String[] sAMAccountNameAttr = {"sAMAccountName"};
+    private final String[] uidAttr = {"uid"};
 
     private final boolean debug = false;
 
@@ -100,7 +110,7 @@ public static synchronized LdapAuthenticator getInstance() {
 
     public LdapAuthenticator(GroupManager groupManager, ActiveGroupCacheHelper activeGroupCacheHelper) throws NamingException, RemoteException {
         
-    	conf = DistributedConfiguration.getInstance().getAuth().getLdap();
+    	conf = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getLdap();
     	
     	if (groupManager == null) {
             throw new IllegalArgumentException("null groupManager");
@@ -453,8 +463,8 @@ private Map<String, String> getGroupInfoByDN(DirContext ctx, String userBindDn)
         		logger.debug("exception getting user info", e);
         	}
         } finally {
-            if(results != null) { try { results.close(); } catch(NamingException ne) {} }
-            if(c != null) { try { c.close(); } catch(NamingException ne) {} }
+            if (results != null) { try { results.close(); } catch(NamingException ne) {} }
+            if (c != null) { try { c.close(); } catch(NamingException ne) {} }
         }
 
         return groupAttrs;
@@ -491,7 +501,7 @@ public Map<String, String> getGroupInfoBySearch(DirContext ctx, String searchFil
         		logger.debug("exception getting user info", e);
         	}
         } finally {
-            if(results != null) { try { results.close(); } catch(NamingException ne) {} }
+            if (results != null) { try { results.close(); } catch(NamingException ne) {} }
         }
 
         return groupAttrs;
@@ -564,7 +574,7 @@ public Date getPasswordExpiration(DirContext ctx, String userId) {
         } catch (Exception e) {
             logger.error("exception in getPasswordExpiration!", e);
         } finally {
-            if(results != null) { try { results.close(); } catch(NamingException ne) {} }
+            if (results != null) { try { results.close(); } catch(NamingException ne) {} }
         }
 
         return null;
@@ -635,9 +645,11 @@ private String getDistinguishedName(DirContext ctx, String userId) throws Naming
             distinguishedName = groupAttrs.get("distinguishedName0");
 
         } finally {
-            if(results != null) { try { results.close(); } catch(NamingException ne) {} }
+            if (results != null) { try { results.close(); } catch(NamingException ne) {} }
         }
 
+        distinguishedName = distinguishedName.replace("\\", "\\\\");
+
         return distinguishedName;
     }
 
@@ -651,19 +663,34 @@ private String getUsernameByEmail(String email) throws NamingException {
             ctx = groupManager.connectLdap();
 
             SearchControls controls = new SearchControls();
-            String[] logonNameAttr = { "sAMAccountName" };
+            String[] logonNameAttr = null;
+
+            switch(getConf().getStyle()) {
+                case AD : {
+                    logonNameAttr = sAMAccountNameAttr;
+                    break;
+                }
+                case DS : {
+                    logonNameAttr = uidAttr;
+                    break;
+                }
+            }
+
             controls.setReturningAttributes(logonNameAttr);
 
             controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
             String filter = "(mail=" + email + ")";
-            results = ctx.search("", filter, controls);
+
+            String userBaseRDN = conf.getUserBaseRDN() != null ? conf.getUserBaseRDN() : "";
+            results = ctx.search(userBaseRDN, filter, controls);
 
             Map<String, String> groupAttrs = new ConcurrentHashMap<>();
             getGroupAttrs(results, groupAttrs);
-            return groupAttrs.get("sAMAccountName0");
+
+            return groupAttrs.get(logonNameAttr[0] + "0");
 
         } finally {
-            if(results != null) {
+            if (results != null) {
                 try {
                     results.close();
                 } catch(NamingException e) {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/LdapSSLSocketFactory.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/LdapSSLSocketFactory.java
index 9f8cb462..4f669085 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/LdapSSLSocketFactory.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/LdapSSLSocketFactory.java
@@ -1,7 +1,6 @@
 package com.bbn.marti.groups;
 
 import com.bbn.marti.config.Tls;
-import com.bbn.marti.service.DistributedConfiguration;
 import javax.net.SocketFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
@@ -12,9 +11,11 @@
 import java.net.InetAddress;
 import java.net.Socket;
 import java.security.KeyStore;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 public class LdapSSLSocketFactory extends SSLSocketFactory {
 
@@ -37,15 +38,16 @@ public LdapSSLSocketFactory() {
         super();
 
         try {
-            DistributedConfiguration config = DistributedConfiguration.getInstance();
-            if (config == null || config.getAuth() == null || config.getAuth().getLdap() == null) {
+            CoreConfigFacade config = CoreConfigFacade.getInstance();
+            if (config.getRemoteConfiguration() == null || config.getRemoteConfiguration().getAuth() == null ||
+                    config.getRemoteConfiguration().getAuth().getLdap() == null) {
                 logger.error("Can't find ldap element in CoreConfig!");
                 return;
             }
 
-            String truststore = config.getAuth().getLdap().getLdapsTruststore();
-            String truststoreFile = config.getAuth().getLdap().getLdapsTruststoreFile();
-            String truststorePass = config.getAuth().getLdap().getLdapsTruststorePass();
+            String truststore = config.getRemoteConfiguration().getAuth().getLdap().getLdapsTruststore();
+            String truststoreFile = config.getRemoteConfiguration().getAuth().getLdap().getLdapsTruststoreFile();
+            String truststorePass = config.getRemoteConfiguration().getAuth().getLdap().getLdapsTruststorePass();
 
             if (truststore == null || truststore.length() == 0 ||
                     truststoreFile == null || truststoreFile.length() == 0 ||
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/MessagingUtilImpl.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/MessagingUtilImpl.java
index cb2d6e68..a2c20ce0 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/MessagingUtilImpl.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/MessagingUtilImpl.java
@@ -1,5 +1,6 @@
 package com.bbn.marti.groups;
 
+import java.io.StringReader;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
@@ -15,7 +16,12 @@
 import java.util.concurrent.ConcurrentSkipListSet;
 import java.util.stream.Collectors;
 
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
 import com.google.common.collect.ImmutableSet;
+
+import org.dom4j.DocumentException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -24,6 +30,7 @@
 import com.bbn.cot.filter.StreamingEndpointRewriteFilter;
 import com.bbn.marti.feeds.DataFeedService;
 import com.bbn.marti.nio.channel.ChannelHandler;
+import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.groups.ConnectionInfo;
 import com.bbn.marti.remote.groups.Direction;
 import com.bbn.marti.remote.groups.Group;
@@ -32,20 +39,22 @@
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.service.BrokerService;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.FederatedSubscriptionManager;
 import com.bbn.marti.service.Subscription;
 import com.bbn.marti.service.SubscriptionManager;
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.sync.service.DistributedDataFeedCotService;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 import tak.server.federation.FederateSubscription;
 import tak.server.federation.FigFederateSubscription;
 import tak.server.federation.RemoteContactWithSA;
+import tak.server.ignite.cache.IgniteCacheHolder;
+import tak.server.messaging.MessageConverter;
 import tak.server.messaging.Messenger;
 
 public class MessagingUtilImpl implements MessagingUtil {
@@ -71,6 +80,9 @@ public class MessagingUtilImpl implements MessagingUtil {
 	@Autowired
 	private FlowTagFilter flowTagFilter;
 	
+	@Autowired
+	private MessageConverter messageConverter;
+
 	private static MessagingUtilImpl instance;
 	
 	public static MessagingUtilImpl getInstance() {
@@ -115,10 +127,6 @@ private void sendLatestSA(CotEventContainer sa, Subscription dest) {
 
 	@Override
 	public void sendLatestReachableSA(User destUser) {
-		// don't send latest SA if we're in vbm mode with sa sharing disabled
-//		if (DistributedConfiguration.getInstance().getRemoteConfiguration().getVbm().isEnabled() && 
-//				DistributedConfiguration.getInstance().getRemoteConfiguration().getVbm().isDisableSASharing()) return;
-
 		if (destUser == null || groupManager == null || subscriptionManager == null) {
 			throw new IllegalArgumentException("null user, GroupManager or SubscriptionManager");
 		}
@@ -140,12 +148,27 @@ public void sendLatestReachableSA(User destUser) {
 		
 		if (destSubscription instanceof FederateSubscription ) {
 			// make sure if we are sending to a federate, data feed federation is enabled
-			if (DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
+			if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
 				sendLatestFeedEventsToSub(destSubscription);
 			}
 		} else {
 			sendLatestFeedEventsToSub(destSubscription);
 		}
+		
+		// Check cluster configuration and if clustered use ignite cache for distributed SAs
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled() && destUser != null) {
+			String groupVector = IgniteCacheHolder.getIgniteUserOutboundGroupCache().get(destUser.getConnectionId());
+			Collection<String> SAs = IgniteCacheHolder.getAllLatestSAsForGroupVector(groupVector);
+			for (String SA : SAs) {
+				try {
+					CotEventContainer saEvent = new CotEventContainer(messageConverter.parseXml(SA));
+					sendLatestSA(saEvent, destSubscription);
+				} catch (DocumentException e){
+					logger.error("Error parsing SA to CoT", e);
+				}
+			}
+			return;
+		}
 
 		Reachability<User> r = new CommonGroupDirectedReachability(groupManager);
 
@@ -237,7 +260,7 @@ public void sendLatestReachableSA(User destUser) {
 	
 	private void sendLatestFeedEventsToSub(Subscription sub) {
 		try {
-			if (DistributedConfiguration.getInstance().getRemoteConfiguration().getVbm().isEnabled()) return;
+			if (CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled()) return;
 			
 			Set<Group> groups = groupManager.getGroups(sub.getUser());
 			groups = groups.stream().filter(g->g.getDirection() == Direction.OUT).collect(Collectors.toSet());
@@ -264,7 +287,7 @@ private void sendLatestFeedEventsToSub(Subscription sub) {
 	public List<CotEventContainer> getLatestSAForHandler(ChannelHandler handler) {
 		List<CotEventContainer> rval = new LinkedList<>();
 		try {
-			if(federatedSubscriptionManager.getRemoteContactsMapByChannelHandler(handler) == null)
+			if (federatedSubscriptionManager.getRemoteContactsMapByChannelHandler(handler) == null)
 				return rval;
 
 			for (RemoteContactWithSA rc : federatedSubscriptionManager.getRemoteContactsMapByChannelHandler(handler).values()) {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/OAuthAuthenticator.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/OAuthAuthenticator.java
index b8af63af..701bc043 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/OAuthAuthenticator.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/OAuthAuthenticator.java
@@ -2,11 +2,14 @@
 package com.bbn.marti.groups;
 
 import java.io.Serializable;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
 import java.util.concurrent.ConcurrentSkipListSet;
 import javax.naming.NamingException;
 
-import com.bbn.marti.config.Oauth;
 import com.google.common.base.Strings;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.JwtException;
@@ -14,19 +17,27 @@
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
 
 import com.bbn.marti.config.Auth;
+import com.bbn.marti.config.Oauth;
 import com.bbn.marti.jwt.JwtUtils;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.remote.exception.TakException;
-import com.bbn.marti.remote.groups.*;
-import com.bbn.marti.service.DistributedConfiguration;
+import com.bbn.marti.remote.groups.AuthCallback;
+import com.bbn.marti.remote.groups.AuthResult;
+import com.bbn.marti.remote.groups.AuthStatus;
+import com.bbn.marti.remote.groups.AuthenticatedUser;
+import com.bbn.marti.remote.groups.ConnectionType;
+import com.bbn.marti.remote.groups.Group;
+import com.bbn.marti.remote.groups.GroupManager;
+import com.bbn.marti.remote.groups.User;
+import com.bbn.marti.remote.groups.UserClassification;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
+import com.bbn.marti.service.DistributedSubscriptionManager;
 import com.bbn.marti.service.Resources;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
 import com.bbn.marti.xml.bindings.UserAuthenticationFile;
+import tak.server.cache.ActiveGroupCacheHelper;
 
 
 /*
@@ -39,9 +50,9 @@ public class OAuthAuthenticator extends AbstractAuthenticator implements Seriali
     private static final long serialVersionUID = -4317122669577006009L;
 
     private Logger logger = LoggerFactory.getLogger(OAuthAuthenticator.class);
-    private Oauth oauthConf = DistributedConfiguration.getInstance().getAuth().getOauth();
-    private Auth.Ldap ldapConf = DistributedConfiguration.getInstance().getAuth().getLdap();
-    private DefaultTokenServices defaultTokenServices;
+    private Oauth oauthConf = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getOauth();
+    private Auth.Ldap ldapConf = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getLdap();
+    private ActiveGroupCacheHelper activeGroupCacheHelper;
     private static OAuthAuthenticator instance;
     private String groupPrefix;
     private String readOnlyGroup;
@@ -50,9 +61,10 @@ public class OAuthAuthenticator extends AbstractAuthenticator implements Seriali
     private String groupsClaim;
 
 
-    public static synchronized OAuthAuthenticator getInstance(GroupManager groupManager) {
+    public static synchronized OAuthAuthenticator getInstance(
+            GroupManager groupManager, ActiveGroupCacheHelper activeGroupCacheHelper) {
         if (instance == null) {
-            instance = new OAuthAuthenticator(groupManager);
+            instance = new OAuthAuthenticator(groupManager, activeGroupCacheHelper);
         }
 
         return instance;
@@ -60,20 +72,21 @@ public static synchronized OAuthAuthenticator getInstance(GroupManager groupMana
 
     public static synchronized OAuthAuthenticator getInstance() {
         if (instance == null) {
-            instance = new OAuthAuthenticator(SpringContextBeanForApi.getSpringContext().getBean(GroupManager.class));
+            instance = new OAuthAuthenticator(
+                    SpringContextBeanForApi.getSpringContext().getBean(GroupManager.class),
+                    SpringContextBeanForApi.getSpringContext().getBean(ActiveGroupCacheHelper.class));
         }
 
         return instance;
     }
 
-    public OAuthAuthenticator(GroupManager groupManager) {
+    public OAuthAuthenticator(GroupManager groupManager, ActiveGroupCacheHelper activeGroupCacheHelper) {
 
         this.groupManager = groupManager;
+        this.activeGroupCacheHelper = activeGroupCacheHelper;
 
         groupManager.registerAuthenticator("oauth", this);
 
-        defaultTokenServices = SpringContextBeanForApi.getSpringContext().getBean(DefaultTokenServices.class);
-
         if (oauthConf != null) {
             groupPrefix = oauthConf.getGroupprefix().toLowerCase();
             readOnlyGroup = oauthConf.getReadOnlyGroup();
@@ -104,20 +117,20 @@ private AuthResult auth(User user) {
             String token = user.getName();
             Claims claims = JwtUtils.getInstance().parseClaims(token, SignatureAlgorithm.RS256);
             if (claims == null) {
-                throw new InvalidTokenException("Unable to parse claims from token : " + token);
+                token = user.getToken();
+                claims = JwtUtils.getInstance().parseClaims(token, SignatureAlgorithm.RS256);
+                if (claims == null) {
+                    throw new InvalidBearerTokenException("Unable to parse claims from token : " + token);
+                }
             }
 
-            String username = (String) claims.get("user_name");
-            if (username != null) {
-                // jwt's from takserver will contain the user_name claim.
-                // Ensure the token hasn't been revoked by checking the token store
-                OAuth2AccessToken oAuth2AccessToken = defaultTokenServices.readAccessToken(token);
-                if (oAuth2AccessToken == null || oAuth2AccessToken.isExpired()) {
-                    throw new OAuth2Exception("defaultTokenServices.readAccessToken failed!");
-                }
-            } else if (claims.get("email") != null) {
+            String username;
+            if (claims.get("email") != null) {
                 // For jwt's from keycloak, get the username from the email claim
                 username = (String) claims.get("email");
+            } else if (claims.get("sub") != null) {
+                // jwt's from takserver will contain the sub claim
+                username = (String) claims.get("sub");
             } else {
                 // For other trusted tokens, assign a random username if we don't have an attribute mapping
                 username = UUID.randomUUID().toString();
@@ -134,6 +147,7 @@ private AuthResult auth(User user) {
 
                 // make a new user object with the identifier from the file
                 user = new AuthenticatedUser(username, auser.getConnectionId(), auser.getAddress(), auser.getCert(), username, "", "", auser.getConnectionType()); // no password or uid
+                user.setToken(token);
             }
 
             // try to set groups based on the user_client_roles attribute
@@ -158,6 +172,8 @@ private AuthResult auth(User user) {
                 groupManager.setClassificationForUser(user, userClassification);
             }
 
+            boolean useGroupCache = oauthConf != null && oauthConf.isOauthUseGroupCache();
+
             if (groupNames != null) {
 
                 Set<String> groupNameSet = LdapAuthenticator.applyGroupPrefixFilter(
@@ -167,12 +183,27 @@ private AuthResult auth(User user) {
                 LdapAuthenticator.groupNamesToGroups(
                         groupManager, groupNameSet, groups, readOnlyGroup, readGroupSuffix, writeGroupSuffix);
 
-                // do the group updates based on this set of groups
-                groupManager.updateGroups(user, groups);
+                if (useGroupCache) {
+
+                    if (activeGroupCacheHelper.assignGroupsCheckCache(groups, user, username)) {
+                        // notify the user that their cache has been updated
+                        try {
+                            DistributedSubscriptionManager.getInstance().sendGroupsUpdatedMessage(username, null);
+                        } catch (Exception e) {
+                            if (logger.isDebugEnabled()) {
+                                logger.debug("exception calling sendGroupsUpdatedMessage!", e);
+                            }
+                        }
+                    }
+
+                } else {
+                    // do the group updates based on this set of groups
+                    groupManager.updateGroups(user, groups);
+                }
 
             } else {
 
-                String auth = DistributedConfiguration.getInstance().getRemoteConfiguration().getAuth().getDefault();
+                String auth = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getDefault();
                 if (auth.compareToIgnoreCase("file") == 0) {
 
                     for (UserAuthenticationFile.User fileUser : FileAuthenticator.getInstance().getAllUsers()) {
@@ -191,7 +222,26 @@ private AuthResult auth(User user) {
 
                             Set<Group> groups = FileAuthenticator.getGroups(fileUser);
 
-                            groupManager.updateGroups(user, groups);
+                            if (useGroupCache) {
+                                Set<Group> hydrated = new ConcurrentSkipListSet<>();
+                                for (Group group : groups) {
+                                    hydrated.add(groupManager.hydrateGroup(group));
+                                }
+
+                                if (activeGroupCacheHelper.assignGroupsCheckCache(hydrated, user, username)) {
+                                    // notify the user that their cache has been updated
+                                    try {
+                                        DistributedSubscriptionManager.getInstance().sendGroupsUpdatedMessage(username, null);
+                                    } catch (Exception e) {
+                                        if (logger.isDebugEnabled()) {
+                                            logger.debug("exception calling sendGroupsUpdatedMessage!", e);
+                                        }
+                                    }
+                                }
+
+                            } else {
+                                groupManager.updateGroups(user, groups);
+                            }
                         }
                     }
 
@@ -200,7 +250,7 @@ private AuthResult auth(User user) {
                     // Assign LDAP groups for this users based on LDAP lookup by username.
                     // if the LDAP authenticator is configured, use it to assign groups for the user, using the service credentials. Can be disabled by setting the x509groups option to false.
                     try {
-                        if (ldapConf != null && DistributedConfiguration.getInstance().getAuth().isX509Groups() && ldapConf.isX509Groups()) {
+                        if (ldapConf != null && CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509Groups() && ldapConf.isX509Groups()) {
 
                             try {
                                 if (logger.isDebugEnabled()) {
@@ -210,21 +260,37 @@ private AuthResult auth(User user) {
                                 Map<String, String> groupInfo = LdapAuthenticator.getInstance()
                                         .getGroupInfoBySearch(username);
 
-                                if (logger.isDebugEnabled()) {
-                                    logger.debug("group info for " + username + " : " + groupInfo);
-                                }
-
                                 boolean readOnly = false;
                                 if (!groupInfo.isEmpty()) {
-                                    readOnly = LdapAuthenticator.getInstance().assignGroups(groupInfo, user);
-                                }
-
-                                if (logger.isDebugEnabled()) {
-                                    logger.debug("X509 / LDAP group assignment complete for " + user.getId());
+                                    if (useGroupCache) {
+
+                                        // extract the set of group names from the ldap search results
+                                        Set<String> setGroupNames = LdapAuthenticator.getInstance().
+                                                getGroupNamesFromSearchResults(groupInfo);
+
+                                        // get a set of Group objects for the current ldap results
+                                        Set<Group> ldapGroups = new ConcurrentSkipListSet<>();
+                                        readOnly = LdapAuthenticator.getInstance().groupNamesToGroups(
+                                                setGroupNames, ldapGroups);
+
+                                        if (activeGroupCacheHelper.assignGroupsCheckCache(ldapGroups, user, username)) {
+                                            // notify the user that their cache has been updated
+                                            try {
+                                                DistributedSubscriptionManager.getInstance().sendGroupsUpdatedMessage(username, null);
+                                            } catch (Exception e) {
+                                                if (logger.isDebugEnabled()) {
+                                                    logger.debug("exception calling sendGroupsUpdatedMessage!", e);
+                                                }
+                                            }
+                                        }
+
+                                    } else {
+                                        readOnly = LdapAuthenticator.getInstance().assignGroups(groupInfo, user);
+                                    }
                                 }
 
                                 if (ldapConf.isX509AddAnonymous() &&
-                                        DistributedConfiguration.getInstance().getAuth().isX509AddAnonymous()) {
+                                        CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509AddAnonymous()) {
                                     doAnonAssignment(user, readOnly);
                                 }
 
@@ -238,33 +304,35 @@ private AuthResult auth(User user) {
                 }
             }
 
-            Oauth oauthConfig = DistributedConfiguration.getInstance().getAuth().getOauth();
-            if (oauthConfig != null && oauthConfig.isOauthAddAnonymous()) {
-                doAnonAssignment(user, false);
-            }
 
-            try {
-                if (groupManager.getGroups(user).isEmpty()) {
-                    String msg = "no groups assigned to user " + user + " doing anonymous assignment";
+            if (!useGroupCache) {
+                if (oauthConf != null && oauthConf.isOauthAddAnonymous()) {
+                    doAnonAssignment(user, false);
+                }
 
-                    if (logger.isDebugEnabled()) {
+                try {
+                    if (groupManager.getGroups(user).isEmpty()) {
+                        String msg = "no groups assigned to user " + user + " doing anonymous assignment";
 
-                        logger.debug(msg);
-                    }
+                        if (logger.isDebugEnabled()) {
 
-                    doAnonAssignment(user);
+                            logger.debug(msg);
+                        }
+
+                        doAnonAssignment(user);
+                    }
+                } catch (Exception e) {
+                    logger.debug("exception assigning anonymous groups for user " + user, e);
                 }
-            } catch (Exception e) {
-                logger.debug("exception assigning anonymous groups for user " + user, e);
             }
 
             AuthenticatorUtil.setUserRolesBasedOnRequestPort(user, logger);
-        } catch (OAuth2Exception oAuth2Exception) {
-            logger.error("rethrowing OAuth2Exception in OAuthAuthenticator!", oAuth2Exception);
-            throw oAuth2Exception;
+        } catch (InvalidBearerTokenException invalidBearerTokenException) {
+            logger.error("rethrowing InvalidBearerTokenException in OAuthAuthenticator!", invalidBearerTokenException);
+            throw invalidBearerTokenException;
         } catch (JwtException jwtException) {
             if (logger.isDebugEnabled()) {
-                logger.debug("rethrowing JwtException as InvalidTokenException!", jwtException);
+                logger.debug("rethrowing JwtException!", jwtException);
             }
             throw jwtException;
         } catch (Exception e) {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/PersistentGroupDao.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/PersistentGroupDao.java
index c8addd7b..453b6ee2 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/PersistentGroupDao.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/PersistentGroupDao.java
@@ -5,7 +5,7 @@
 import java.util.NavigableSet;
 import java.util.concurrent.ConcurrentSkipListSet;
 
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
 import javax.sql.DataSource;
 
 import org.jetbrains.annotations.NotNull;
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/groups/X509Authenticator.java b/src/takserver-core/src/main/java/com/bbn/marti/groups/X509Authenticator.java
index a1e4d653..3abfb89d 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/groups/X509Authenticator.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/groups/X509Authenticator.java
@@ -5,8 +5,6 @@
 import java.io.Serializable;
 import java.security.cert.CertificateParsingException;
 import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
@@ -16,11 +14,14 @@
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 
+import com.google.common.base.Strings;
+
 import io.jsonwebtoken.JwtException;
+
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
 
 import com.bbn.marti.config.Auth.Ldap;
 import com.bbn.marti.config.Input;
@@ -38,15 +39,13 @@
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.remote.util.X509UsernameExtractor;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.DistributedSubscriptionManager;
 import com.bbn.marti.service.Resources;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.bbn.marti.xml.bindings.UserAuthenticationFile;
 import com.bbn.tak.tls.TakCert;
 import com.bbn.tak.tls.repository.TakCertRepository;
-import com.google.common.base.Strings;
-import com.google.common.collect.Sets;
 
 import tak.server.cache.ActiveGroupCacheHelper;
 
@@ -68,9 +67,10 @@ public class X509Authenticator extends AbstractAuthenticator implements Serializ
 
     TakCertRepository takCertRepository;
 
-    Ldap ldapConf = DistributedConfiguration.getInstance().getAuth().getLdap();
+    Ldap ldapConf = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getLdap();
 
-    private final X509UsernameExtractor usernameExtractor = new X509UsernameExtractor(DistributedConfiguration.getInstance().getAuth().getDNUsernameExtractorRegex());
+    private final X509UsernameExtractor usernameExtractor = new X509UsernameExtractor(
+            CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getDNUsernameExtractorRegex());
     
 
     public static synchronized X509Authenticator getInstance() {
@@ -126,8 +126,8 @@ private User auth(User user, Input input) {
             String certFingerprint = RemoteUtil.getInstance().getCertSHA256Fingerprint(user.getCert());
 
         	TakCert cert = null;
-            if (DistributedConfiguration.getInstance().getAuth().isX509CheckRevocation() ||
-                DistributedConfiguration.getInstance().getAuth().isX509TokenAuth()) {
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509CheckRevocation() ||
+                    CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509TokenAuth()) {
                 cert = takCertRepository.findOneByHash(certFingerprint);
                 if (cert != null && cert.getRevocationDate() != null) {
                     throw new RevokedException("Attempt to use revoked certificate : " +
@@ -135,12 +135,12 @@ private User auth(User user, Input input) {
                 }
             }
 
-            if (DistributedConfiguration.getInstance().getAuth().isX509TokenAuth() &&
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509TokenAuth() &&
                     cert != null && cert.token != null && cert.token.length() > 0) {
                 user.setName(cert.token);
                 try {
                     groupManager.authenticate("oauth", user);
-                } catch (OAuth2Exception | JwtException e) {
+                } catch (InvalidBearerTokenException | JwtException e) {
                     if (logger.isDebugEnabled()) {
                         logger.debug("{} {} ", e.getMessage(), cert.token);
                     }
@@ -179,7 +179,7 @@ private User auth(User user, Input input) {
                 }
             }
 
-            switch (DistributedConfiguration.getInstance().getRemoteConfiguration().getAuth().getDefault().toLowerCase(Locale.ENGLISH)) {
+            switch (CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getDefault().toLowerCase(Locale.ENGLISH)) {
             case "file": 
             case "ldap":
 
@@ -189,11 +189,11 @@ private User auth(User user, Input input) {
 
                 // enable group cache if enabled by the admin in CoreConfig and the client certificate
                 // contains the channels ext key usage attribute (using Challenge Password OID)
-                if (DistributedConfiguration.getInstance().getAuth().isX509UseGroupCache()) {
+                if (CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509UseGroupCache()) {
                     try {
                         useGroupCache =
                                 user.getCert().getExtendedKeyUsage().contains("1.2.840.113549.1.9.7") ||
-                                !DistributedConfiguration.getInstance().getAuth().isX509UseGroupCacheRequiresExtKeyUsage();
+                                !CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509UseGroupCacheRequiresExtKeyUsage();
                     } catch (CertificateParsingException cpe) {
                         logger.error("exception getting cert's extendedKeyUsage", cpe);
                     }
@@ -224,7 +224,18 @@ private User auth(User user, Input input) {
                             for (Group group : groups) {
                                 hydrated.add(groupManager.hydrateGroup(group));
                             }
-                            assignGroupsCheckCache(hydrated, user, username);
+
+                            if (activeGroupCacheHelper.assignGroupsCheckCache(hydrated, user, username)) {
+                                // notify the user that their cache has been updated
+                                try {
+                                    DistributedSubscriptionManager.getInstance().sendGroupsUpdatedMessage(username, null);
+                                } catch (Exception e) {
+                                    if (logger.isDebugEnabled()) {
+                                        logger.debug("exception calling sendGroupsUpdatedMessage!", e);
+                                    }
+                                }
+                            }
+
                         } else {
                             groupManager.updateGroups(user, groups);
                         }
@@ -234,7 +245,7 @@ private User auth(User user, Input input) {
                 // Assign LDAP groups for this users based on LDAP lookup by username.
                 // if the LDAP authenticator is configured, use it to assign groups for the user, using the service credentials. Can be disabled by setting the x509groups option to false.
                 try {
-                    if (ldapConf != null && DistributedConfiguration.getInstance().getAuth().isX509Groups() && ldapConf.isX509Groups()) {
+                    if (ldapConf != null && CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509Groups() && ldapConf.isX509Groups()) {
 
                         try {
                             String cn = usernameExtractor.extractUsername(user.getCert());
@@ -297,7 +308,16 @@ private User auth(User user, Input input) {
                                     readOnly = LdapAuthenticator.getInstance().groupNamesToGroups(
                                             groupNames, ldapGroups);
 
-                                    assignGroupsCheckCache(ldapGroups, user, username);
+                                    if (activeGroupCacheHelper.assignGroupsCheckCache(ldapGroups, user, username)) {
+                                        // notify the user that their cache has been updated
+                                        try {
+                                            DistributedSubscriptionManager.getInstance().sendGroupsUpdatedMessage(username, null);
+                                        } catch (Exception e) {
+                                            if (logger.isDebugEnabled()) {
+                                                logger.debug("exception calling sendGroupsUpdatedMessage!", e);
+                                            }
+                                        }
+                                    }
 
                                 } else {
                                     readOnly = LdapAuthenticator.getInstance().assignGroups(
@@ -310,7 +330,7 @@ private User auth(User user, Input input) {
                             }
 
                             if (ldapConf.isX509AddAnonymous() &&
-                                    DistributedConfiguration.getInstance().getAuth().isX509AddAnonymous()) {
+                                    CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509AddAnonymous()) {
                             	doAnonAssignment(user, readOnly);
                             }
 
@@ -326,7 +346,7 @@ private User auth(User user, Input input) {
                     try {
                         if (groupManager.getGroups(user).isEmpty()) {
 
-                            if (DistributedConfiguration.getInstance().getAuth().isX509GroupsDefaultRDN()) {
+                            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509GroupsDefaultRDN()) {
                                 doRDNAssignment(user);
                             }
 
@@ -352,7 +372,7 @@ private User auth(User user, Input input) {
 
                 break;
             default:
-                throw new UnsupportedOperationException("default auth method " + DistributedConfiguration.getInstance().getRemoteConfiguration().getAuth().getDefault() + " not supported");
+                throw new UnsupportedOperationException("default auth method " + CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getDefault() + " not supported");
             }
         } catch (IllegalStateException e) {
 
@@ -405,69 +425,6 @@ private void doRDNAssignment(User user) {
         }
     }
 
-    public void assignGroupsCheckCache(Set<Group> groups, User user, String username) {
-
-        // check to see if we have any cache entries for the current username
-        List<Group> activeGroups = activeGroupCacheHelper.getActiveGroupsForUser(username);
-        if (activeGroups == null) {
-            activeGroups = new LinkedList<>();
-        }
-
-        // recreate as a full LinkedList to support delete (cant delete on list coming from cache)
-        activeGroups = new LinkedList<>(activeGroups);
-
-        // keep track of this user even if there are no groups
-        groupManager.addUser(user);
-
-        // find groups that need to get removed from the cache
-        Set<Group> cacheGroups = new ConcurrentSkipListSet<>(activeGroups);
-        Set<Group> removals = Sets.difference(cacheGroups, groups);
-        activeGroups.removeAll(removals);
-
-        // find groups that need to get added to the cache
-        Set<Group> adds = Sets.difference(groups, cacheGroups);
-        activeGroups.addAll(adds);
-
-        for (Group group : adds) {
-            group.setActive(false);
-        }
-
-        // if we only have one group, make sure its active
-        if (activeGroups.size() == 1) {
-            activeGroups.get(0).setActive(true);
-            // need to check case when size=2 for IN/OUT groups with same name
-        } else if (activeGroups.size() == 2 && activeGroups.get(0).getName().equals(activeGroups.get(1).getName())) {
-            activeGroups.get(0).setActive(true);
-            activeGroups.get(1).setActive(true);
-        }
-
-        // update the cache if required
-        if (adds.size() > 0 || removals.size() > 0) {
-            activeGroupCacheHelper.setActiveGroupsForUser(username, activeGroups);
-
-            // notify the user that their cache has been updated
-            try {
-                DistributedSubscriptionManager.getInstance().sendGroupsUpdatedMessage(username, null);
-            } catch (Exception e) {
-                if (logger.isDebugEnabled()) {
-                    logger.debug("exception calling sendGroupsUpdatedMessage!", e);
-                }
-            }
-        }
-
-        // remove any inactive cache entries prior to push the groups to the user
-        Iterator<Group> activeGroupIter = activeGroups.iterator();
-        while (activeGroupIter.hasNext()) {
-            Group activeGroup = activeGroupIter.next();
-            if (!activeGroup.getActive()) {
-                activeGroupIter.remove();
-            }
-        }
-
-        // do the group updates based on this set of groups
-        groupManager.updateGroups(user, new ConcurrentSkipListSet<>(activeGroups));
-    }
-
     // Using the superclass only for its thread pool
     @Override
     public void authenticateAsync(@NotNull final User user, @NotNull final AuthCallback cb) {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/injector/InjectionManager.java b/src/takserver-core/src/main/java/com/bbn/marti/injector/InjectionManager.java
index 191cbc42..e2268635 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/injector/InjectionManager.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/injector/InjectionManager.java
@@ -11,11 +11,11 @@
 import com.bbn.marti.groups.GroupFederationUtil;
 import com.bbn.marti.remote.RemoteSubscription;
 import com.bbn.marti.remote.injector.Injector;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.Resources;
 import com.bbn.marti.service.Subscription;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 
 /*
@@ -23,7 +23,7 @@
  */
 public class InjectionManager {
 
-    private final Filter config = DistributedConfiguration.getInstance().getRemoteConfiguration().getFilter();
+    private final Filter config = CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter();
 
     private static final Logger logger = LoggerFactory.getLogger(InjectionManager.class);
 
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/injector/UidCotTagInjector.java b/src/takserver-core/src/main/java/com/bbn/marti/injector/UidCotTagInjector.java
index 5a85fc93..d1efe15c 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/injector/UidCotTagInjector.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/injector/UidCotTagInjector.java
@@ -2,7 +2,11 @@
 
 import java.io.Serializable;
 import java.rmi.RemoteException;
-import java.util.*;
+import java.util.Collection;
+import java.util.Comparator;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
 
 import com.bbn.marti.config.Filter;
 import com.bbn.marti.config.Injectionfilter;
@@ -14,22 +18,21 @@
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.bbn.marti.config.Configuration;
 import com.bbn.marti.config.UidInject;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.RemoteSubscription;
 import com.bbn.marti.remote.exception.NotFoundException;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.injector.Injector;
 import com.bbn.marti.remote.injector.InjectorConfig;
 import com.bbn.marti.remote.util.ConcurrentMultiHashMap;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.google.common.base.Strings;
 import com.google.common.collect.ComparisonChain;
 import com.google.common.collect.Multimap;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 
 /*
@@ -44,9 +47,6 @@ public class UidCotTagInjector implements Injector<RemoteSubscription, CotEventC
 	    
     private final Multimap<String, Element> uidInjectStringMap;
 
-    @Autowired
-    private CoreConfig coreConfig;
-    
     public UidCotTagInjector() throws RemoteException {
         super();
         uidInjectStringMap = new ConcurrentMultiHashMap<>();
@@ -71,12 +71,12 @@ public boolean addInjector(UidInject uidInject) throws DocumentException {
 
     private void loadUidInjects() {
         try {
-            if (coreConfig == null) {
+            if (CoreConfigFacade.getInstance() == null) {
                 logger.error("coreConfig is null in loadUidInjects");
                 return;
             }
 
-            Configuration configuration = coreConfig.getRemoteConfiguration();
+            Configuration configuration = CoreConfigFacade.getInstance().getRemoteConfiguration();
             if (configuration == null
                     || configuration.getFilter() == null
                     || configuration.getFilter().getInjectionfilter() == null) {
@@ -97,15 +97,15 @@ private void loadUidInjects() {
     }
 
     protected void saveUidInject(UidInject uidInject) {
-        if (coreConfig == null) {
+        if (CoreConfigFacade.getInstance() == null) {
             logger.error("coreConfig is null in saveUidInject");
             return;
         }
 
-        Filter filter = coreConfig.getRemoteConfiguration().getFilter();
+        Filter filter = CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter();
         if (filter == null) {
             filter = new Filter();
-            coreConfig.getRemoteConfiguration().setFilter(filter);
+            CoreConfigFacade.getInstance().getRemoteConfiguration().setFilter(filter);
         }
 
         Injectionfilter injectionfilter = filter.getInjectionfilter();
@@ -117,16 +117,16 @@ protected void saveUidInject(UidInject uidInject) {
         injectionfilter.setEnable(true);
         injectionfilter.getUidInject().add(uidInject);
 
-        coreConfig.saveChangesAndUpdateCache();
+        CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
     }
 
     protected void deleteUidInject(String uid, String toInject) {
-        if (coreConfig == null) {
+        if (CoreConfigFacade.getInstance() == null) {
             logger.error("coreConfig is null in deleteUidInject");
             return;
         }
 
-        Filter filter = coreConfig.getRemoteConfiguration().getFilter();
+        Filter filter = CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter();
         if (filter == null) {
             return;
         }
@@ -145,7 +145,7 @@ protected void deleteUidInject(String uid, String toInject) {
             }
         }
 
-        coreConfig.saveChangesAndUpdateCache();
+        CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
     }
 
     private static UidCotTagInjector instance = null; 
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/channel/base/AbstractBroadcastingChannelHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/channel/base/AbstractBroadcastingChannelHandler.java
index 23bb894e..7a70967e 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/channel/base/AbstractBroadcastingChannelHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/channel/base/AbstractBroadcastingChannelHandler.java
@@ -311,7 +311,7 @@ public boolean equals(Object obj) {
 	
 	@Override
 	public String identityHash() {
-		return new Integer(System.identityHashCode(this)).toString();
+		return Integer.valueOf(System.identityHashCode(this)).toString();
 	}
     
     
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/AbstractAuthCodec.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/AbstractAuthCodec.java
index caaba1cb..eae255d3 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/AbstractAuthCodec.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/AbstractAuthCodec.java
@@ -6,9 +6,9 @@
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
 
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBException;
+import jakarta.xml.bind.Unmarshaller;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -31,15 +31,16 @@
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.SecureXmlParser;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.DistributedSubscriptionManager;
 import com.bbn.marti.service.Subscription;
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
 import com.bbn.marti.util.concurrent.future.AsyncFutures;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.google.common.base.Strings;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
+
 /**
  *         
  * Authentication and group assignment ByteCodec base class
@@ -47,7 +48,7 @@
  */
 public abstract class AbstractAuthCodec implements ByteCodec {
 	
-    protected boolean enableLatestSa = DistributedConfiguration.getInstance().getBuffer().getLatestSA().isEnable();
+    protected boolean enableLatestSa = CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getLatestSA().isEnable();
 
     // auth message buffer size (bytes)
     private static final int BUFFER_SIZE = 1024;
@@ -195,7 +196,7 @@ public synchronized ByteBuffer decode(ByteBuffer buffer) {
                     logger.debug("exception getting trimmed auth message", e);
                 }
             } else {
-                if(authMessageString.contains("<auth>") != true) {
+                if (authMessageString.contains("<auth>") != true) {
                     authStatus.set(AuthStatus.EXCEPTION);
                     ((ChannelHandler) connectionInfo.getHandler()).forceClose();
 
@@ -228,7 +229,7 @@ public synchronized ByteBuffer decode(ByteBuffer buffer) {
 
                     Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
                     Document doc = SecureXmlParser.makeDocument(authMessageStringOnly);
-                    if(doc != null) {
+                    if (doc != null) {
                         authMessage = (AuthMessage) unmarshaller.unmarshal(doc);
                     }
                 } catch (Exception e) {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/SslCodec.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/SslCodec.java
index 1cbd5a70..88bb01a8 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/SslCodec.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/SslCodec.java
@@ -21,6 +21,9 @@
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 
+import com.google.common.collect.ComparisonChain;
+import com.google.common.collect.Lists;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -38,7 +41,6 @@
 import com.bbn.marti.remote.ConnectionStatusValue;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.groups.ConnectionInfo;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.SSLConfig;
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.util.Assertion;
@@ -49,8 +51,8 @@
 import com.bbn.marti.util.concurrent.future.SettableAsyncFuture;
 import com.bbn.roger.fig.FederationUtils;
 
-import com.google.common.collect.ComparisonChain;
-import com.google.common.collect.Lists;
+import com.bbn.marti.remote.config.CoreConfigFacade;
+
 /**
 * An implementation of SSL over TCP, implemented at the application layer
 *
@@ -366,7 +368,7 @@ private List<ByteBuffer> doReads(ByteBuffer buf) {
 
 	        List<ByteBuffer> reads = new LinkedList<ByteBuffer>();
 			ByteBuffer incoming;
-			if(leftovers == null) {
+			if (leftovers == null) {
 				incoming = buf;
 			} else {
 				incoming = ByteUtils.concat(leftovers, buf);
@@ -383,7 +385,7 @@ private List<ByteBuffer> doReads(ByteBuffer buf) {
 	            } catch (Exception e) {
 	                //log.warn("Exception encountered in ssl codec -- read", spelunkToBottomOfExceptionChain(e));
 	                Exception root = spelunkToBottomOfExceptionChain(e);
-					if(root instanceof javax.crypto.BadPaddingException) {
+					if (root instanceof javax.crypto.BadPaddingException) {
 						leftovers = incoming;
 					} else {
 						trySetFederateDisabled(e);
@@ -692,7 +694,6 @@ private static Codec getCodecPair(final Tls tlsConfig) {
     private X509Certificate getPeerCert() throws SSLPeerUnverifiedException {
 
         java.security.cert.Certificate[] certs = sslEngine.getSession().getPeerCertificates();
-        javax.security.cert.X509Certificate[] certChain = sslEngine.getSession().getPeerCertificateChain();
 
         if (certs == null || certs.length == 0) {
             log.warn("no local client client certs available from SSLEngine");
@@ -707,7 +708,7 @@ private X509Certificate getPeerCert() throws SSLPeerUnverifiedException {
         // pick the first cert
 
         Certificate cert = certs[0];
-        if(certs.length > 1) {
+        if (certs.length > 1) {
 			connectionInfo.setCaCert((X509Certificate) certs[1]);
 		}
         // The SSLEngine (always?) produces certs as the "lightly" deprecated  javax.security.cert.X509Certificate type.  Convert these to the newer java.security.cert.X509Certificate type instead.
@@ -742,7 +743,7 @@ public int compareTo(SslCodec o) {
 
 	public Exception spelunkToBottomOfExceptionChain(Throwable e) {
 	    
-		if(e.getCause() != null) {
+		if (e.getCause() != null) {
 			return spelunkToBottomOfExceptionChain(e.getCause());
 		}
 		return (Exception) e;
@@ -773,7 +774,7 @@ private void trySetFederateDisabled(Exception e) {
 	        }
 	        
 	        // detect whether this is a federate based on which TLS config object is used
-	        if (tlsConfig.equals(DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getTls())) {
+	        if (tlsConfig.equals(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getTls())) {
 	            DistributedFederationManager fedManager = DistributedFederationManager.getInstance();
 
 	            List<FederationOutgoing> outgoings = fedManager.getOutgoingConnections(connectionInfo.getAddress(), connectionInfo.getPort());;
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/X509AuthCodec.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/X509AuthCodec.java
index 9792afac..82851758 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/X509AuthCodec.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/codec/impls/X509AuthCodec.java
@@ -7,6 +7,9 @@
 import java.util.Date;
 import java.util.List;
 
+import com.google.common.base.Strings;
+import com.google.common.collect.Lists;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -27,11 +30,10 @@
 import com.bbn.marti.remote.groups.ConnectionInfo;
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.X509UsernameExtractor;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.util.concurrent.executor.OrderedExecutor;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
-import com.google.common.base.Strings;
-import com.google.common.collect.Lists;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 /**
  *
@@ -42,7 +44,8 @@ public class X509AuthCodec extends AbstractAuthCodec implements ByteCodec {
 
     private static final Logger logger = LoggerFactory.getLogger(X509AuthCodec.class);
 
-    private final X509UsernameExtractor usernameExtractor = new X509UsernameExtractor(DistributedConfiguration.getInstance().getAuth().getDNUsernameExtractorRegex());
+    private final X509UsernameExtractor usernameExtractor = new X509UsernameExtractor(
+            CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getDNUsernameExtractorRegex());
 
     private long lastAuthTime = -1L;
     private long updateIntervalMilliseconds = -1L;
@@ -181,12 +184,13 @@ private synchronized long getUpdateIntervalMilliseconds() {
             return updateIntervalMilliseconds;
         }
 
-        if (DistributedConfiguration.getInstance() != null &&
-            DistributedConfiguration.getInstance().getAuth() != null &&
-            DistributedConfiguration.getInstance().getAuth().getLdap() != null &&
-            DistributedConfiguration.getInstance().getAuth().getLdap().getUpdateinterval() != null) {
+        if (CoreConfigFacade.getInstance() != null &&
+                CoreConfigFacade.getInstance().getRemoteConfiguration() != null &&
+                CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth() != null &&
+                CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getLdap() != null &&
+                CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getLdap().getUpdateinterval() != null) {
             updateIntervalMilliseconds =
-                    DistributedConfiguration.getInstance().getAuth().getLdap().getUpdateinterval() * 1000;
+                    CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getLdap().getUpdateinterval() * 1000;
         } else {
             updateIntervalMilliseconds = updateIntervalMillisecondsDefault;
         }
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/grpc/NioGrpcChannelHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/grpc/NioGrpcChannelHandler.java
index ab4a3e52..2b59ef4f 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/grpc/NioGrpcChannelHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/grpc/NioGrpcChannelHandler.java
@@ -68,7 +68,7 @@ public void channelActive(ChannelHandlerContext ctx) {
     @Override
     protected void createConnectionInfo() {
         connectionInfo = new ConnectionInfo();
-        connectionInfo.setConnectionId(IgniteHolder.getInstance().getIgniteStringId() + new Integer(stream.hashCode()).toString());
+        connectionInfo.setConnectionId(IgniteHolder.getInstance().getIgniteStringId() + Integer.valueOf(stream.hashCode()).toString());
         connectionInfo.setAddress(remoteSocketAddress.getHostString());
         connectionInfo.setPort(remoteSocketAddress.getPort());
         connectionInfo.setTls(true);
@@ -88,17 +88,20 @@ public void channelUnregistered(ChannelHandlerContext ctx) {
 
     }
     
-    private void setReader() {
+    @Override
+    protected void setReader() {
         reader = (msg) -> {};
     }
     
-    private void setWriter() {
+    @Override
+    protected void setWriter() {
         writer = (data) -> {
         	stream.onNext(StreamingProtoBufHelper.cot2protoBuf(data));
         };
     }
     
-    private void setNegotiator() {
+    @Override
+    protected void setNegotiator() {
         negotiator = () -> {};
     }
     
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/NioNettyBuilder.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/NioNettyBuilder.java
index 70f51ab4..ae9b45f5 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/NioNettyBuilder.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/NioNettyBuilder.java
@@ -5,13 +5,12 @@
 import java.net.InetSocketAddress;
 import java.net.NetworkInterface;
 import java.net.UnknownHostException;
-import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.ConcurrentHashMap;
 
-import javax.annotation.PreDestroy;
+import jakarta.annotation.PreDestroy;
 
 import org.apache.log4j.Logger;
 
@@ -23,18 +22,19 @@
 import com.bbn.marti.nio.netty.handlers.NioNettyTcpStaticSubHandler;
 import com.bbn.marti.nio.netty.handlers.NioNettyUdpHandler;
 import com.bbn.marti.nio.netty.initializers.NioNettyInitializer;
+import com.bbn.marti.nio.quic.QuicStreamingServer;
 import com.bbn.marti.remote.ConnectionStatus;
 import com.bbn.marti.remote.ConnectionStatusValue;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.remote.groups.User;
-import com.bbn.marti.service.DistributedConfiguration;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.bbn.marti.service.Resources;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
 
 import io.micrometer.core.lang.NonNull;
 import io.netty.bootstrap.Bootstrap;
-import io.netty.channel.ChannelFactory;
 import io.netty.bootstrap.ServerBootstrap;
 import io.netty.buffer.PooledByteBufAllocator;
+import io.netty.channel.ChannelFactory;
 import io.netty.channel.ChannelFuture;
 import io.netty.channel.ChannelOption;
 import io.netty.channel.EventLoopGroup;
@@ -69,10 +69,10 @@ public class NioNettyBuilder implements Serializable {
 	private EventLoopGroup udpBossGroup;
 	private EventLoopGroup workerGroup;
 	private EventLoopGroup bossGroup;
-	private final DistributedConfiguration config = DistributedConfiguration.getInstance();
-	private final FederationServer federationServer = config.getRemoteConfiguration().getFederation().getFederationServer();
+	private final FederationServer federationServer = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer();
 	private final Map<Integer, ChannelFuture> portToNettyServer = new ConcurrentHashMap<>();
 	private final Map<Integer, GrpcStreamingServer> portToGrpcServer = new ConcurrentHashMap<>();
+	private final Map<Integer, QuicStreamingServer> portToQuicServer = new ConcurrentHashMap<>();
 	private final Map<Integer, Input> portToInput = new ConcurrentHashMap<>();
 
 	private static NioNettyBuilder instance = null;
@@ -90,7 +90,7 @@ public static synchronized NioNettyBuilder getInstance() {
 	}
 	
 	public NioNettyBuilder() {
-		isEpoll = Epoll.isAvailable() && DistributedConfiguration.getInstance().getRemoteConfiguration().getNetwork().isUseLinuxEpoll();
+		isEpoll = Epoll.isAvailable() && CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isUseLinuxEpoll();
 		
 		int baselineHighMark = 4096;
 		int baselineMaxOptimalMessagesPerMinute = 250;
@@ -202,20 +202,29 @@ public void buildStcpServer(@NonNull Input input) {
 	}
 
 	public void buildTlsServer(@NonNull Input input) {
-		startServer(NioNettyInitializer.Pipeline.initializer.tlsServer(input, config.getSecurity().getTls()), input.getPort());
+		startServer(NioNettyInitializer.Pipeline.initializer.tlsServer(input, CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity().getTls()), input.getPort());
 	}
 	
 	public void buildGrpcServer(@NonNull Input input) {
 		WriteBufferWaterMark waterMark = new WriteBufferWaterMark(lowMark, highMark);
-		SslContext sslContext = NioNettyInitializer.Pipeline.initializer.grpcServer(input, config.getSecurity().getTls()).getSslContext();
+		SslContext sslContext = NioNettyInitializer.Pipeline.initializer.grpcServer(input,
+				CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity().getTls()).getSslContext();
 		GrpcStreamingServer grpcStreamingServer = new GrpcStreamingServer();
 		grpcStreamingServer.start(input, waterMark, sslContext);
 		portToGrpcServer.put(input.getPort(), grpcStreamingServer);
 	}
+	
+	public void buildQuicServer(@NonNull Input input) {
+		QuicStreamingServer quicServer = new QuicStreamingServer(input, highMark);
+		quicServer.start();
+		portToQuicServer.put(input.getPort(), quicServer);
+		portToInput.put(input.getPort(), input);
+	}
 
 	public void stopServer(int port) {
 		Optional.ofNullable(portToNettyServer.get(port)).ifPresent(future -> future.channel().close());
 		Optional.ofNullable(portToGrpcServer.get(port)).ifPresent(grpcServer -> grpcServer.stop());
+		Optional.ofNullable(portToQuicServer.get(port)).ifPresent(quicServer -> quicServer.stop());
 		portToInput.remove(port);
 		portToGrpcServer.remove(port);
 	}
@@ -253,7 +262,7 @@ public void buildFederationClient(FederationOutgoing outgoing, ConnectionStatus
 		startClient(NioNettyInitializer.Pipeline.initializer.federationClient(federationServer, outgoing, status),
 				new InetSocketAddress(InetAddress.getByName(outgoing.getAddress()), outgoing.getPort()),
 				(e) -> {
-					if(status.getConnectionStatusValue() != ConnectionStatusValue.RETRY_SCHEDULED) {
+					if (status.getConnectionStatusValue() != ConnectionStatusValue.RETRY_SCHEDULED) {
 						DistributedFederationManager.getInstance().checkAndSetReconnectStatus(outgoing, e.getMessage());
 					}
 				});
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyFederationClientHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyFederationClientHandler.java
index ff41afb5..2d45953a 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyFederationClientHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyFederationClientHandler.java
@@ -50,7 +50,7 @@ public void channelActive(ChannelHandlerContext ctx) {
 				.addListener(new GenericFutureListener<Future<Channel>>() {
 					@Override
 					public void operationComplete(Future<Channel> future) throws Exception {
-						if(future.isSuccess()) {
+						if (future.isSuccess()) {
 							nettyContext = ctx;	
 							remoteSocketAddress = (InetSocketAddress) ctx.channel().remoteAddress();
 							localSocketAddress = (InetSocketAddress) ctx.channel().localAddress();
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyFederationServerHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyFederationServerHandler.java
index 4217a6d8..7a1bff38 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyFederationServerHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyFederationServerHandler.java
@@ -48,7 +48,7 @@ public void channelActive(ChannelHandlerContext ctx) {
 				.addListener(new GenericFutureListener<Future<Channel>>() {
 					@Override
 					public void operationComplete(Future<Channel> future) throws Exception {
-						if(future.isSuccess()) {							
+						if (future.isSuccess()) {							
 							remoteSocketAddress = (InetSocketAddress) ctx.channel().remoteAddress();
 							localSocketAddress = (InetSocketAddress) ctx.channel().localAddress();
 							nettyContext = ctx;				
@@ -188,7 +188,7 @@ protected void setReader() {
 
 	@Override
 	public void channelUnregistered(ChannelHandlerContext ctx) {
-		if(connectionInfo != null && channelHandler != null && alreadyClosed.compareAndSet(false, true) == true) {
+		if (connectionInfo != null && channelHandler != null && alreadyClosed.compareAndSet(false, true) == true) {
 			messagingUtil().processFederateClose(connectionInfo, channelHandler, SubscriptionStore.getInstance().getByHandler(channelHandler));
 		}
 		ctx.close();
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyHandlerBase.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyHandlerBase.java
index ffcec3ec..70483995 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyHandlerBase.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyHandlerBase.java
@@ -20,6 +20,13 @@
 
 import javax.net.ssl.SSLPeerUnverifiedException;
 
+import com.google.common.base.Strings;
+
+import io.micrometer.core.instrument.Metrics;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.SimpleChannelInboundHandler;
+import io.netty.handler.ssl.SslHandler;
+
 import org.apache.log4j.Logger;
 
 import com.bbn.marti.config.DataFeed;
@@ -40,7 +47,6 @@
 import com.bbn.marti.remote.InputMetric;
 import com.bbn.marti.remote.groups.ConnectionInfo;
 import com.bbn.marti.remote.groups.GroupManager;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.DistributedSubscriptionManager;
 import com.bbn.marti.service.Resources;
 import com.bbn.marti.service.SubmissionService;
@@ -48,13 +54,9 @@
 import com.bbn.marti.service.TransportCotEvent;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import com.google.common.base.Strings;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
-import io.micrometer.core.instrument.Metrics;
-import io.netty.channel.ChannelHandlerContext;
-import io.netty.channel.SimpleChannelInboundHandler;
-import io.netty.handler.ssl.SslHandler;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cot.CotEventContainer;
 import tak.server.cot.CotParser;
@@ -117,8 +119,8 @@ protected MessagingUtilImpl messagingUtil() {
 		return MessagingUtilImpl.getInstance();
 	}
 	
-	protected DistributedConfiguration config() {
-		return DistributedConfiguration.getInstance();
+	protected CoreConfigFacade config() {
+		return CoreConfigFacade.getInstance();
 	}
 	
 	private ThreadLocal<CotParser> cotParser = new ThreadLocal<>();
@@ -403,7 +405,7 @@ protected X509Certificate getCertFromSslChain(int index) {
 			SslHandler sslhandler = (SslHandler) nettyContext.channel().pipeline().get("ssl");
 			cert = (X509Certificate) sslhandler.engine().getSession().getPeerCertificates()[index];
 		} catch (SSLPeerUnverifiedException e) {
-			if(log.isDebugEnabled()) {
+			if (log.isDebugEnabled()) {
 				log.debug("Could not get cert at from chain at index " + index, e);
 			}
 		}
@@ -462,7 +464,7 @@ protected void createWebsocketSubscription(UUID websocketApiNode) {
 
 	public Exception spelunkToBottomOfExceptionChain(Throwable e) {
 
-		if(e.getCause() != null) {
+		if (e.getCause() != null) {
 			return spelunkToBottomOfExceptionChain(e.getCause());
 		}
 		return (Exception) e;
@@ -581,7 +583,7 @@ protected void setupFlushHandler() {
 				lastMessageCountResetTime.set(curtime);
 			}
 
-		}, 0, config().getBuffer().getQueue().getFlushInterval(), TimeUnit.MILLISECONDS);
+		}, 0, config().getRemoteConfiguration().getBuffer().getQueue().getFlushInterval(), TimeUnit.MILLISECONDS);
 	}
 
 	@Override
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyStcpServerHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyStcpServerHandler.java
index 04f95338..7fbe49f3 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyStcpServerHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyStcpServerHandler.java
@@ -68,7 +68,7 @@ protected void createConnectionInfo() {
 	
 	@Override
 	public void channelUnregistered(ChannelHandlerContext ctx) {
-		if(channelHandler != null) {			
+		if (channelHandler != null) {			
 			submissionService().handleChannelDisconnect(channelHandler);
 			protocolListeners.forEach(listener -> listener.onOutboundClose(channelHandler, protocol));
 		}
@@ -93,7 +93,7 @@ protected void setReader() {
 				msgBuf = authCodec.decode(msgBuf);
 			}
 			
-			if(msgBuf == null || msgBuf.remaining() == 0) return;
+			if (msgBuf == null || msgBuf.remaining() == 0) return;
 			
 			StreamingCotProtocol
 				.add(builder, Charsets.UTF_8.decode(msgBuf), cotParser(), channelHandler)
@@ -143,7 +143,7 @@ protected void createAuthenticationCodecs() {
 			authCodec = new LdapAuthCodec(createAdaptedNettyPipelineContext());
 		 	authCodec.setConnectionInfo(connectionInfo);
 			authCodec.onConnect();
-		} else if(authenticationType == AuthType.ANONYMOUS) {
+		} else if (authenticationType == AuthType.ANONYMOUS) {
 			authCodec = new AnonymousAuthCodec(createAdaptedNettyPipelineContext(), input);
 			authCodec.setConnectionInfo(connectionInfo);
 			authCodec.onConnect();
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyStcpStaticSubHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyStcpStaticSubHandler.java
index ea27dbc3..ac52f301 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyStcpStaticSubHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyStcpStaticSubHandler.java
@@ -138,7 +138,7 @@ public void channelUnregistered(ChannelHandlerContext ctx) {
 			}
 		}
 
-		if(channelHandler != null) {
+		if (channelHandler != null) {
 			submissionService().handleChannelDisconnect(channelHandler);
 			protocolListeners.forEach(listener -> listener.onOutboundClose(channelHandler, protocol));
 		}
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyTlsServerHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyTlsServerHandler.java
index 14d122a0..73fcb709 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyTlsServerHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyTlsServerHandler.java
@@ -4,6 +4,7 @@
 import java.nio.ByteBuffer;
 import java.time.Duration;
 import java.util.UUID;
+import java.util.concurrent.ExecutorService;
 import java.util.concurrent.RejectedExecutionException;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.atomic.AtomicBoolean;
@@ -71,6 +72,13 @@ public class NioNettyTlsServerHandler extends NioNettyHandlerBase {
 	protected Counter watermarkSkipCounter = null;
 	protected Counter readCounter = null;
 	protected Counter queueFullCounter = null;
+
+	private ThreadLocal<ExecutorService> readParseProcessor =
+			new ThreadLocal<ExecutorService>() {
+				@Override public ExecutorService initialValue() {
+					return Resources.newExecutorService("readParseProcessor", 1, 1);
+				}
+			};
 	
 	public NioNettyTlsServerHandler(Input input) {
 		this.input = input;
@@ -144,44 +152,61 @@ protected void createConnectionInfo() {
 
 	@Override
 	public void channelUnregistered(ChannelHandlerContext ctx) {
-		if (connectionInfo != null) {
-			if (connectionInfo.getConnectionId() != null) {
-				AtomicBoolean cancelFlag = GroupFederationUtil.getInstance().updateCancelMap.get(connectionInfo.getConnectionId());
+		try {
+			if (connectionInfo != null) {
+				if (connectionInfo.getConnectionId() != null) {
+					AtomicBoolean cancelFlag = GroupFederationUtil.getInstance().updateCancelMap.get(connectionInfo.getConnectionId());
 
-				if (cancelFlag != null) {
-					cancelFlag.set(true);
+					if (cancelFlag != null) {
+						cancelFlag.set(true);
+					}
 				}
 			}
+		} catch (Exception e) {
+			log.error("exception resetting cancel flag", e);
 		}
 
-		if(channelHandler != null) {
-			submissionService().handleChannelDisconnect(channelHandler);
-			protocolListeners.forEach(listener -> listener.onOutboundClose(channelHandler, protocol));
+		try {
+			if (channelHandler != null) {
+				submissionService().handleChannelDisconnect(channelHandler);
+				protocolListeners.forEach(listener -> listener.onOutboundClose(channelHandler, protocol));
+			}
+		} catch (Exception e) {
+			log.error("exception handling the channel disconnect", e);
 		}
-		
-		if (authCodec != null) {
-			authCodec.onInboundClose();
-			authCodec.onOutboundClose();
+
+		try {
+			if (authCodec != null) {
+				authCodec.onInboundClose();
+				authCodec.onOutboundClose();
+			}
+		} catch (Exception e) {
+			log.error("exception closing authCodec", e);
 		}
 
-		if (ctx != null) {
-			ctx.close();
+		try {
+			if (ctx != null) {
+				ctx.close();
+			}
+		} catch (Exception e) {
+			log.error("exception closing context", e);
 		}
-		
+
 		super.channelUnregistered(ctx);
 	}
 
-	private void setReader() {
+	protected void setReader() {
 		reader = (msgBytes) -> {
 			try {				
-				Resources.readParseProcessor.execute(() -> {
+				readParseProcessor.get().execute(() -> {
 					
 					readCounter.increment();
 
 					ByteBuffer msgBuf = authCodec.decode(ByteBuffer.wrap(msgBytes));
 
-					if (msgBuf == null || msgBuf.remaining() == 0)
+					if (msgBuf == null || msgBuf.remaining() == 0) {
 						return;
+					}
 
 					if (protobufSupported.get()) {
 						convertAndSubmitProtoBufBytesAsCot(msgBuf);
@@ -197,7 +222,7 @@ private void setReader() {
 		};
 	}
 	
-	private void setWriter() {
+	protected void setWriter() {
 		writer = (data) -> {
 			try {
 				if (nettyContext.channel().isWritable()) {				
@@ -258,7 +283,7 @@ private void setWriter() {
 	}
 
 
-	private void setNegotiator() {
+	protected void setNegotiator() {
 		negotiator = () -> {
 			// we only need to negotiate cot proto tls inputs 			
 			if (transport == TransportCotEvent.COTPROTOTLS) {
@@ -422,7 +447,7 @@ protected void createAuthenticationCodecs() {
 			authCodec = new X509AuthCodec(createAdaptedNettyPipelineContext());
 			authCodec.setConnectionInfo(connectionInfo);
 			authCodec.onConnect();
-		} else if(authenticationType == AuthType.ANONYMOUS) {
+		} else if (authenticationType == AuthType.ANONYMOUS) {
 			authCodec = new AnonymousAuthCodec(createAdaptedNettyPipelineContext(), input);
 			authCodec.setConnectionInfo(connectionInfo);
 			authCodec.onConnect();
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyUdpHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyUdpHandler.java
index d8dbaa35..f003e860 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyUdpHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/handlers/NioNettyUdpHandler.java
@@ -6,6 +6,14 @@
 import java.util.concurrent.ConcurrentLinkedQueue;
 import java.util.concurrent.atomic.AtomicBoolean;
 
+import com.google.common.base.Strings;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.socket.DatagramPacket;
+import io.netty.handler.codec.MessageToMessageDecoder;
+import io.netty.util.CharsetUtil;
+
 import org.apache.log4j.Logger;
 import org.dom4j.Document;
 
@@ -24,20 +32,13 @@
 import com.bbn.marti.remote.InputMetric;
 import com.bbn.marti.remote.groups.ConnectionInfo;
 import com.bbn.marti.remote.groups.GroupManager;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.DistributedSubscriptionManager;
 import com.bbn.marti.service.SubmissionService;
 import com.bbn.marti.service.TransportCotEvent;
 import com.bbn.marti.util.MessageConversionUtil;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
-import com.google.common.base.Strings;
 
-import io.netty.buffer.ByteBuf;
-import io.netty.channel.ChannelHandlerContext;
-import io.netty.channel.socket.DatagramPacket;
-import io.netty.handler.codec.MessageToMessageDecoder;
-import io.netty.util.CharsetUtil;
 import tak.server.cot.CotEventContainer;
 import tak.server.cot.CotParser;
 import tak.server.federation.DistributedFederationManager;
@@ -46,7 +47,6 @@
 public class NioNettyUdpHandler extends MessageToMessageDecoder<DatagramPacket> {
 	private final static Logger log = Logger.getLogger(NioNettyUdpHandler.class);
 	protected MessagingUtilImpl messagingUtil;
-	protected DistributedConfiguration config;
 	protected Protocol<CotEventContainer> protocol;
 	protected volatile CotParser parser;
 	protected Input input;
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/initializers/NioNettyInitializer.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/initializers/NioNettyInitializer.java
index 0b74b204..6414d898 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/initializers/NioNettyInitializer.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/netty/initializers/NioNettyInitializer.java
@@ -9,6 +9,8 @@
 import javax.net.ssl.SSLException;
 import javax.net.ssl.TrustManagerFactory;
 
+import io.netty.incubator.codec.quic.QuicSslContext;
+import io.netty.incubator.codec.quic.QuicSslContextBuilder;
 import org.apache.log4j.Logger;
 
 import com.bbn.marti.config.Federation.FederationOutgoing;
@@ -40,6 +42,7 @@
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslHandler;
 import io.netty.handler.ssl.SslProvider;
+import org.springframework.boot.web.server.Ssl;
 import tak.server.cot.CotEventContainer;
 
 /*
@@ -221,6 +224,15 @@ public NioNettyInitializer grpcServer(Input input, Tls tls) {
 				protected void initChannel(SocketChannel ch) throws Exception {}
 			};
 		}
+
+		public NioNettyInitializer quicServer(Input input, Tls tls) {
+			return new NioNettyInitializer() {
+				SslContext sslContext = buildQuicServerSslContext(input, tls);
+
+				@Override
+				protected void initChannel(SocketChannel channel) throws Exception {}
+			};
+		}
 	}
 	
 	public Input getInput() {
@@ -298,6 +310,24 @@ protected SslContext buildGrpcServerSslContext(Input input, Tls tls) {
         return sslContext;
 	}
 
+	protected SslContext buildQuicServerSslContext(Input input, Tls tls) {
+		try {
+			initTrust(tls);
+		} catch (Exception e) {
+			if (log.isDebugEnabled()) {
+				log.debug("Could not init trust ", e);
+			}
+		}
+
+		sslContext =  QuicSslContextBuilder.forServer(keyMgrFactory, tls.getKeystorePass())
+				.trustManager(trustMgrFactory)
+				.clientAuth(ClientAuth.REQUIRE)
+				.applicationProtocols("takstream")
+				.earlyData(true)
+				.build();
+
+		return sslContext;
+	}
 	
 	private void initTrust(Tls tls) throws Exception {
 		String keyManager = tls.getKeymanager();
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/protocol/connections/StreamingProtoBufProtocol.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/protocol/connections/StreamingProtoBufProtocol.java
index fe7d91b9..4cdd6edb 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/protocol/connections/StreamingProtoBufProtocol.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/protocol/connections/StreamingProtoBufProtocol.java
@@ -4,27 +4,27 @@
 import java.nio.Buffer;
 import java.nio.ByteBuffer;
 
+import com.google.protobuf.CodedOutputStream;
 import com.google.protobuf.GeneratedMessageV3;
-import org.apache.log4j.Logger;
+
+import io.micrometer.core.instrument.Metrics;
+
 import org.dom4j.Document;
 import org.dom4j.io.SAXReader;
+import org.apache.log4j.Logger;
+
+import atakmap.commoncommo.protobuf.v1.Takmessage.TakMessage;
 
 import com.bbn.marti.config.Network;
 import com.bbn.marti.nio.channel.ChannelHandler;
-import com.bbn.marti.nio.channel.connections.TcpChannelHandler;
 import com.bbn.marti.nio.protocol.ProtocolInstantiator;
 import com.bbn.marti.nio.protocol.base.AbstractBroadcastingProtocol;
-import com.bbn.marti.nio.util.ConnectionState;
 import com.bbn.marti.remote.groups.AuthenticatedUser;
-import com.bbn.marti.remote.groups.ConnectionInfo;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.util.Assertion;
 import com.bbn.marti.util.CommonUtil;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
-import com.google.protobuf.CodedOutputStream;
 
-import atakmap.commoncommo.protobuf.v1.Takmessage.TakMessage;
-import io.micrometer.core.instrument.Metrics;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cot.CotEventContainer;
 import tak.server.proto.StreamingProtoBufHelper;
@@ -158,7 +158,7 @@ public void onDataReceived(ByteBuffer buffer, ChannelHandler handler) {
     private static TakMessage createFileTransferRequest(CotEventContainer data) {
         try {
             // set the download url
-            Network network = DistributedConfiguration.getInstance().getNetwork();
+            Network network = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork();
             if (network == null || network.getTakServerHost() == null || network.getTakServerHost().length() == 0
                 || network.getConnector() == null || network.getConnector().size() == 0) {
                 log.error("createFileTransferRequest failed, need to set takServerHost and connector in CoreConfig <network/> ");
@@ -214,7 +214,7 @@ public AsyncFuture<Integer> write(CotEventContainer data, ChannelHandler handler
 				Metrics.counter(Constants.METRIC_MESSAGE_PRECONVERT_COUNT, "takserver", "messaging").increment();
             }
 
-            if(buffer == null) {
+            if (buffer == null) {
                 return null;
             };
 
@@ -228,6 +228,9 @@ public AsyncFuture<Integer> write(CotEventContainer data, ChannelHandler handler
 
     public static ByteBuffer convertGeneratedMessageV3ToProtoBufBytes(GeneratedMessageV3 message) {
         try {
+            //
+            // allocate a buffer for the message
+            //
             int messageSize = message.getSerializedSize();
             int sizeOfSize = CodedOutputStream.computeUInt32SizeNoTag(messageSize);
             ByteBuffer buffer = ByteBuffer.allocate(1 + sizeOfSize + messageSize);
@@ -248,7 +251,7 @@ public static ByteBuffer convertGeneratedMessageV3ToProtoBufBytes(GeneratedMessa
         }
     }
 
-    public static ByteBuffer convertCotToProtoBufBytes(CotEventContainer data) {
+    public static ByteBuffer convertCotToProtoBufBytes(CotEventContainer data, boolean sendLargeMessages) {
         ByteBuffer buffer = null;
         try {
             //
@@ -260,27 +263,26 @@ public static ByteBuffer convertCotToProtoBufBytes(CotEventContainer data) {
                 return null;
             }
 
-            //
-            // allocate a buffer for the message
-            //
-            int takMessageSize = takMessage.getSerializedSize();
-            if (takMessageSize > MAX_SIZE) {
-                String xml = data.asXml();
-                if (xml.length() > MAX_LOG_SIZE) {
-                    xml = xml.substring(0, MAX_LOG_SIZE) + "...";
-                }
+            if (!sendLargeMessages) {
+                int takMessageSize = takMessage.getSerializedSize();
+                if (takMessageSize > MAX_SIZE) {
+                    String xml = data.asXml();
+                    if (xml.length() > MAX_LOG_SIZE) {
+                        xml = xml.substring(0, MAX_LOG_SIZE) + "...";
+                    }
 
-                if (log.isDebugEnabled()) {
-                	log.debug("Attempt to write message greater than max size : " + takMessageSize + ", " + xml);
-                } else {
-                	log.error("Attempt to write message greater than max size : " + takMessageSize);
-                }
+                    if (log.isDebugEnabled()) {
+                        log.debug("Attempt to write message greater than max size : " + takMessageSize + ", " + xml);
+                    } else {
+                        log.error("Attempt to write message greater than max size : " + takMessageSize);
+                    }
 
-                // overwrite the failed message with a file transfer request, and write it out instead
-                takMessage = createFileTransferRequest(data);
-                if (takMessage == null) {
-                    log.error("createFileTransferRequest failed!");
-                    return null;
+                    // overwrite the failed message with a file transfer request, and write it out instead
+                    takMessage = createFileTransferRequest(data);
+                    if (takMessage == null) {
+                        log.error("createFileTransferRequest failed!");
+                        return null;
+                    }
                 }
             }
 
@@ -293,6 +295,10 @@ public static ByteBuffer convertCotToProtoBufBytes(CotEventContainer data) {
         return buffer;
     }
 
+    public static ByteBuffer convertCotToProtoBufBytes(CotEventContainer data) {
+        return convertCotToProtoBufBytes(data, false);
+    }
+
     /**
      * Called when the handler has finished propagating
      * data coming from the network, signifies an EOS
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/protocol/connections/TakProtoBufProtocol.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/protocol/connections/TakProtoBufProtocol.java
index ab79146d..37d55ed6 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/protocol/connections/TakProtoBufProtocol.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/protocol/connections/TakProtoBufProtocol.java
@@ -56,7 +56,7 @@ public void onDataReceived(ByteBuffer buffer, ChannelHandler handler) {
         //long start = System.currentTimeMillis();
         //log.warn("new read: " + buffer.remaining() + " bytes");
 
-        if(leftovers == null) {
+        if (leftovers == null) {
             fullBuf = buffer;
         } else {
             int binaryLength = buffer.remaining();
@@ -71,8 +71,8 @@ public void onDataReceived(ByteBuffer buffer, ChannelHandler handler) {
         boolean breakout = false;
         while(fullBuf.remaining() > 0 && !breakout) {
             //log.warn("looping: " + nextSize);
-            if(nextSize == -1) {
-                if(fullBuf.remaining() > INTBYTES) {
+            if (nextSize == -1) {
+                if (fullBuf.remaining() > INTBYTES) {
                     nextSize = fullBuf.getInt();
                     //log.warn("getting new event: " + nextSize);
                 } else {
@@ -85,7 +85,7 @@ public void onDataReceived(ByteBuffer buffer, ChannelHandler handler) {
                 }
             }
 
-            if(fullBuf.remaining() < nextSize) {
+            if (fullBuf.remaining() < nextSize) {
                 //log.warn("not a full event, waiting for more data.  remaining: " + fullBuf.remaining() + " needed: " + nextSize);
                 leftovers = ByteBuffer.allocate(fullBuf.remaining());
                 leftovers.put(fullBuf);
@@ -97,7 +97,7 @@ public void onDataReceived(ByteBuffer buffer, ChannelHandler handler) {
             byte [] eventBytes = new byte[nextSize];
             nextSize = -1;
             fullBuf.get(eventBytes);
-            if(fullBuf.remaining() == 0) {
+            if (fullBuf.remaining() == 0) {
                 leftovers = null; // just to be sure
             }
             //log.warn(" leftover bytes: " + fullBuf.remaining());
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/quic/NioNettyQuicServerHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/quic/NioNettyQuicServerHandler.java
new file mode 100644
index 00000000..fa486d01
--- /dev/null
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/quic/NioNettyQuicServerHandler.java
@@ -0,0 +1,126 @@
+package com.bbn.marti.nio.quic;
+
+import java.net.InetSocketAddress;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+import java.util.UUID;
+
+import javax.net.ssl.SSLPeerUnverifiedException;
+
+import org.apache.log4j.Logger;
+import org.dom4j.DocumentException;
+
+import com.bbn.marti.config.Input;
+import com.bbn.marti.nio.channel.base.AbstractBroadcastingChannelHandler;
+import com.bbn.marti.nio.netty.handlers.NioNettyTlsServerHandler;
+import com.bbn.marti.nio.protocol.connections.StreamingProtoBufOrCoTProtocol;
+import com.bbn.marti.remote.groups.AuthStatus;
+import com.bbn.marti.remote.groups.ConnectionInfo;
+
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.incubator.codec.quic.QuicChannel;
+import tak.server.cot.CotEventContainer;
+import tak.server.ignite.IgniteHolder;
+
+public class NioNettyQuicServerHandler extends NioNettyTlsServerHandler {
+	private final static Logger log = Logger.getLogger(NioNettyQuicServerHandler.class);
+	
+	private final Map<String, InetSocketAddress> clientAddressMap;
+	
+	public NioNettyQuicServerHandler(Input input, Map<String, InetSocketAddress> clientAddressMap) {
+		super(input);
+		this.clientAddressMap = clientAddressMap;
+	}
+	
+	@Override
+	public void channelActive(ChannelHandlerContext ctx) {
+		try {			
+			remoteSocketAddress = clientAddressMap.get(ctx.channel().parent().id().asLongText());
+			localSocketAddress = new InetSocketAddress("localhost", input.getPort());
+						
+			nettyContext = ctx;						
+			createConnectionInfo();
+			createAdaptedNettyProtocol();
+			createAdaptedNettyHandler(connectionInfo);
+			((AbstractBroadcastingChannelHandler) channelHandler).withHandlerType("NettyQuic");
+			createAuthenticationCodecs();
+			setReader();
+			setWriter();
+			setNegotiator();
+			buildCallbacks();
+			setupFlushHandler();
+			createSubscription();
+		} catch (Exception e) {
+			log.error("exception processing channel activation", e);
+		}
+
+	}
+	
+	@Override
+	public void channelUnregistered(ChannelHandlerContext ctx) {
+		super.channelUnregistered(ctx);
+		// if the stream closes, force close the entire connection
+		ctx.channel().parent().close();
+	}
+
+	@Override
+	protected void createConnectionInfo() {
+		connectionInfo = new ConnectionInfo();
+		connectionInfo.setAddress(remoteSocketAddress.getHostString());
+		connectionInfo.setConnectionId(IgniteHolder.getInstance().getIgniteStringId() + new Integer(nettyContext.channel().parent().hashCode()).toString());
+		connectionInfo.setPort(remoteSocketAddress.getPort());
+		connectionInfo.setTls(true);
+		connectionInfo.setClient(true);
+		connectionInfo.setInput(input);
+		connectionInfo.setCert(getCertFromSslChain(0));
+	}
+
+	
+	@Override
+	protected void setNegotiator() {
+		negotiator = () -> {			
+			if (authCodec != null && authCodec.getAuthStatus().get() != AuthStatus.SUCCESS) return;
+
+			try {
+				CotEventContainer announcement = StreamingProtoBufOrCoTProtocol
+						.buildProtocolAnnouncement(negotiationUuid = UUID.randomUUID().toString());
+
+				nettyContext.writeAndFlush(announcement.getOrInstantiateEncoding());
+			} catch (DocumentException e) {
+				log.error(e);
+			}
+		};
+	}
+	
+	@Override
+	protected X509Certificate getCertFromSslChain(int index) {
+		X509Certificate cert = null;
+		try {
+			QuicChannel channel = (QuicChannel) nettyContext.channel().parent();
+			cert = (X509Certificate) channel.sslEngine().getSession().getPeerCertificates()[index];
+		} catch (SSLPeerUnverifiedException e) {
+			if(log.isDebugEnabled()) {
+				log.debug("Could not get cert at from chain at index " + index, e);
+			}
+		}
+		return cert;
+	}
+	
+	public String getQuicChannelId() {
+		return nettyContext.channel().parent().id().asLongText();
+	}
+	
+	public void close() {
+		try {
+			nettyContext.close();
+		} catch (Exception e) {
+			log.error("Error closing stream channel", e);
+		}
+		
+		try {
+			nettyContext.channel().parent().close();
+		} catch (Exception e) {
+			log.error("Error closing connection channel", e);
+		}
+	}
+}
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/quic/QuicStreamingServer.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/quic/QuicStreamingServer.java
new file mode 100644
index 00000000..d0d292e0
--- /dev/null
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/quic/QuicStreamingServer.java
@@ -0,0 +1,183 @@
+package com.bbn.marti.nio.quic;
+
+import java.net.InetSocketAddress;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.bbn.marti.config.Input;
+import com.bbn.marti.nio.netty.initializers.NioNettyInitializer;
+import com.bbn.marti.remote.config.CoreConfigFacade;
+
+import io.netty.bootstrap.Bootstrap;
+import io.netty.buffer.ByteBuf;
+import io.netty.channel.Channel;
+import io.netty.channel.ChannelHandler;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.ChannelInboundHandlerAdapter;
+import io.netty.channel.ChannelInitializer;
+import io.netty.channel.nio.NioEventLoopGroup;
+import io.netty.channel.socket.nio.NioDatagramChannel;
+import io.netty.handler.codec.bytes.ByteArrayDecoder;
+import io.netty.handler.codec.bytes.ByteArrayEncoder;
+import io.netty.incubator.codec.quic.QuicChannel;
+import io.netty.incubator.codec.quic.QuicConnectionEvent;
+import io.netty.incubator.codec.quic.QuicServerCodecBuilder;
+import io.netty.incubator.codec.quic.QuicSslContext;
+import io.netty.incubator.codec.quic.QuicStreamChannel;
+import io.netty.incubator.codec.quic.QuicTokenHandler;
+
+public class QuicStreamingServer {
+	private static final Logger log = LoggerFactory.getLogger(QuicStreamingServer.class);
+	private final Map<String, InetSocketAddress> clientAddressMap = new ConcurrentHashMap<>();
+	private final Map<String, NioNettyQuicServerHandler> clientHandlerMap = new ConcurrentHashMap<>();
+	
+	private ScheduledFuture<?> timeoutSchedulerFuture;
+	private final int highwaterMark;
+	
+	private Input input;
+	private Channel channel;
+
+	
+	public QuicStreamingServer(Input input, int highMark) {
+		this.input = input;
+		this.highwaterMark = highMark;
+	}
+
+
+	public void start() {
+		new Thread(() -> {
+			try {
+				QuicSslContext context = (QuicSslContext) NioNettyInitializer.Pipeline.initializer.quicServer(
+						input, CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity().getTls()).getSslContext();
+						
+				NioEventLoopGroup group = new NioEventLoopGroup(1);
+				ChannelHandler codec = new QuicServerCodecBuilder().sslContext(context)
+		                .maxIdleTimeout(input.getQuicConnectionTimeoutSeconds(), TimeUnit.SECONDS)
+						// Only allow at most x bytes of incoming stream data to be buffered for the whole connection 
+						// (that is, data that is not yet read by the application) and will allow more data to be received
+						// as the buffer is consumed by the application. 
+		                .initialMaxData(highwaterMark)
+		                // bytes of incoming stream data to be buffered for each locally-initiated bidirectional stream 
+		                // (that is, data that is not yet read by the application) 
+		                // and will allow more data to be received as the buffer is consumed by the application.
+		                .initialMaxStreamDataBidirectionalLocal(highwaterMark)
+		                .initialMaxStreamDataBidirectionalRemote(highwaterMark)
+		                .initialMaxStreamsBidirectional(1)
+		                .initialMaxStreamsUnidirectional(0)
+		                .initialMaxStreamDataUnidirectional(0)
+		                .tokenHandler(new QuicTokenHandler() {
+							@Override
+							public boolean writeToken(ByteBuf out, ByteBuf dcid, InetSocketAddress address) {
+								// TODO Auto-generated method stub
+								return false;
+							}
+
+							@Override
+							public int validateToken(ByteBuf token, InetSocketAddress address) {
+								// TODO Auto-generated method stub
+								return 0;
+							}
+
+							@Override
+							public int maxTokenLength() {
+								// TODO Auto-generated method stub
+								return 0;
+							}
+		                })
+						.handler(new ChannelInboundHandlerAdapter() {
+							@Override
+							public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
+								super.userEventTriggered(ctx, evt);
+								// save the client address
+								if (evt instanceof QuicConnectionEvent) {
+									QuicConnectionEvent event = (QuicConnectionEvent) evt;
+									clientAddressMap.put(ctx.channel().id().asLongText(), (InetSocketAddress) event.newAddress());
+								}
+							}
+
+							@Override
+							public void channelActive(ChannelHandlerContext ctx) {
+								QuicChannel channel = (QuicChannel) ctx.channel();
+								// Create streams etc.. (right now the client creates the takstream)
+							}
+
+							// use one channel to accept all connections
+							@Override
+							public boolean isSharable() {
+								return true;
+							}
+
+							@Override
+							public void channelUnregistered(ChannelHandlerContext ctx) throws Exception {
+								super.channelUnregistered(ctx);
+								// clear local data
+								try {
+									clientAddressMap.remove(ctx.channel().id().asLongText());
+									clientHandlerMap.remove(ctx.channel().id().asLongText());
+								} catch (Exception e) {
+									log.error("Error clearing connection state", e);
+								}
+							}
+
+							@Override
+							public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
+								super.exceptionCaught(ctx, cause);
+								log.error("Quic Channel level exception:" + cause);
+								ctx.close();
+							}
+						})
+						.streamHandler(new ChannelInitializer<QuicStreamChannel>() {
+							@Override
+		                    protected void initChannel(QuicStreamChannel ch)  {
+								NioNettyQuicServerHandler quicHandler = new NioNettyQuicServerHandler(input, clientAddressMap);
+								
+								clientHandlerMap.put(ch.parent().id().asLongText(), quicHandler);
+								
+		                        ch.pipeline()
+		                        	.addLast(new ByteArrayDecoder())
+		                        	.addLast(new ByteArrayEncoder())
+		                        	.addLast(quicHandler);
+		                    }
+		                }).build();
+				try {
+					Bootstrap bs = new Bootstrap();
+					channel = bs.group(group)
+							.channel(NioDatagramChannel.class)
+							.handler(codec)
+							.bind(new InetSocketAddress(input.getPort())).sync().channel();
+					
+					channel.closeFuture().sync();
+				} finally {
+					group.shutdownGracefully();
+				}
+			}
+			catch (Exception e) {
+				log.error("quic server error ", e);
+			}
+		}).start();
+	}
+	
+	public void stop() {
+		log.info("Shutting down quic server " + input );
+		
+		try {
+			channel.close();
+		} catch (Exception e) {
+			log.error("error shutting down quic server",e);
+		}
+		
+		try {
+			if (timeoutSchedulerFuture != null) {
+				timeoutSchedulerFuture.cancel(true);
+			}
+		} catch (Exception e) {
+			log.error("error shutting down quic server client timeout scheduler");
+		}
+	}
+
+}
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/server/NioServer.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/server/NioServer.java
index 57a161b3..f19bfe7e 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/server/NioServer.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/server/NioServer.java
@@ -32,7 +32,7 @@
 import com.bbn.marti.util.Assertion;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
 import com.bbn.marti.util.concurrent.future.SettableAsyncFuture;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 /**
 * A non-blocking IO server implementation for listening on multiple channels/ports/protocols as a server, and sending/receiving on multiple client channels.
@@ -118,7 +118,7 @@ public NioServer() throws IOException {
 	*/
 	private boolean wakeupOrExceptChange(AbstractSelectorChange change) {
 		if (!selectorChanges.offer(change)) {
-			if(log.isWarnEnabled()) {
+			if (log.isWarnEnabled()) {
 				log.warn("Server received change submitted to dead server " + change.toString());
 			}
 
@@ -539,7 +539,7 @@ private void processKeySet() {
 
 			if (!key.isValid()) {
 				// don't have anything to handle
-				if(log.isTraceEnabled()) {
+				if (log.isTraceEnabled()) {
 					log.trace("Server skipping over invalid key");
 				}
 				continue;
@@ -568,7 +568,7 @@ private void processKeySet() {
 					staySubscribed = handler.handleConnect(channel, this);
 				} else {
 					// jump out, have nothing to do
-					if(log.isWarnEnabled()) {
+					if (log.isWarnEnabled()) {
 						log.warn("Encountered active key with nothing to do");
 					}
 					continue;
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/util/NetUtils.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/util/NetUtils.java
index 2077de22..1899819e 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/util/NetUtils.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/util/NetUtils.java
@@ -5,7 +5,6 @@
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.net.NetworkInterface;
-import java.net.SocketException;
 import java.net.StandardSocketOptions;
 import java.nio.channels.DatagramChannel;
 import java.nio.channels.NetworkChannel;
@@ -21,9 +20,10 @@
 
 import com.bbn.marti.nio.channel.ChannelHandler;
 import com.bbn.marti.remote.groups.ConnectionInfo;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.util.Assertion;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 public class NetUtils {
     private final static Logger log = Logger.getLogger(NetUtils.class);
@@ -89,9 +89,9 @@ public static DatagramChannel openUdpChannel(InetSocketAddress address, String i
         
         try {
             channel = DatagramChannel.open();
-            if(address.getAddress().isMulticastAddress()) {
+            if (address.getAddress().isMulticastAddress()) {
                 channel.setOption(StandardSocketOptions.IP_MULTICAST_TTL,
-                        DistributedConfiguration.getInstance().getNetwork().getMulticastTTL());
+                        CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getMulticastTTL());
 
                 if (iface != null && !iface.isEmpty()) {
                     NetworkInterface networkInterface = NetworkInterface.getByName(iface);
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/BinaryPayloadWebSocketHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/BinaryPayloadWebSocketHandler.java
index 0b3260ae..9c76ee74 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/BinaryPayloadWebSocketHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/BinaryPayloadWebSocketHandler.java
@@ -3,6 +3,8 @@
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 
+import io.micrometer.core.instrument.Metrics;
+
 import org.apache.ignite.Ignite;
 import org.apache.ignite.cluster.ClusterGroup;
 import org.apache.ignite.events.DiscoveryEvent;
@@ -21,14 +23,13 @@
 
 import com.bbn.cluster.ClusterGroupDefinition;
 import com.bbn.marti.remote.SubscriptionManagerLite;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.Resources;
 import com.bbn.marti.service.SubscriptionManager;
 import com.bbn.marti.service.WebsocketMessagingBroker.WebsocketMessageTransporter;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
-import io.micrometer.core.instrument.Metrics;
 import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.ignite.IgniteHolder;
 import tak.server.ignite.grid.SubscriptionManagerProxyHandler;
 import tak.server.qos.MessageDeliveryStrategy;
@@ -60,7 +61,7 @@ private SubscriptionManagerProxyHandler smp() {
 		
 	public BinaryPayloadWebSocketHandler() {
 
-		if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
 			setupIgniteListeners();
 		}
 		
@@ -106,9 +107,9 @@ public void afterConnectionEstablished(WebSocketSession session) throws Exceptio
 		if (logger.isTraceEnabled()) {
 			logger.trace("afterConnectionEstablished " + hashCode(session));
 		}
-		ConcurrentWebSocketSessionDecorator concurrentSession = new ConcurrentWebSocketSessionDecorator(session, 
-				DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketSendTimeoutMs(), 
-				DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketSendBufferSizeLimit(),
+		ConcurrentWebSocketSessionDecorator concurrentSession = new ConcurrentWebSocketSessionDecorator(session,
+				CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketSendTimeoutMs(),
+				CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketSendBufferSizeLimit(),
 				OverflowStrategy.DROP);
 		
 		websocketMap.put(hashCode(session), concurrentSession);
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/NioWebSocketHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/NioWebSocketHandler.java
index 37752d6b..8418be8a 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/NioWebSocketHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/NioWebSocketHandler.java
@@ -10,6 +10,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.bbn.marti.config.Oauth;
 import com.bbn.marti.config.Input;
 import com.bbn.marti.groups.GroupFederationUtil;
 import com.bbn.marti.nio.channel.base.AbstractBroadcastingChannelHandler;
@@ -33,6 +34,7 @@ public class NioWebSocketHandler extends NioNettyTlsServerHandler {
     private final String sessionId;
     private final String connectionId;
     private final UUID websocketApiNode;
+    private final Oauth oauthConfig;
     private IgniteBiPredicate<UUID, ?> igniteReadListenerPredicate;
     
     private static Input websocketInput = new Input();
@@ -41,7 +43,8 @@ public class NioWebSocketHandler extends NioNettyTlsServerHandler {
     	websocketInput.setProtocol(TransportCotEvent.PROTOTLS.toString());
     }
     
-    public NioWebSocketHandler(UUID websocketApiNode, String sessionId, String connectionId, InetSocketAddress local, InetSocketAddress remote) {
+    public NioWebSocketHandler(UUID websocketApiNode, String sessionId, String connectionId, InetSocketAddress local, InetSocketAddress remote,
+                               Oauth oauthConfig) {
         super(websocketInput);
         protobufSupported.set(true);;
         this.websocketApiNode = websocketApiNode;
@@ -49,6 +52,7 @@ public NioWebSocketHandler(UUID websocketApiNode, String sessionId, String conne
         this.remoteSocketAddress = remote;
         this.sessionId = sessionId;
         this.connectionId = connectionId;
+        this.oauthConfig = oauthConfig;
     }
     
     @Override
@@ -92,7 +96,8 @@ public void channelUnregistered(ChannelHandlerContext ctx) {
 
     }
     
-    private void setReader() {
+    @Override
+    protected void setReader() {
     	
         reader = (msg) -> {};
         
@@ -183,14 +188,16 @@ private void setReader() {
         	.localListen("websocket-read-listener-" + connectionId, igniteReadListenerPredicate);
     }
     
-    private void setWriter() {
+    @Override
+    protected void setWriter() {
 
         writer = (data) -> {
             log.info("Websocket Protocol writer is a No-Op, See WebsocketMessagingBroker");
         };
     }
     
-    private void setNegotiator() {
+    @Override
+    protected void setNegotiator() {
 
         negotiator = () -> {};
     }
@@ -203,13 +210,17 @@ private void createAuthorizedUser() {
             if (user == null) {
                 return;
             }
-            
-            if (groupManager.getGroups(user).isEmpty()) {
-                Set<Group> groups = new ConcurrentSkipListSet<>();
-                groups.add(new Group(GroupFederationUtil.ANONYMOUS_DEFAULT_GROUP, Direction.IN));
-                groups.add(new Group(GroupFederationUtil.ANONYMOUS_DEFAULT_GROUP, Direction.OUT));
-                
-                groupManager.updateGroups(user, groups);
+
+            boolean useGroupCache = oauthConfig != null && oauthConfig.isOauthUseGroupCache();
+
+            if (!useGroupCache) {
+                if (groupManager.getGroups(user).isEmpty()) {
+                    Set<Group> groups = new ConcurrentSkipListSet<>();
+                    groups.add(new Group(GroupFederationUtil.ANONYMOUS_DEFAULT_GROUP, Direction.IN));
+                    groups.add(new Group(GroupFederationUtil.ANONYMOUS_DEFAULT_GROUP, Direction.OUT));
+
+                    groupManager.updateGroups(user, groups);
+                }
             }
             
         } catch (Exception e) {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/TakProtoWebSocketHandler.java b/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/TakProtoWebSocketHandler.java
index 804a136d..86340d74 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/TakProtoWebSocketHandler.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/nio/websockets/TakProtoWebSocketHandler.java
@@ -1,12 +1,11 @@
 package com.bbn.marti.nio.websockets;
 
-import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 
+import io.micrometer.core.instrument.Metrics;
 
-import com.bbn.marti.remote.groups.Direction;
 import org.apache.ignite.Ignite;
 import org.apache.ignite.cluster.ClusterGroup;
 import org.apache.ignite.events.DiscoveryEvent;
@@ -24,17 +23,17 @@
 import org.springframework.web.socket.handler.ConcurrentWebSocketSessionDecorator;
 import org.springframework.web.socket.handler.ConcurrentWebSocketSessionDecorator.OverflowStrategy;
 
+import com.bbn.marti.remote.groups.Direction;
 import com.bbn.cluster.ClusterGroupDefinition;
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.remote.util.RemoteUtil;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.Resources;
 import com.bbn.marti.service.SubscriptionManager;
 import com.bbn.marti.service.WebsocketMessagingBroker.WebsocketMessageTransporter;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
-import io.micrometer.core.instrument.Metrics;
 import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.ignite.IgniteHolder;
 import tak.server.qos.MessageDeliveryStrategy;
 
@@ -66,7 +65,7 @@ private MessageDeliveryStrategy mds() {
 		
 	public TakProtoWebSocketHandler() {
 
-		if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
 			setupIgniteListeners();
 		}
 		
@@ -160,9 +159,9 @@ public void afterConnectionEstablished(WebSocketSession session) throws Exceptio
 		if (logger.isTraceEnabled()) {
 			logger.trace("afterConnectionEstablished " + hashCode(session));
 		}
-		ConcurrentWebSocketSessionDecorator concurrentSession = new ConcurrentWebSocketSessionDecorator(session, 
-				DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketSendTimeoutMs(), 
-				DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketSendBufferSizeLimit(),
+		ConcurrentWebSocketSessionDecorator concurrentSession = new ConcurrentWebSocketSessionDecorator(session,
+				CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketSendTimeoutMs(),
+				CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketSendBufferSizeLimit(),
 				OverflowStrategy.DROP);
 		
 		websocketMap.put(hashCode(session), concurrentSession);
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/repeater/DistributedRepeaterManager.java b/src/takserver-core/src/main/java/com/bbn/marti/repeater/DistributedRepeaterManager.java
index dd5f9918..4a55b3dc 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/repeater/DistributedRepeaterManager.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/repeater/DistributedRepeaterManager.java
@@ -19,10 +19,10 @@
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.groups.User;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
 
 import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 import tak.server.cot.CotParser;
 
@@ -147,11 +147,11 @@ public Collection<Repeatable> getRepeatableMessages() {
 	}
 
 	public Integer getPeriodMillis() {
-		return DistributedConfiguration.getInstance().getRepeater().getPeriodMillis();
+		return CoreConfigFacade.getInstance().getRemoteConfiguration().getRepeater().getPeriodMillis();
 	}
 
 	public void setPeriodMillis(Integer periodMillis) {
-		DistributedConfiguration.getInstance().getRepeater().setPeriodMillis(periodMillis);
+		CoreConfigFacade.getInstance().getRemoteConfiguration().getRepeater().setPeriodMillis(periodMillis);
 	}
 
 	public Map<String, CotEventContainer> getCancelledMessages() {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/BrokerService.java b/src/takserver-core/src/main/java/com/bbn/marti/service/BrokerService.java
index 93122616..f3364bf7 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/BrokerService.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/BrokerService.java
@@ -18,8 +18,9 @@
 import com.bbn.marti.remote.QueueMetric;
 import com.bbn.marti.remote.groups.ConnectionInfo;
 import com.bbn.marti.util.FixedSizeBlockingQueue;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cot.CotEventContainer;
 
@@ -150,7 +151,7 @@ protected void processNextEvent() {
 	public void processMessage(CotEventContainer cot) {
 		try {
 
-			if(VBMSASharingFilter.getInstance().filter(cot) == null) return;
+			if (VBMSASharingFilter.getInstance().filter(cot) == null) return;
 			
 			long hitTime = System.currentTimeMillis();
 
@@ -215,7 +216,7 @@ public void processMessage(CotEventContainer cot) {
 
 			if (!websocketHits.isEmpty()) {
 				WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, cot,
-						DistributedConfiguration.getInstance().getNetwork().getServerId());
+						CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getServerId());
 			}
 
 			// clear the sub list from the cot message - so it can be garbage-collected
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/ClusterSubscriptionStore.java b/src/takserver-core/src/main/java/com/bbn/marti/service/ClusterSubscriptionStore.java
index 83eaf7f7..3274455b 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/ClusterSubscriptionStore.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/ClusterSubscriptionStore.java
@@ -20,6 +20,7 @@
 import com.bbn.marti.remote.ConnectionStatusValue;
 import tak.server.Constants;
 import tak.server.ignite.IgniteHolder;
+import tak.server.ignite.cache.IgniteCacheHolder;
 
 /**
  *  
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/DistributedSubscriptionManager.java b/src/takserver-core/src/main/java/com/bbn/marti/service/DistributedSubscriptionManager.java
index 7b502e58..f83e4107 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/DistributedSubscriptionManager.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/DistributedSubscriptionManager.java
@@ -20,7 +20,6 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.LinkedList;
@@ -61,6 +60,7 @@
 import com.bbn.cot.filter.DropEventFilter;
 import com.bbn.cot.filter.GeospatialEventFilter;
 import com.bbn.cot.filter.StreamingEndpointRewriteFilter;
+import com.bbn.marti.classification.service.ClassificationService;
 import com.bbn.marti.config.CertificateSigning;
 import com.bbn.marti.config.Dropfilter;
 import com.bbn.marti.config.Filter;
@@ -102,7 +102,7 @@
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
 import com.bbn.marti.util.Tuple;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.bbn.metrics.dto.MetricSubscription;
 import com.bbn.security.web.MartiValidatorConstants;
 import com.google.common.base.Strings;
@@ -121,6 +121,7 @@
 import tak.server.ignite.IgniteHolder;
 import tak.server.ignite.cache.IgniteCacheHolder;
 import tak.server.messaging.MessageConverter;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 public class DistributedSubscriptionManager implements SubscriptionManager, org.apache.ignite.services.Service {
 	
@@ -136,6 +137,8 @@ public class DistributedSubscriptionManager implements SubscriptionManager, org.
 
 	private Validator validator;
 
+	private boolean applyClassificationFilter = false;
+
 	public DistributedSubscriptionManager() {
 		if (logger.isDebugEnabled()) {
 			logger.debug("DistributedSubscriptionManager constructor");
@@ -191,7 +194,21 @@ private CommonUtil commonUtil() {
 		
 		return commonUtil.get();
 	}
-    
+
+	private final AtomicReference<ClassificationService> classificationService = new AtomicReference<>();
+
+	private ClassificationService classificationService() {
+		if (classificationService.get() == null) {
+			synchronized (this) {
+				if (classificationService.get() == null) {
+					classificationService.set(SpringContextBeanForApi.getSpringContext().getBean(ClassificationService.class));
+				}
+			}
+		}
+
+		return classificationService.get();
+	}
+
     @Override
 	public void cancel(ServiceContext ctx) {
     	if (logger.isDebugEnabled()) {
@@ -221,7 +238,7 @@ private AtomicLong clientCount() {
 	
 	@EventListener({ContextRefreshedEvent.class})
 	private void onContextRefresh() {
-		if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
 			setupIgniteListeners();
 		}
         // load static subscriptions
@@ -230,6 +247,9 @@ private void onContextRefresh() {
 		schedulePeriodicPingTimeoutCheck();
         
 		clientCountRef.set(Metrics.gauge(Constants.METRIC_CLIENT_COUNT, clientCountRef.get()));
+
+		applyClassificationFilter = CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm() != null &&
+				CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled();
 	}
 	
 	private void schedulePeriodicSubscriptionCacheUpdates() {
@@ -246,13 +266,13 @@ private void schedulePeriodicSubscriptionCacheUpdates() {
 	}
 
 	private void schedulePeriodicPingTimeoutCheck() {
-		Integer pingTimeoutSeconds = DistributedConfiguration.getInstance().
+		Integer pingTimeoutSeconds = CoreConfigFacade.getInstance().
 				getRemoteConfiguration().getNetwork().getPingTimeoutSeconds();
 		if (pingTimeoutSeconds == null) {
 			return;
 		}
 
-		int pingTimeoutCheckIntervalSeconds = DistributedConfiguration.getInstance().
+		int pingTimeoutCheckIntervalSeconds = CoreConfigFacade.getInstance().
 				getRemoteConfiguration().getNetwork().getPingTimeoutCheckIntervalSeconds();
 
 		Resources.ghostConnectionCleanupPool.scheduleWithFixedDelay(() -> {
@@ -309,7 +329,7 @@ public boolean apply(DiscoveryEvent event) {
 	
 	public synchronized void loadStaticSubscriptions() {
 	 	
-	 	for (com.bbn.marti.config.Subscription.Static staticSubscription : config().getSubscription().getStatic()) {
+	 	for (com.bbn.marti.config.Subscription.Static staticSubscription : CoreConfigFacade.getInstance().getRemoteConfiguration().getSubscription().getStatic()) {
 	 	    
 	 	    if (logger.isDebugEnabled()) {
 	 	    	logger.debug("Adding static subscription: " + staticSubscription);
@@ -435,7 +455,14 @@ public Collection<Subscription> getMatches(CotEventContainer c) {
                     	}
                         continue;
                     }
-                    
+
+					if (applyClassificationFilter) {
+						if (!classificationService().canAccess(
+								groupManager().getClassificationForUser(receiver), c)) {
+							continue;
+						}
+					}
+
 			        // source related
 			        NavigableSet<Group> srcGroups = null;
                     
@@ -498,15 +525,15 @@ private synchronized List<Subscription> getExplicitUidMatches(CotEventContainer
 		List<Subscription> result = new LinkedList<Subscription>();
 		for (String d : destList) {
 			Subscription s = subscriptionStore().getSubscriptionByClientUid(d);
-			if(s != null) {
+			if (s != null) {
 				boolean found = false;
 				for(Subscription i : result) {
-					if(s == i) {
+					if (s == i) {
 						found = true;
 						break;
 					}
 				}
-				if(!found) {
+				if (!found) {
 					result.add(s);
 				}
 			} else {
@@ -616,7 +643,7 @@ private Collection<Subscription> getExplicitMatches(CotEventContainer c) {
 	* TODO: implement explicit endpoint to subscription matching
 	*/
 	private List<Subscription> getExplicitPubMatches(CotEventContainer c, List<String> destList) {
-		if(logger.isWarnEnabled()) {
+		if (logger.isWarnEnabled()) {
 			for (String dest : destList) {
 				logger.warn("Don't support explicit endpoint publishing yet: " + dest);
 			}
@@ -641,12 +668,12 @@ private synchronized List<Subscription> getExplicitCallsignMatches(CotEventConta
 			if (subscription != null) {
 				boolean found = false;
 				for(Subscription i : subscriptions) {
-					if(subscription == i) {
+					if (subscription == i) {
 						found = true;
 						break;
 					}
 				}
-				if(!found) {
+				if (!found) {
 					
 					if (logger.isTraceEnabled()) {
 						logger.trace("Found explicit match for callsign " + callsign + " for message " + c.partial());
@@ -742,7 +769,7 @@ private Collection<Subscription> getImplicitMatches(CotEventContainer cot) {
         	
         	Subscription destSubscription = destSubscriptionEntry.getValue();
       
-        	if (config().getRemoteConfiguration().getFederation() == null) {
+        	if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation() == null) {
         		if (zender instanceof FederateUser && destSubscription.getUser() instanceof FederateUser) {
         			continue;
         		}
@@ -819,6 +846,13 @@ private Collection<Subscription> getImplicitMatches(CotEventContainer cot) {
 							dupeLogger.trace("not self message - subIdHash: " + subIdHash + " msgIdHash " + msgIdHash);
 						}
 
+						if (applyClassificationFilter) {
+							if (!classificationService().canAccess(
+									groupManager().getClassificationForUser(receiver), cot)) {
+								continue;
+							}
+						}
+
 						matches.add(destSubscription);
 					} else {
 						if (dupeLogger.isTraceEnabled()) {
@@ -892,7 +926,7 @@ private void _addSubscription(Subscription subscription) {
 		
 		subscriptionStore().put(subscription.uid, subscription);
 
-		if(subscription.handler.host() != null) {  // static subs 
+		if (subscription.handler.host() != null) {  // static subs 
 			logger.info("Added Subscription: id=" + subscription.uid + " source=" +
 					subscription.handler.host().toString().replace("/", ""));
 		}
@@ -920,8 +954,8 @@ synchronized public void addSubscription(RemoteSubscription remote) {
 					tokens[1], remote.iface,
 					Integer.parseInt(tokens[2]), remote.xpath, remote.uid, remote.filterGroups, remote.toStatic().getFilter());
 
-			config().getSubscription().getStatic().add(remote.toStatic());
-			config().saveChangesAndUpdateCache();
+			CoreConfigFacade.getInstance().getRemoteConfiguration().getSubscription().getStatic().add(remote.toStatic());
+			CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
 		} catch (Exception e) {
 			throw new TakException("Error adding subscription", e);
 		}
@@ -1070,11 +1104,11 @@ public boolean deleteSubscription(String uid) {
 	}
 	
 	private void checkAndDeleteStaticSubscription(String uid) {
-		List<com.bbn.marti.config.Subscription.Static> staticSubs = config().getSubscription().getStatic();
+		List<com.bbn.marti.config.Subscription.Static> staticSubs = CoreConfigFacade.getInstance().getRemoteConfiguration().getSubscription().getStatic();
 		for(com.bbn.marti.config.Subscription.Static ss : staticSubs) {
-			if(ss.getName().compareTo(uid) == 0) {
+			if (ss.getName().compareTo(uid) == 0) {
 				staticSubs.remove(ss);
-				config().saveChangesAndUpdateCache();
+				CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
 				break;
 			}
         }
@@ -1133,7 +1167,7 @@ private boolean doDeleteSubscription(Subscription sub, String uid) {
         
         try {
         	for(Map.Entry<String,Subscription> entry : subscriptionStore().getViewOfCallsignMap().entrySet()) {
-        		if(entry.getValue() == sub) {
+        		if (entry.getValue() == sub) {
         			subscriptionStore().removeSubscriptionByCallsign(entry.getKey());
         			break;
         		}
@@ -1166,7 +1200,7 @@ private boolean doDeleteSubscription(Subscription sub, String uid) {
 
         try {
         	for(Map.Entry<ConnectionInfo,Subscription> entry : subscriptionStore().getViewOfConnectionSubMap().entrySet()) {
-        		if(entry.getValue() == sub) {
+        		if (entry.getValue() == sub) {
         			subscriptionStore().removeSubscriptionByConnectionInfo(entry.getKey());
         			// if we already found a clientUid match in another sub, we can bail
         			if (keepMissionSubsForClientUid) {
@@ -1189,7 +1223,7 @@ private boolean doDeleteSubscription(Subscription sub, String uid) {
         
         try {
         	for(Map.Entry<User,Subscription> entry : subscriptionStore().getViewOfUserSubscriptionMap().entrySet()) {
-        		if(entry.getValue() == sub) {
+        		if (entry.getValue() == sub) {
         			//log.warn("removing uid from sub: " + entry.getKey());
         			subscriptionStore().removeSubscriptionByUser(entry.getKey());
         			break;
@@ -1518,7 +1552,7 @@ public void setClientForSubscription(String clientUid, String callsign, ChannelH
 		
         Subscription match = subscriptionStore().getByHandler(handler);
         if (match != null) {
-			if(overwriteSub) {
+			if (overwriteSub) {
 				match.callsign = callsign;
 				match.clientUid = clientUid;
 			}
@@ -1849,7 +1883,7 @@ public void missionUnsubscribe(String missionName, String clientUid, String user
 			return;
 		}
 
-		if (config().getRepository().isEnable()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getRepository().isEnable()) {
 			if (!Strings.isNullOrEmpty(username)) {
 				missionSubscriptionRepository().deleteByMissionNameAndClientUidAndUsername(missionName, clientUid, username);
 			} else {
@@ -1876,7 +1910,7 @@ public List<String> getMissionSubscriptions(String missionName, boolean connecte
 			return Lists.newArrayList(subscriptionStore().getLocalUidsByMission(missionName));
 		} else {
 			List<String> missionSubscriptions = new ArrayList<>();
-			for (MissionSubscription missionSubscription : missionSubscriptionRepository().findAllByMissionNameNoMission(missionName)) {
+			for (MissionSubscription missionSubscription : MessagingDependencyInjectionProxy.getInstance().missionService().getMissionSubscriptionsByMissionNameNoMission(missionName)) {
 				missionSubscriptions.add(missionSubscription.getClientUid());
 			}
 			return missionSubscriptions;
@@ -1905,7 +1939,7 @@ public void announceMissionChange(String missionName, ChangeType changeType, Str
    	public  void announceMissionChange(String missionName, ChangeType changeType, String creatorUid, String tool, String changes, String xmlContentForNotification) {
 	   CotEventContainer changeMessage = createMissionChangeMessage(missionName, changeType, creatorUid, tool, changes, xmlContentForNotification);
 
-	   if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
+	   if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
 		   MessagingDependencyInjectionProxy.getInstance().clusterManager().onAnnounceMissionChangeMessage(changeMessage, missionName);
 	   } else {
 		   submitAnnounceMissionChangeCot(missionName, changeMessage);
@@ -1963,7 +1997,7 @@ public void submitAnnounceMissionChangeCot(String missionName, CotEventContainer
     	}
         
         if (!websocketHits.isEmpty()) {
-			WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, changeMessage, config().getNetwork().getServerId());
+			WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, changeMessage, CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getServerId());
 		} 
         
         if (!explicitTopics.isEmpty()) {
@@ -1997,7 +2031,7 @@ public void broadcastMissionAnnouncement(
 			return;
 		}
     	
-		if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
 			MessagingDependencyInjectionProxy.getInstance().clusterManager().onBroadcastMissionAnnouncementMessage(message, creatorUid, groupVector);
 		} else {
 			submitBroadcastMissionAnnouncementCot(creatorUid, groupVector, message); 
@@ -2061,7 +2095,7 @@ public void submitBroadcastMissionAnnouncementCot(String creatorUid, String grou
 		sendToPlugins(message);
 
     	if (!websocketHits.isEmpty()) {
-			WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, message, config().getNetwork().getServerId());
+			WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, message, CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getServerId());
 		}
 	}
 
@@ -2072,7 +2106,7 @@ public void sendMissionInvite(String missionName, String[] uids, String authorUi
 
 		CotEventContainer inviteMessage = createMissionInviteMessage(missionName, authorUid, tool, token, roleXml);
 				
-		if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
 			MessagingDependencyInjectionProxy.getInstance().clusterManager().onSendMissionInviteMessage(inviteMessage, uids);
 		} else {
 			submitSendMissionInviteCot(uids, inviteMessage); 
@@ -2107,7 +2141,8 @@ public void submitSendMissionInviteCot(String[] uids, CotEventContainer inviteMe
 		}
 		
 		if (!websocketHits.isEmpty()) {
-			WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, inviteMessage, config().getNetwork().getServerId());
+			WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, inviteMessage,
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getServerId());
 		}
 
 		sendToPlugins(inviteMessage);
@@ -2118,7 +2153,7 @@ public void sendMissionRoleChange(String missionName, String uid, String authorU
 
 		CotEventContainer roleChangeMessage = createMissionRoleChangeMessage(missionName, authorUid, tool, roleXml);
 		
-		if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
 			MessagingDependencyInjectionProxy.getInstance().clusterManager().onSendMissionRoleChangeMessage(roleChangeMessage, uid);
 		} else {
 			submitSendMissionRoleChangeCot(uid, roleChangeMessage);
@@ -2141,7 +2176,8 @@ public void submitSendMissionRoleChangeCot(String uid, CotEventContainer roleCha
 			if (sub.isWebsocket.get() && sub.getHandler() instanceof AbstractBroadcastingChannelHandler) {
 				Set<String> websocketHits = new ConcurrentSkipListSet<>();
 				websocketHits.add(((AbstractBroadcastingChannelHandler) sub.getHandler()).getConnectionId());
-				WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, roleChangeMessage, config().getNetwork().getServerId());
+				WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, roleChangeMessage,
+						CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getServerId());
 			} else {
 				sub.submit(roleChangeMessage);
 			}
@@ -2256,7 +2292,8 @@ public Set<SituationAwarenessMessage> getLatestReachableSA(User destUser) {
 
 	private TAKServerCAConfig getTAKServerCAConfig() {
 		try {
-			CertificateSigning certificateSigningConfig = config().getRemoteConfiguration().getCertificateSigning();
+			CertificateSigning certificateSigningConfig =
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getCertificateSigning();
 			if (certificateSigningConfig == null) {
 				logger.error("Certificate signing config not found!");
 				return null;
@@ -2397,10 +2434,6 @@ public RemoteSubscriptionMetrics getSubscriptionMetricsForClientUid(String clien
 		return subscriptionStore().getSubMetricsByClientUid(clientUid);
 	}
 	
-	private DistributedConfiguration config() {
-		return DistributedConfiguration.getInstance();
-	}
-	
 	private GroupFederationUtil groupFederationUtil() {
 		return GroupFederationUtil.getInstance();
 	}
@@ -2427,6 +2460,7 @@ private MessagingUtil messagingUtil() {
 	public String createWebsocketSubscription(UUID apiNode, User user, String inGroupVector, String outGroupVector, String sessionId, String connectionId, InetSocketAddress local, InetSocketAddress remote) {
 		User coreUser = new AuthenticatedUser(user.getId(), user.getConnectionId(), user.getAddress(), user.getCert(),
 				user.getName(), "", "", ConnectionType.CORE);
+		coreUser.setToken(user.getToken());
 		try {
 			Set<Group> groups = groupManager().groupVectorToGroupSet(inGroupVector, Direction.IN.getValue());
 			Set<Group> outGroups = groupManager().groupVectorToGroupSet(outGroupVector, Direction.OUT.getValue());
@@ -2435,7 +2469,8 @@ public String createWebsocketSubscription(UUID apiNode, User user, String inGrou
 			groupManager().addUser(coreUser);
 			groupManager().updateGroups(coreUser, groups);
 			groupManager().putUserByConnectionId(coreUser, connectionId);
-			NioWebSocketHandler handler = new NioWebSocketHandler(apiNode, sessionId, connectionId, local, remote);
+			NioWebSocketHandler handler = new NioWebSocketHandler(apiNode, sessionId, connectionId, local, remote,
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getOauth());
 			handler.channelActive(null);
 			websocketMap.put(connectionId, handler);
 		} catch (Exception e) {
@@ -2573,11 +2608,14 @@ public void sendGroupsUpdatedMessage(String username, String clientUid) {
 					}
 
 				} catch (Exception e) {
-					logger.error("sendGroupsUpdatedMessage : exception sending to user : " + username, e);
+					if (logger.isDebugEnabled()) {
+						logger.debug("sendGroupsUpdatedMessage : exception sending to user : " + username, e);
+					}
 				}
 			}
 
-			WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, groupChangeMessage, config().getNetwork().getServerId());
+			WebsocketMessagingBroker.brokerWebSocketMessage(websocketHits, groupChangeMessage,
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getServerId());
 
 		} catch (Exception e) {
 			logger.error("exception in sendGroupsUpdatedMessage!", e);
@@ -2588,7 +2626,7 @@ public void sendGroupsUpdatedMessage(String username, String clientUid) {
 	public boolean deleteSubscriptionssByCertificate(X509Certificate x509Certificate) {
 		List<Subscription> deletes = new LinkedList<>();
 		for(Map.Entry<User,Subscription> entry : subscriptionStore().getViewOfUserSubscriptionMap().entrySet()) {
-			if(entry.getKey().getCert() != null && entry.getKey().getCert().equals(x509Certificate)) {
+			if (entry.getKey().getCert() != null && entry.getKey().getCert().equals(x509Certificate)) {
 				deletes.add(entry.getValue());
 			}
 		}
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/MessagingInitializer.java b/src/takserver-core/src/main/java/com/bbn/marti/service/MessagingInitializer.java
index 1686cadf..60a115b1 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/MessagingInitializer.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/MessagingInitializer.java
@@ -2,6 +2,7 @@
 package com.bbn.marti.service;
 
 
+import com.bbn.marti.config.Configuration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -9,22 +10,19 @@
 import org.springframework.context.event.EventListener;
 import org.springframework.core.env.Environment;
 
-import com.bbn.marti.config.Buffer.Queue;
+import com.bbn.marti.config.Queue;
 import com.bbn.marti.injector.InjectionManager;
 import com.bbn.marti.injector.UidCotTagInjector;
 import com.bbn.marti.remote.exception.DuplicateFederateException;
 import com.bbn.marti.remote.groups.GroupManager;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 
 public class MessagingInitializer {
 
     private static final Logger logger = LoggerFactory.getLogger(MessagingInitializer.class);
     
-    // creation of this bean will force a load of config files
-    @Autowired
-    private DistributedConfiguration config;
-    
     @Autowired
     private SubmissionService submissionService;
     
@@ -53,6 +51,8 @@ public void init() {
     		logger.debug("active profile: " + profile);
     	}
 
+        Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
     	// Use the first command-line argument that doesn't start with -- as the CoreConfig filename
         if (config.getRepository().isEnable()) {
             try {
@@ -97,14 +97,13 @@ public void init() {
             brokerService.startService();
             repositoryService.startService();
             repeaterService.startService();
-            
-            
-            Queue queue = config.getRemoteConfiguration().getBuffer().getQueue();
+
+            Queue queue = config.getBuffer().getQueue();
             
             // if old default queue capacity is set, use the default instead
-            if (queue.getCapacity() == 10) {
-            	queue.setCapacity(null);
-            	config.saveChanges();
+            if (queue.getQueueSizeMaxCapacity() == 10) {
+            	queue.setQueueSizeMaxCapacity(null);
+                CoreConfigFacade.getInstance().saveChanges();
             }
            
             if (config.getNetwork().getAnnounce().isEnable()) {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/MissionPackageExtractor.java b/src/takserver-core/src/main/java/com/bbn/marti/service/MissionPackageExtractor.java
index c36ff15c..766502b7 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/MissionPackageExtractor.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/MissionPackageExtractor.java
@@ -3,14 +3,13 @@
 import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
-import java.rmi.RemoteException;
 import java.sql.SQLException;
 import java.util.NavigableSet;
 import java.util.Set;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 
-import javax.activation.MimetypesFileTypeMap;
+import jakarta.activation.MimetypesFileTypeMap;
 import javax.naming.NamingException;
 
 import org.apache.commons.io.FilenameUtils;
@@ -26,7 +25,6 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.socket.MissionPackageEntry;
 import com.bbn.marti.remote.socket.MissionPackageMessage;
@@ -39,6 +37,7 @@
 import com.google.common.base.Strings;
 
 import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 import tak.server.messaging.Messenger;
 
@@ -61,9 +60,6 @@ public class MissionPackageExtractor {
 	@Autowired
 	private Messenger<TakMessage> takMessenger;
 
-	@Autowired
-	private CoreConfig coreConfig;
-
 	public void missionPackageFromCot(CotEventContainer cot, NavigableSet<Group> groups) {
 
 		Document cotDoc = cot.getDocument();
@@ -192,7 +188,7 @@ public void unzip(MissionPackageMessage mpm, NavigableSet<Group> groups) {
 	}
 
 	private void loadSizeLimit() {
-		autoExtractSizeLimitMB = coreConfig.getRemoteConfiguration().getNetwork().getMissionPackageAutoExtractSizeLimitMB();
+		autoExtractSizeLimitMB = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getMissionPackageAutoExtractSizeLimitMB();
 
 		autoExtractSizeLimitBytes = ((long) autoExtractSizeLimitMB) * 1000000L;
 	}
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/PluginStore.java b/src/takserver-core/src/main/java/com/bbn/marti/service/PluginStore.java
index cc9ef053..9198c34c 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/PluginStore.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/PluginStore.java
@@ -5,7 +5,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 public class PluginStore {
 	private static final Logger logger = LoggerFactory.getLogger(SubscriptionStore.class);
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/RepeaterService.java b/src/takserver-core/src/main/java/com/bbn/marti/service/RepeaterService.java
index cb0f4ce6..a12f4c7d 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/RepeaterService.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/RepeaterService.java
@@ -9,6 +9,7 @@
 import java.util.NavigableSet;
 import java.util.concurrent.TimeUnit;
 
+import com.bbn.marti.config.Configuration;
 import org.apache.log4j.Logger;
 import org.dom4j.DocumentHelper;
 import org.dom4j.Element;
@@ -16,7 +17,6 @@
 import org.dom4j.XPath;
 
 import com.bbn.marti.config.Repeater;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.groups.GroupManager;
@@ -25,6 +25,7 @@
 import com.bbn.marti.repeater.DistributedRepeaterManager;
 import com.bbn.marti.util.Tuple;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cot.CotEventContainer;
 
@@ -58,7 +59,6 @@ public class RepeaterService extends BaseService {
 	// ** internal logic
 	private DistributedRepeaterManager repeaterManager;
 	private BrokerService brokerService;
-	private CoreConfig coreConfig;
 	private GroupManager groupManager;
 
 	// ** configuration driven
@@ -67,13 +67,12 @@ public class RepeaterService extends BaseService {
 	private Map<String, Tuple<String, String>> repeatableTypes = new HashMap<String, Tuple<String, String>>();
 	private ThreadLocal<HashMap<String, XPath>> xpathMap = new ThreadLocal<HashMap<String, XPath>>();
 
-	public RepeaterService(CoreConfig coreConfig, BrokerService brokerService, GroupManager groupManager, DistributedRepeaterManager repeaterMgr) {
+	public RepeaterService(BrokerService brokerService, GroupManager groupManager, DistributedRepeaterManager repeaterMgr) {
 		this.brokerService = brokerService;
-		this.coreConfig = coreConfig;
 		this.groupManager = groupManager;
 		this.repeaterManager = repeaterMgr;
 
-		Repeater repeater = DistributedConfiguration.getInstance().getRepeater();
+		Repeater repeater = CoreConfigFacade.getInstance().getRemoteConfiguration().getRepeater();
 		maxAllowedRepeatables = repeater.getMaxAllowedRepeatables();
 		repeaterManager.setPeriodMillis(repeater.getPeriodMillis());
 
@@ -85,7 +84,7 @@ public RepeaterService(CoreConfig coreConfig, BrokerService brokerService, Group
 	}
 
 	private void loadRepeatableTypesFromConfig() {
-		List<Repeater.RepeatableType> repeatableTypeObjects = coreConfig.getRemoteConfiguration().getRepeater().getRepeatableType();
+		List<Repeater.RepeatableType> repeatableTypeObjects = CoreConfigFacade.getInstance().getRemoteConfiguration().getRepeater().getRepeatableType();
 		for(Repeater.RepeatableType repeatableType : repeatableTypeObjects) {
 			String initiateTest = repeatableType.getInitiateTest();
 			String cancelTest = repeatableType.getCancelTest();
@@ -140,7 +139,7 @@ public boolean addToInputQueue(CotEventContainer cotMsg) {
 		// ** not. An applicable message is one that either initiates a repeating treatment, or cancels such treatment.
 		// ** All other messages are ignored by this service.
 		Tuple<Boolean, String> isInitiateMsg = isRepeatInitiatorMessage(cotMsg);
-		if(isInitiateMsg.left()) {
+		if (isInitiateMsg.left()) {
 
 
 
@@ -168,7 +167,7 @@ public boolean addToInputQueue(CotEventContainer cotMsg) {
 		        throw new TakException(e);
 		    }
 
-			if(hasRoomInQueueFor(cotMsg)) {
+			if (hasRoomInQueueFor(cotMsg)) {
 				repeaterManager.addMessage(cotMsg, isInitiateMsg.right());
 				return true;
 			} else {
@@ -180,8 +179,8 @@ public boolean addToInputQueue(CotEventContainer cotMsg) {
 				LOGGER.error("No room to store received repeatable message of type: " + isInitiateMsg.right() + ". Details follow: " + safeMessage);
 				return false;
 			}
-		} else if(isRepeatCancellationMessage(cotMsg)) {
-			if(repeaterManager.removeMessage(cotMsg.getUid(), false)) {
+		} else if (isRepeatCancellationMessage(cotMsg)) {
+			if (repeaterManager.removeMessage(cotMsg.getUid(), false)) {
 				LOGGER.debug("Cancelling repeater treatment for " + cotMsg.getUid());
 				return true;
 			} else {
@@ -270,11 +269,12 @@ public void stopService(boolean wait) {
 	 * This is the core logic that is executed on a periodic basis. It results in all repeatable messages being disseminated.
 	 */
 	private void executePeriodicTask() {
-		if (active && coreConfig.getRemoteConfiguration().getRepeater().isEnable()) {
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+		if (active && config.getRepeater().isEnable()) {
 			for (CotEventContainer cotMsg : repeaterManager.getMessages()) {
 				long now = System.currentTimeMillis();
 				cotMsg.setTime(DateUtil.toCotTime(now));
-				cotMsg.setStale(DateUtil.toCotTime(now + coreConfig.getRemoteConfiguration().getRepeater().getStaleDelayMillis()));
+				cotMsg.setStale(DateUtil.toCotTime(now + config.getRepeater().getStaleDelayMillis()));
 
 				if (LOGGER.isDebugEnabled()) {
 					LOGGER.debug("submitted repeated message to broker service: " + cotMsg);
@@ -301,7 +301,7 @@ private void executePeriodicTask() {
 
 				long now = System.currentTimeMillis();
 				cotMsg.setTime(DateUtil.toCotTime(now));
-				cotMsg.setStale(DateUtil.toCotTime(now + coreConfig.getRemoteConfiguration().getRepeater().getStaleDelayMillis()));
+				cotMsg.setStale(DateUtil.toCotTime(now + config.getRepeater().getStaleDelayMillis()));
 				cotMsg.setType("b-a-o-can");
 
 				String callsign = cotMsg.getCallsign();
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/RepositoryService.java b/src/takserver-core/src/main/java/com/bbn/marti/service/RepositoryService.java
index dc3d6445..83b1d7dc 100755
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/RepositoryService.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/RepositoryService.java
@@ -22,9 +22,15 @@
 import java.util.UUID;
 import java.util.concurrent.RejectedExecutionException;
 
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
 import javax.naming.NamingException;
-import javax.xml.bind.DatatypeConverter;
+import jakarta.xml.bind.DatatypeConverter;
+
+import com.bbn.marti.config.Configuration;
+import com.google.common.base.Strings;
+import com.zaxxer.hikari.HikariDataSource;
+
+import io.micrometer.core.instrument.Metrics;
 
 import org.apache.log4j.Logger;
 import org.dom4j.Element;
@@ -53,11 +59,9 @@
 import com.bbn.marti.remote.util.SecureXmlParser;
 import com.bbn.marti.util.FixedSizeBlockingQueue;
 import com.bbn.marti.util.Iterables;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import com.google.common.base.Strings;
-import com.zaxxer.hikari.HikariDataSource;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
-import io.micrometer.core.instrument.Metrics;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cache.CoTCacheHelper;
 import tak.server.cache.MissionCacheResolver;
@@ -69,8 +73,6 @@ public class RepositoryService extends BaseService {
 
 	public static String CALLSIGN_DEST_XPATH = "/event/detail/marti/dest[@callsign]";
 
-	private DistributedConfiguration config = DistributedConfiguration.getInstance();
-
 	@Autowired
 	private SubscriptionManager subscriptionManager;
 
@@ -107,7 +109,7 @@ public static RepositoryService getInstance() {
 	@PostConstruct
 	public void init() {
 
-		Repository repository = config.getRepository();
+		Repository repository = CoreConfigFacade.getInstance().getRemoteConfiguration().getRepository();
 		dateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
 
 		INSERTION_BATCH_SIZE = repository.getInsertionBatchSize();
@@ -281,7 +283,7 @@ public void insertBatchCotData(List<CotEventContainer> events) {
 
 								final boolean[] fgroupBitVector = groupsBitVector;
 
-								if (config.getRemoteConfiguration().getBuffer().getQueue().isCacheCotInRepository()) {
+								if (CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().isCacheCotInRepository()) {
 									// cache latest CoT for each uid
 									Resources.messageCacheProcessor.execute(() -> {
 										cotCacheHelper.cacheCoT(event, RemoteUtil.getInstance().bitVectorToString(fgroupBitVector));
@@ -769,6 +771,7 @@ public boolean hasRoomInQueueFor(CotEventContainer c) {
 	 */
 	public void auditCallsignUIDEventAsync(String callsign, String uid, String username, ConnectionEventTypeValue eventType, String groupVector) {
 
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 		if (!config.getRepository().isEnable()) {
 			return;
 		}
@@ -848,6 +851,8 @@ public void auditCallsignUIDEventAsync(String callsign, String uid, String usern
 	//    @CacheEvict(value = Constants.CONTACTS_CACHE, allEntries = true)
 	public void closeOpenCallsignAudits() {
 
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
     	if (!config.getRepository().isEnable()) {
 			return;
 		}
@@ -1012,6 +1017,8 @@ public void testDatabaseConnection() throws Exception {
 	}
 
 	public int getMaxConnections() {
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
 	    if (!config.getRepository().isEnable()) {
 	        log.info("the repository is not enabled in CoreConfig.xml");
 	        return 1;
@@ -1032,12 +1039,14 @@ public int getMaxConnections() {
 	}
 
 	public void reinitializeConnectionPool() {
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
 	    if (!config.getRepository().isEnable()) {
 	        log.info("the repository is not enabled in CoreConfig.xml");
 	        return;
 	    }
 	    log.info("reinitialize the connection pool");
-	    Repository repository = this.config.getRepository();
+	    Repository repository = config.getRepository();
         int numDbConnections;
         if (repository.isConnectionPoolAutoSize()) {
             numDbConnections = 200 + (int) Math.min(845, (Runtime.getRuntime().availableProcessors() - 4) * 9.2);
@@ -1058,7 +1067,7 @@ public void reinitializeConnectionPool() {
 	}
 
 	public String getServerVersion() {
-	    if (!config.getRepository().isEnable()) {
+	    if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getRepository().isEnable()) {
 	        log.info("the repository is not enabled in CoreConfig.xml");
 	        return "";
 	    }
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/Resources.java b/src/takserver-core/src/main/java/com/bbn/marti/service/Resources.java
index 65a961ec..61b96a72 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/Resources.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/Resources.java
@@ -14,25 +14,28 @@
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 
+import com.google.common.util.concurrent.ThreadFactoryBuilder;
+
+import io.netty.channel.EventLoopGroup;
+import io.netty.channel.nio.NioEventLoopGroup;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
 
-import com.bbn.marti.config.Buffer.Queue;
+import com.bbn.marti.config.Queue;
 import com.bbn.marti.config.Configuration;
 import com.bbn.marti.util.concurrent.executor.AsyncDelegatingExecutor;
 import com.bbn.marti.util.concurrent.executor.OrderedExecutor;
 import com.bbn.marti.util.concurrent.executor.SizedOrderedExecutor;
-import com.google.common.util.concurrent.ThreadFactoryBuilder;
 
-import io.netty.channel.EventLoopGroup;
-import io.netty.channel.nio.NioEventLoopGroup;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 public class Resources {
 
-	private static Configuration config = DistributedConfiguration.getInstance().getRemoteConfiguration();
+	private static Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
-	private static Queue queue = DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue();
+	private static Queue queue = CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue();
 
 	private static final int POOL_SIZE_INITIAL = 1;
 
@@ -100,10 +103,6 @@ public class Resources {
 	// pool used for processing messages
 	public static final ExecutorService messageProcessor = !IS_LOW_CORE ? newExecutorService("MessageProcessor", POOL_SIZE_INITIAL, POOL_SIZE_MAX) : lowCoreExecutorService;
 
-	public static final ExecutorService readParseProcessor = !IS_LOW_CORE ? newExecutorService("ReadParseProcessor", POOL_SIZE_INITIAL, POOL_SIZE_MAX) : lowCoreExecutorService;
-	
-	public static final ExecutorService writeParseProcessor = !IS_LOW_CORE ? newExecutorService("WriteParseProcessor", POOL_SIZE_INITIAL, POOL_SIZE_MAX) : lowCoreExecutorService;
-	
 	public static final ExecutorService tcpStaticSubProcessor = !IS_LOW_CORE ? newExecutorService("TcpStaticSubProcessor", POOL_SIZE_INITIAL, POOL_SIZE_MAX) : lowCoreExecutorService;
 
 	// pool used for proto negotiation
@@ -206,7 +205,7 @@ private static OrderedExecutor newOrderedExecutor(String name, int capacity, int
 		return new SizedOrderedExecutor(new AsyncDelegatingExecutor(executor, name), capacity, name);
 	}
 
-	private static ExecutorService newExecutorService(String name, int initialPoolSize, int maxPoolSize) {
+	public static ExecutorService newExecutorService(String name, int initialPoolSize, int maxPoolSize) {
 
 		return newExecutorService(name, initialPoolSize, maxPoolSize, EXEC_QUEUE_SIZE);
 	}
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/SSLConfig.java b/src/takserver-core/src/main/java/com/bbn/marti/service/SSLConfig.java
index 5455c99f..51982b04 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/SSLConfig.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/SSLConfig.java
@@ -45,7 +45,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.bbn.marti.config.ConfigHelper;
+import com.bbn.marti.remote.config.ConfigHelper;
 import com.bbn.marti.config.Tls;
 import com.bbn.marti.nio.util.SslSource;
 import com.bbn.marti.util.Assertion;
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/SubmissionService.java b/src/takserver-core/src/main/java/com/bbn/marti/service/SubmissionService.java
index c9538ff0..ccad94cc 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/SubmissionService.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/SubmissionService.java
@@ -1,11 +1,8 @@
-
-
 package com.bbn.marti.service;
 
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
-import java.io.StringReader;
 import java.net.InetAddress;
 import java.net.NetworkInterface;
 import java.net.UnknownHostException;
@@ -29,15 +26,15 @@
 import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.RejectedExecutionException;
 import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicLong;
 import java.util.stream.Collectors;
 
 import javax.xml.XMLConstants;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
+import com.google.common.base.Strings;
+import com.google.common.collect.Lists;
+
+import io.micrometer.core.instrument.Metrics;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.EnumUtils;
@@ -56,6 +53,8 @@
 import org.springframework.context.event.EventListener;
 import org.xml.sax.SAXException;
 
+import atakmap.commoncommo.protobuf.v1.MessageOuterClass.Message;
+
 import com.bbn.cot.filter.DataFeedFilter;
 import com.bbn.cot.filter.DropEventFilter;
 import com.bbn.cot.filter.FlowTagFilter;
@@ -107,7 +106,6 @@
 import com.bbn.marti.remote.AuthenticationConfigInfo;
 import com.bbn.marti.remote.ConnectionEventTypeValue;
 import com.bbn.marti.remote.ContactManager;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.InputMetric;
 import com.bbn.marti.remote.MessagingConfigInfo;
 import com.bbn.marti.remote.MessagingConfigurator;
@@ -131,13 +129,10 @@
 import com.bbn.marti.util.MessageConversionUtil;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
 import com.bbn.marti.util.Tuple;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import com.google.common.base.Strings;
-import com.google.common.collect.Lists;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
-import atakmap.commoncommo.protobuf.v1.MessageOuterClass.Message;
-import io.micrometer.core.instrument.Metrics;
 import tak.server.CommonConstants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cache.ActiveGroupCacheHelper;
 import tak.server.cache.DatafeedCacheHelper;
@@ -180,10 +175,6 @@ public static enum ChannelType {FED_V1, FED_V2, COT};
 
 	private boolean alwaysArchiveMissionCot = false;
 
-    private DistributedConfiguration config;
-
-    private final CoreConfig coreConfig;
-
     private final DistributedFederationManager federationManager;
 
 	private final GroupFederationUtil groupFederationUtil;
@@ -208,16 +199,12 @@ public static enum ChannelType {FED_V1, FED_V2, COT};
 
     private final MessageConverter messageConverter;
 
-//    private final ActiveGroupCacheHelper activeGroupCacheHelper;
-    
     private final RemoteUtil remoteUtil;
 
     private static SubmissionService instance = null;
 
     private static String MASK_WORD_FOR_DISPLAY = "********";
 
-    private AtomicBoolean isIntercept = null;
-    
     private DataFeedRepository dataFeedRepository;
     
 	@Autowired
@@ -261,8 +248,9 @@ public static SubmissionService getInstance() {
     public SubmissionService(DistributedFederationManager dfm, NioNettyBuilder nb, MessagingUtilImpl mui, NioServer ns,
                              GroupManager gm, ScrubInvalidValues siv, MessageConversionUtil mcu,
                              GroupFederationUtil gfu, InjectionManager im, RepositoryService rs,
-                             Ignite i, SubscriptionManager sm, SubscriptionStore store, FlowTagFilter flowTag, ContactManager contactManager, ServerInfo serverInfo, CoreConfig coreConfig,
-                             MessageConverter messageConverter, ActiveGroupCacheHelper agch, RemoteUtil remoteUtil, DataFeedRepository dfr) {
+                             Ignite i, SubscriptionManager sm, SubscriptionStore store, FlowTagFilter flowTag,
+							 ContactManager contactManager, ServerInfo serverInfo, MessageConverter messageConverter,
+							 ActiveGroupCacheHelper agch, RemoteUtil remoteUtil, DataFeedRepository dfr) {
     	this.federationManager = dfm;
         this.nettyBuilder = nb;
         this.messagingUtil = mui;
@@ -279,14 +267,12 @@ public SubmissionService(DistributedFederationManager dfm, NioNettyBuilder nb, M
         this.flowTagFilter = flowTag;
         this.contactManager = contactManager;
         this.serverInfo = serverInfo;
-        this.coreConfig = coreConfig;
         this.messageConverter = messageConverter;
-//        this.activeGroupCacheHelper = agch;
         this.remoteUtil = remoteUtil;
         this.dataFeedRepository = dfr;
 
-        DistributedConfiguration dc = DistributedConfiguration.getInstance();
-        Auth.Ldap ldapConfig = dc.getAuth().getLdap();
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+        Auth.Ldap ldapConfig = config.getAuth().getLdap();
         if (ldapConfig != null) {
         	if (logger.isDebugEnabled()) {
         		logger.debug("setting up LDAP authenticator");
@@ -295,9 +281,9 @@ public SubmissionService(DistributedFederationManager dfm, NioNettyBuilder nb, M
             // "inject" group manager dependency in the singleton instance of LdapAuthenticator
             LdapAuthenticator.getInstance(ldapConfig, gm);
 
-            dc.getAuth().setX509AddAnonymous(ldapConfig.isX509AddAnonymous());
-            dc.getAuth().setX509Groups(ldapConfig.isX509Groups());
-            dc.saveChanges();
+			config.getAuth().setX509AddAnonymous(ldapConfig.isX509AddAnonymous());
+			config.getAuth().setX509Groups(ldapConfig.isX509Groups());
+			CoreConfigFacade.getInstance().saveChanges();
         }
     }
 
@@ -312,7 +298,7 @@ public SubmissionService(DistributedFederationManager dfm, NioNettyBuilder nb, M
     @EventListener({ContextRefreshedEvent.class})
     public void init() throws IOException, DocumentException {
 
-        config = DistributedConfiguration.getInstance();
+        Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
         // setup the global geospatial input filter
         if (config.getFilter().getGeospatialFilter() != null) {
@@ -443,11 +429,11 @@ public void init() throws IOException, DocumentException {
 
 					if (feed.getTag().size() > 0) {
 						dataFeedRepository.removeAllDataFeedTagsById(dataFeedId);
-						dataFeedRepository.addDataFeedTags(dataFeedId, feed.getTag());
+						dataFeedRepository.addDataFeedTags(dataFeedId, feed.getTag().toArray(String[]::new));
 					}
 					if (feed.getFiltergroup().size() > 0) {
 						dataFeedRepository.removeAllDataFeedFilterGroupsById(dataFeedId);
-						dataFeedRepository.addDataFeedFilterGroups(dataFeedId, feed.getFiltergroup());
+						dataFeedRepository.addDataFeedFilterGroups(dataFeedId, feed.getFiltergroup().toArray(String[]::new));
 					}
 				} else {
 					if (dataFeedRepository.getDataFeedByName(feed.getName()).size() != 1) {
@@ -462,11 +448,11 @@ public void init() throws IOException, DocumentException {
 
 						if (feed.getTag().size() > 0) {
 							dataFeedRepository.removeAllDataFeedTagsById(dataFeedId);
-							dataFeedRepository.addDataFeedTags(dataFeedId, feed.getTag());
+							dataFeedRepository.addDataFeedTags(dataFeedId, feed.getTag().toArray(String[]::new));
 						}
 						if (feed.getFiltergroup().size() > 0) {
 							dataFeedRepository.removeAllDataFeedFilterGroupsById(dataFeedId);
-							dataFeedRepository.addDataFeedFilterGroups(dataFeedId, feed.getFiltergroup());
+							dataFeedRepository.addDataFeedFilterGroups(dataFeedId, feed.getFiltergroup().toArray(String[]::new));
 						}
 					}
 				}
@@ -603,7 +589,7 @@ public void init() throws IOException, DocumentException {
         });
 
         // use ignite for plugin messaging when outside the cluster
-        if (config.getRemoteConfiguration().getPlugins().isUsePluginMessageQueue() && !config.getRemoteConfiguration().getCluster().isEnabled()) {
+        if (config.getPlugins().isUsePluginMessageQueue() && !config.getCluster().isEnabled()) {
 
         	// listen for messages from plugins
         	ignite.message().localListen(CommonConstants.PLUGIN_PUBLISH_TOPIC, (nodeId, message) -> {
@@ -922,7 +908,9 @@ public Subscription createSubscriptionFromConnection(ChannelHandler handler, Pro
     	
 		// Add to subscribers
         try {
-            long uid = config.getRemoteConfiguration().getCluster().isEnabled() ?
+			Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
+            long uid = config.getCluster().isEnabled() ?
                         IgniteHolder.getInstance().getIgnite().atomicLong("streamingUidGen", 1, true).getAndIncrement() :
                         streamingUidGen.getAndIncrement();
 
@@ -995,6 +983,8 @@ private String getGroupVectorFromHandler(ChannelHandler handler) {
     }
 
     public void handleChannelDisconnect(ChannelHandler handler) {
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
 		try {
 
 			if (logger.isDebugEnabled()) {
@@ -1027,7 +1017,7 @@ public void handleChannelDisconnect(ChannelHandler handler) {
                             getGroupVectorFromHandler(handler));
                 }
             }
-            if (config.getRemoteConfiguration().getFederation() != null) {
+            if (config.getFederation() != null) {
                 federationManager.removeLocalContact(subscription.clientUid);
             }
 
@@ -1067,7 +1057,9 @@ public String toString() {
 
 		@Override
         public void onDataReceived(final CotEventContainer data, ChannelHandler handler, Protocol<CotEventContainer> protocol) {
-        	if (config.getRemoteConfiguration().getSubmission().isIgnoreStaleMessages()) {
+			Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
+        	if (config.getSubmission().isIgnoreStaleMessages()) {
                 if (MessageConversionUtil.isStale(data)) {
                 	if (logger.isDebugEnabled()) {
                 		logger.debug("ignoring stale message: " + data);
@@ -1088,8 +1080,7 @@ public void onDataReceived(final CotEventContainer data, ChannelHandler handler,
                 metric.getMessagesReceived().incrementAndGet();
                 metric.getBytesRecieved().addAndGet(data.toString().length());
 
-				if(input instanceof DataFeed)
-				{
+                if (input instanceof DataFeed) {
 					DataFeed feed = (DataFeed) input;
 					if (Strings.isNullOrEmpty(feed.getUuid())) {
 						double lat = Double.valueOf(data.getLat()).doubleValue();
@@ -1215,7 +1206,7 @@ public void onDataReceived(final CotEventContainer data, ChannelHandler handler,
                 }
             }
 
-            if(scrubInvalidValues.filter(data) == null) {
+            if (scrubInvalidValues.filter(data) == null) {
                 logger.warn("Dropping CoT with invalid values");
                 return;
             }
@@ -1244,7 +1235,7 @@ public void onDataReceived(final CotEventContainer data, ChannelHandler handler,
                 }
 
                 if (Strings.isNullOrEmpty(sub.clientUid) || sub.clientUid.compareTo(data.getUid()) == 0) {
-                	if (config.getRemoteConfiguration().getFederation() != null) {
+                	if (config.getFederation() != null) {
                 		try {
                 			federationManager.addLocalContact(data, handler);
                 		} catch (Exception e) {
@@ -1370,6 +1361,8 @@ private void forwardMessages(Subscription sub, String groupVector) {
                     return;
                 }
 
+				Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
                 long storeForwardQueryBufferMs = config.getBuffer().getQueue().getStoreForwardQueryBufferMs();
                 long storeForwardSendBufferMs = config.getBuffer().getQueue().getStoreForwardSendBufferMs();
 
@@ -1400,9 +1393,10 @@ private void forwardMessages(Subscription sub, String groupVector) {
 		public void onDataReceived(CotEventContainer data, ChannelHandler handler, Protocol<CotEventContainer> protocol) {
 			try {
 				Resources.callsignAssignmentExecutor.execute(() -> {
-					String endpoint = data.getEndpoint();
-					String callsign = data.getCallsign();
-					if (endpoint != null || data.matchXPath("/event/detail/selfSA")) {
+					CotEventContainer copy = data.copy();
+					String endpoint = copy.getEndpoint();
+					if (endpoint != null) {
+						String callsign = copy.getCallsign();
 						protocol.removeProtocolListener(this);
 						if (logger.isDebugEnabled()) {
 							logger.debug("Extracting callsign for message from handler " + handler);
@@ -1425,7 +1419,7 @@ public void onDataReceived(CotEventContainer data, ChannelHandler handler, Proto
 							}
 						}
 
-						if (config.getBuffer().getQueue().isEnableStoreForwardChat()) {
+						if (CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().isEnableStoreForwardChat()) {
 							try {
 								forwardMessages(sub, groupVector);
 							} catch (Exception e) {
@@ -1458,13 +1452,23 @@ public void onDataReceived(CotEventContainer data, ChannelHandler handler, Proto
 		}
     };
 
-    // default to not clustering the input add
+    // default to not clustering the input add and saving
     public void addInput(Input input) throws IOException {
-    	addInput(input, false);
+        addInput(input, false, true);
+    }
+
+    @Override
+    public void addInputAndSave(Input newInput, boolean cluster) throws IOException {
+        addInput(newInput, cluster, true);
+    }
+
+    @Override
+    public void addInputNoSave(Input newInput, boolean cluster) throws IOException {
+        addInput(newInput, cluster, false);
     }
 
     // add input business logic, optional clustering of the input add
-    public void addInput(Input input, boolean cluster) throws IOException {
+    public void addInput(Input input, boolean cluster, boolean saveChanges) throws IOException {
     	
     	logger.info("input class type: " + input.getClass().getSimpleName());
     	
@@ -1482,7 +1486,9 @@ public void addInput(Input input, boolean cluster) throws IOException {
 			}
 			if (feed.getProtocol() == null || feed.getType().equals("Plugin")) {
 		        addMetric(input, new InputMetric(input));
-		        config.addInputAndSave(input);
+                if (saveChanges) {
+				CoreConfigFacade.getInstance().addInputAndSave(input);
+                }
 		        return;
 			}
         }
@@ -1495,8 +1501,10 @@ public void addInput(Input input, boolean cluster) throws IOException {
 
         if (input.getProtocol().equals("grpc")) {
         	nettyBuilder.buildGrpcServer(input);
-        }
-        else if (!isUdp) {
+        } else if (input.getProtocol().equals("quic")) {
+        	input.setCoreVersion2TlsVersions("TLSv1.3");     	
+        	nettyBuilder.buildQuicServer(input);
+        } else if (!isUdp) {
 
         	if (isTls) {
         		nettyBuilder.buildTlsServer(input);
@@ -1507,7 +1515,7 @@ else if (!isUdp) {
         	}
         } else {
 
-            if (config.getRemoteConfiguration().getSecurity() == null) {
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity() == null) {
                 throw new IllegalArgumentException("Security section of CoreConfig is required");
             }
             
@@ -1549,8 +1557,9 @@ else if (!isUdp) {
 
 		}
         addMetric(input, new InputMetric(input));
-
-        config.addInputAndSave(input);
+        if (saveChanges) {
+		CoreConfigFacade.getInstance().addInputAndSave(input);
+        }
     }
 
     public void removeInput(String inputName) {
@@ -1640,16 +1649,17 @@ public boolean addToInputQueue(CotEventContainer c) {
 
         		messageReceivedLocal.incrementAndGet();
 
-        		if (config.getRemoteConfiguration().getCluster().isEnabled() && MessagingDependencyInjectionProxy.getInstance().clusterManager() != null) {
+				Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
+        		if (config.getCluster().isEnabled() && MessagingDependencyInjectionProxy.getInstance().clusterManager() != null) {
         			ClusterManager.countMessageReceived();
         		}
 
-        		if (config.getRemoteConfiguration().getCluster().isEnabled()
+        		if (config.getCluster().isEnabled()
         				&& MessagingDependencyInjectionProxy.getInstance().clusterManager() != null
         				&& !isControlMessage(c.getType())
         				&& (c.getContextValue(Constants.PLUGIN_MESSAGE_KEY) == null
-        					|| ((Boolean) c.getContextValue(Constants.PLUGIN_MESSAGE_KEY)).booleanValue() != true))
-        		{
+                    || ((Boolean) c.getContextValue(Constants.PLUGIN_MESSAGE_KEY)).booleanValue() != true)) {
         			Resources.clusterStateProcessor.execute(() -> {
         				MessagingDependencyInjectionProxy.getInstance().clusterManager().onDataMessage(c);
         			});
@@ -1727,6 +1737,8 @@ protected void processNextEvent() {
         	logger.trace("passed control message check");
         }
 
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
         if (config.getFilter().getFlowtag().isEnable() && c.matchXPath("/event/detail/_flow-tags_[@" + flowTagFilter.flowTag() + "]")) {
             //we've already processed this message, throw it away
         	logger.error("Duplicate message - already processed by this takserver");
@@ -2019,7 +2031,7 @@ private List<CodecSource> getCodecSources(Input input) {
 
         if (isTls) {
 
-            Tls tlsConfig = config.getRemoteConfiguration().getSecurity().getTls();
+            Tls tlsConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity().getTls();
 
             if (tlsConfig == null) {
                 throw new IllegalArgumentException("tls config not available");
@@ -2083,13 +2095,22 @@ private List<CodecSource> getCodecSources(Input input) {
 
     @Override
     public NetworkInputAddResult addInputAndSave(Input newInput) {
+        return validateAndAddInput(newInput, true);
+    }
+
+    @Override
+    public NetworkInputAddResult addInputNoSave(Input newInput) {
+        return validateAndAddInput(newInput, false);
+    }
+
+    private NetworkInputAddResult validateAndAddInput(Input newInput, boolean saveChanges) {
 
 
     	if (logger.isDebugEnabled()) {
     		logger.debug("addInputAndSave " + newInput.getName() + " " + newInput.getPort() + " " + newInput.getAuth());
     	}
 
-		DistributedConfiguration config = MessagingDependencyInjectionProxy.getInstance().coreConfig();
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
     	NetworkInputAddResult returnResult = NetworkInputAddResult.SUCCESS;
 
@@ -2106,8 +2127,8 @@ public NetworkInputAddResult addInputAndSave(Input newInput) {
 
     			} else {
 
-    				List<Input> currentInputList = config.getNetworkInputs();
-					List<DataFeed> currentDataFeedList = config.getNetworkDataFeeds();
+    				List<Input> currentInputList = CoreConfigFacade.getInstance().getNetworkInputs();
+					List<DataFeed> currentDataFeedList = CoreConfigFacade.getInstance().getNetworkDataFeeds();
     				String protocol = newInput.getProtocol();
 
     				boolean isUdp = protocol.equals(TransportCotEvent.UDP.configID);
@@ -2174,7 +2195,7 @@ public NetworkInputAddResult addInputAndSave(Input newInput) {
     			}
 
     			if (returnResult == NetworkInputAddResult.SUCCESS) {
-    				addInput(newInput, true);
+                    addInput(newInput, true, saveChanges);
     			}
 
     			if (logger.isDebugEnabled()) {
@@ -2191,14 +2212,25 @@ public NetworkInputAddResult addInputAndSave(Input newInput) {
 
     @Override
     public void removeInputAndSave(String name) {
+        removeInput(name, true);
+    }
+
+    @Override
+    public void removeInputNoSave(String name) {
+        removeInput(name, false);
+    }
+
+    public void removeInput(String name, boolean saveChanges) {
+
     	if (logger.isDebugEnabled()) {
     		logger.debug("Removing input '" + name + "' if it exists.");
     	}
-
+        if (saveChanges) {
     	try {
-    		config.removeInputAndSave(name);
+			CoreConfigFacade.getInstance().removeInputAndSave(name);
     	} catch (RemoteException e) {
     		throw new TakException(e);
+            }
     	}
 
         // untrack metrics
@@ -2256,7 +2288,16 @@ public InputMetric getInputMetric(String name) {
     }
 
     @Override
-    public ConnectionModifyResult modifyInputAndSave(String inputName, Input modifiedInput) {
+    public ConnectionModifyResult modifyInputAndSave(String inputName, Input input) {
+        return modifyInput(inputName, input, true);
+    }
+
+    @Override
+    public ConnectionModifyResult modifyInputNoSave(String inputName, Input input) {
+        return modifyInput(inputName, input, false);
+    }
+
+    public ConnectionModifyResult modifyInput(String inputName, Input modifiedInput, boolean saveChanges) {
 
     	if (logger.isDebugEnabled()) {
     		logger.debug("modifyInputAndSave " + inputName + " " + modifiedInput);
@@ -2264,7 +2305,7 @@ public ConnectionModifyResult modifyInputAndSave(String inputName, Input modifie
 
     	synchronized (configLock) {
     		try {
-    			Input currentState = config.getInputByName(inputName);
+    			Input currentState = CoreConfigFacade.getInstance().getInputByName(inputName);
 
     			if (currentState == null) {
     				return ConnectionModifyResult.FAIL_NONEXISTENT;
@@ -2296,13 +2337,24 @@ public ConnectionModifyResult modifyInputAndSave(String inputName, Input modifie
     			// Modify the groups
     			String originalGroupList = Arrays.deepToString(currentState.getFiltergroup().toArray());
 
-    			ConnectionModifyResult result = config.updateInputGroupsNoSave(inputName, modifiedInput.getFiltergroup().toArray(new String[modifiedInput.getFiltergroup().size()]));
-    			if (result != ConnectionModifyResult.SUCCESS) {
+                ConnectionModifyResult result;
+
+                if (saveChanges) {
+                    result = CoreConfigFacade.getInstance().updateInputGroupsNoSave(inputName, modifiedInput.getFiltergroup().toArray(new String[modifiedInput.getFiltergroup().size()]));
+    			if (result.getHttpStatusCode() != ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
                     return result;
                 }
+                } else {
+                    if (CoreConfigFacade.getInstance().getInputByName(inputName) == null) {
+                        return ConnectionModifyResult.FAIL_NONEXISTENT;
+                    }
+                }
 
-    			groupFederationUtil.updateInputGroups(config.getInputByName(inputName));
-    			config.saveChangesAndUpdateCache();
+
+    			groupFederationUtil.updateInputGroups(CoreConfigFacade.getInstance().getInputByName(inputName));
+                if (saveChanges) {
+				CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
+                }
 
     			if (logger.isDebugEnabled()) {
     				logger.debug("Input '" + inputName + "' has had its groups changed from " + originalGroupList + " to " + Arrays.deepToString(modifiedInput.getFiltergroup().toArray()));
@@ -2316,24 +2368,24 @@ public ConnectionModifyResult modifyInputAndSave(String inputName, Input modifie
 			    logger.info("modified arch, arch_only, federated: " + modifiedInput.isArchive() + "," + modifiedInput.isArchiveOnly() +
 					"," + modifiedInput.isFederated());
     				if (currentState.isArchive() != modifiedInput.isArchive()) {
-    					result = config.setArchiveFlagNoSave(inputName, modifiedInput.isArchive());
-    					if (result != ConnectionModifyResult.SUCCESS) {
+    					result = CoreConfigFacade.getInstance().setArchiveFlagNoSave(inputName, modifiedInput.isArchive());
+    					if (result.getHttpStatusCode() != ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
                             return result;
                         }
     				}
 
     				// Modify the archive only flag
     				if (currentState.isArchiveOnly() != modifiedInput.isArchiveOnly()) {
-    					result = config.setArchiveOnlyFlagNoSave(inputName, modifiedInput.isArchiveOnly());
-    					if (result != ConnectionModifyResult.SUCCESS) {
+    					result = CoreConfigFacade.getInstance().setArchiveOnlyFlagNoSave(inputName, modifiedInput.isArchiveOnly());
+    					if (result.getHttpStatusCode() != ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
                             return result;
                         }
     				}
     				
     				// Modify federated flag
       				if (currentState.isFederated() != modifiedInput.isFederated()) {
-      					result = config.setFederatedFlagNoSave(inputName, modifiedInput.isFederated());
-    					if (result != ConnectionModifyResult.SUCCESS) {
+      					result = CoreConfigFacade.getInstance().setFederatedFlagNoSave(inputName, modifiedInput.isFederated());
+    					if (result.getHttpStatusCode() != ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
                             return result;
                         }
     				}
@@ -2341,60 +2393,77 @@ public ConnectionModifyResult modifyInputAndSave(String inputName, Input modifie
 				// Modify syncCacheRetentionSeconds value
 
 				if (currentState.getSyncCacheRetentionSeconds() !=
-				    modifiedInput.getSyncCacheRetentionSeconds())
-				    {
-					result = config.setSyncCacheRetentionSeconds(inputName, modifiedInput.getSyncCacheRetentionSeconds());
-					if(result != ConnectionModifyResult.SUCCESS)
-					    {
+                        modifiedInput.getSyncCacheRetentionSeconds()) {
+                        if (saveChanges) {
+					result = CoreConfigFacade.getInstance().setSyncCacheRetentionSeconds(inputName, modifiedInput.getSyncCacheRetentionSeconds());
+                            if (result.getHttpStatusCode() != ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
 						return result;
+                            }
+                        } else {
+                            if (CoreConfigFacade.getInstance().getInputByName(inputName) == null) {
+                                return ConnectionModifyResult.FAIL_NONEXISTENT;
+                            }
 					    }
 				    }
     				
 					// Save the flag changes;
-    				updateProtocolListeners(config.getInputByName(inputName));
+    				updateProtocolListeners(CoreConfigFacade.getInstance().getInputByName(inputName));
     				nettyBuilder.modifyServerInput(modifiedInput);
-    				config.saveChangesAndUpdateCache();
+                    if (saveChanges) {
+					CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
     			}
+                }
     			
     			// Modify data feed attributes
 				if (modifiedInput instanceof DataFeed && currentState instanceof DataFeed) {
 					DataFeed modifiedDataFeed = (DataFeed) modifiedInput;
 					DataFeed currentDataFeed = (DataFeed) currentState;
 
-					config.updateTagsNoSave(inputName, modifiedDataFeed.getTag());
+					CoreConfigFacade.getInstance().updateTagsNoSave(inputName, modifiedDataFeed.getTag());
 					
 					if (modifiedDataFeed.isSync() != currentDataFeed.isSync()) {
-						result = config.setSyncFlagNoSave(inputName, modifiedDataFeed.isSync());
-						if (result != ConnectionModifyResult.SUCCESS) {
+						result = CoreConfigFacade.getInstance().setSyncFlagNoSave(inputName, modifiedDataFeed.isSync());
+						if (result.getHttpStatusCode() != ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
 							return result;
 						}
 					}
-					config.saveChangesAndUpdateCache();
+                    if (saveChanges) {
+					CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
 				}
+                }
 				
 				// Update input in inputMetric
-				updateMetric(config.getInputByName(inputName));
-    		}
-    		catch (RemoteException e) {
+				updateMetric(CoreConfigFacade.getInstance().getInputByName(inputName));
+            } catch (RemoteException e) {
     			throw new TakException(e); // will not happen
     		}
 
     		return ConnectionModifyResult.SUCCESS;
+        }
     	}
 
+    @Override
+    public void removeDataFeedAndSave(String name) {
+        removeDataFeed(name, true);
     }
 
 	@Override
-	public void removeDataFeedAndSave(String name) {
+    public void removeDataFeedNoSave(String name) {
+        removeDataFeed(name, false);
+    }
+
+    public void removeDataFeed(String name, boolean saveChanges) {
 		if (logger.isDebugEnabled()) {
 			logger.debug("Removing datafeed '" + name + "' if it exists.");
 		}
 
+        if (saveChanges) {
 		try {
-			config.removeDataFeedAndSave(name);
+			CoreConfigFacade.getInstance().removeDataFeedAndSave(name);
 		} catch (RemoteException e) {
 			throw new TakException(e);
 		}
+        }
 
         // untrack metrics
         InputMetric inputMetric = inputMetrics.get(name);
@@ -2469,7 +2538,7 @@ public InputMetric getMetricByPort(int port) {
 
     @Override
     public MessagingConfigInfo getMessagingConfig() {
-        Configuration conf = coreConfig.getRemoteConfiguration();
+        Configuration conf = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
         return new MessagingConfigInfo(
                 conf.getBuffer().getLatestSA().isEnable(),
@@ -2489,24 +2558,7 @@ public MessagingConfigInfo getMessagingConfig() {
 
     @Override
     public void modifyMessagingConfig(MessagingConfigInfo info) {
-        Configuration conf = coreConfig.getRemoteConfiguration();
-        Repository repository = conf.getRepository();
-        LatestSA latestSA = conf.getBuffer().getLatestSA();
-        latestSA.setEnable(info.isLatestSA());
-        repository.setNumDbConnections(info.getNumDbConnections());
-        repository.setConnectionPoolAutoSize(info.isConnectionPoolAutoSize());
-        repository.setArchive(info.isArchive());
-        repository.getConnection().setUsername(info.getDbUsername());
-        if (!info.getDbPassword().equals(MASK_WORD_FOR_DISPLAY)) {
-            repository.getConnection().setPassword(info.getDbPassword());
-        }
-        repository.getConnection().setUrl(info.getDbUrl());
-        repository.getConnection().setSslEnabled(info.isSslEnabled());
-        repository.getConnection().setSslMode(info.getSslMode());
-        repository.getConnection().setSslCert(info.getSslCert());
-        repository.getConnection().setSslKey(info.getSslKey());
-        repository.getConnection().setSslRootCert(info.getSslRootCert());
-        coreConfig.setAndSaveMessagingConfig(latestSA, repository);
+        CoreConfigFacade.getInstance().modifyMessagingConfig(info);
     }
 
     public QueueMetric getQueueMetrics() {
@@ -2515,8 +2567,8 @@ public QueueMetric getQueueMetrics() {
 
 	@Override
 	public AuthenticationConfigInfo getAuthenticationConfig() {
-		Ldap ldap = coreConfig.getRemoteConfiguration().getAuth().getLdap();
-		if(ldap == null) {
+		Ldap ldap = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getLdap();
+		if (ldap == null) {
 			/**
 	        	return new AuthenticationConfigInfo(
 	        			"",
@@ -2543,29 +2595,12 @@ public AuthenticationConfigInfo getAuthenticationConfig() {
 
 	@Override
 	public void modifyAuthenticationConfig(AuthenticationConfigInfo info) {
-	    Configuration localConfig = coreConfig.getRemoteConfiguration();
-
-		Ldap ldap = localConfig.getAuth().getLdap();
-		if(ldap == null) {
-			ldap = new Ldap();
-		}
-		ldap.setUrl(info.getUrl());
-		ldap.setUserstring(info.getUserString());
-		ldap.setUpdateinterval(info.getUpdateInterval());
-		ldap.setGroupprefix(info.getGroupPrefix());
-		ldap.setServiceAccountDN(info.getServiceAccountDN());
-		ldap.setServiceAccountCredential(info.getServiceAccountCredential());
-		ldap.setGroupBaseRDN(info.getGroupBaseRDN());
-		if (logger.isDebugEnabled()) {
-		    logger.debug("group prefix is now: " + ldap.getGroupprefix());
-		}
-		coreConfig.setAndSaveLDAP(ldap);
-
+        CoreConfigFacade.getInstance().modifyAuthenticationConfig(info);
 	}
 
 	@Override
     public SecurityConfigInfo getSecurityConfig() {
-	    Configuration conf = coreConfig.getRemoteConfiguration();
+	    Configuration conf = CoreConfigFacade.getInstance().getRemoteConfiguration();
         Tls tls = conf.getSecurity().getTls();
 
         boolean enableEnrollment = false;
@@ -2628,84 +2663,14 @@ public SecurityConfigInfo getSecurityConfig() {
 
     @Override
     public void modifySecurityConfig(SecurityConfigInfo info) {
-        Configuration conf = coreConfig.getRemoteConfiguration();
-        Tls tls = conf.getSecurity().getTls();
-        FederationServer fedServer = conf.getFederation().getFederationServer();
-        Auth auth = conf.getAuth();
-        tls.setKeystoreFile(info.getKeystoreFile());
-        tls.setTruststoreFile(info.getTruststoreFile());
-        tls.setKeystorePass(info.getKeystorePass());
-        tls.setTruststorePass(info.getTruststorePass());
-        tls.setContext(info.getTlsVersion());
-        auth.setX509Groups(info.isX509Groups());
-        auth.setX509AddAnonymous(info.isX509addAnon());
-        fedServer.getTls().setKeystoreFile(info.getKeystoreFile());
-        fedServer.getTls().setKeystorePass(info.getKeystorePass());
-        if(auth.getLdap() != null) {
-        	auth.getLdap().setX509Groups(info.isX509Groups());
-        	auth.getLdap().setX509AddAnonymous(info.isX509addAnon());
-        }
-        coreConfig.setAndSaveSecurityConfig(tls, auth, fedServer);
-
-        if (info.isEnableEnrollment()) {
-            CertificateSigning certificateSigning = coreConfig.getRemoteConfiguration().getCertificateSigning();
-            if (certificateSigning == null) {
-                certificateSigning = new CertificateSigning();
-            }
-
-            CertificateConfig certificateConfig = certificateSigning.getCertificateConfig();
-            if (certificateConfig == null) {
-                certificateConfig = new CertificateConfig();
-                certificateSigning.setCertificateConfig(certificateConfig);
-            }
-
-            NameEntries nameEntries = certificateConfig.getNameEntries();
-            if (nameEntries == null) {
-                nameEntries = new NameEntries();
-
-                NameEntry nameEntry = new NameEntry();
-                nameEntry.setName("O");
-                nameEntry.setValue("TAK");
-                nameEntries.getNameEntry().add(nameEntry);
-
-                nameEntry = new NameEntry();
-                nameEntry.setName("OU");
-                nameEntry.setValue("TAK");
-                nameEntries.getNameEntry().add(nameEntry);
-
-                certificateConfig.setNameEntries(nameEntries);
-            }
-
-            certificateSigning.setCA(CAType.fromValue(info.getCaType()));
-
-            if (certificateSigning.getCA() == CAType.TAK_SERVER) {
-                TAKServerCAConfig takServerCAConfig = new TAKServerCAConfig();
-                takServerCAConfig.setKeystore("JKS");
-                takServerCAConfig.setSignatureAlg("SHA256WithRSA");
-                takServerCAConfig.setKeystoreFile(info.getSigningKeystoreFile());
-                takServerCAConfig.setKeystorePass(info.getSigningKeystorePass());
-                takServerCAConfig.setValidityDays(info.getValidityDays());
-                certificateSigning.setTAKServerCAConfig(takServerCAConfig);
-
-            } else if (certificateSigning.getCA() == CAType.MICROSOFT_CA) {
-                MicrosoftCAConfig microsoftCAConfig = new MicrosoftCAConfig();
-                microsoftCAConfig.setUsername(info.getMscaUserName());
-                microsoftCAConfig.setPassword(info.getMscaPassword());
-                microsoftCAConfig.setTruststore(info.getMscaTruststore());
-                microsoftCAConfig.setTruststorePass(info.getMscaTruststorePass());
-                microsoftCAConfig.setTemplateName(info.getMscaTemplateName());
-                certificateSigning.setMicrosoftCAConfig(microsoftCAConfig);
-            }
-
-            coreConfig.setAndSaveCertificateSigningConfig(certificateSigning);
-        }
+        CoreConfigFacade.getInstance().modifySecurityConfig(info);
     }
 
     @Override
     public Collection<Integer> getNonSecurePorts() {
-        DistributedConfiguration c = config.getInstance();
-        List<Input> inputs = c.getNetwork().getInput();
-        List<Connector> connectors = c.getNetwork().getConnector();
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+        List<Input> inputs = config.getNetwork().getInput();
+        List<Connector> connectors = config.getNetwork().getConnector();
         Set<Integer> unsecurePorts = new HashSet<Integer>();
         for (Input input : inputs) {
             if (!input.getProtocol().contains("tls")) {
@@ -2723,9 +2688,9 @@ public Collection<Integer> getNonSecurePorts() {
 
     @Override
     public HashMap<String, Boolean> verifyConfiguration() {
-        DistributedConfiguration c = config.getInstance();
-        String keystoreFileName = c.getSecurity().getTls().getKeystoreFile();
-        String truststoreFileName = c.getSecurity().getTls().getTruststoreFile();
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+        String keystoreFileName = config.getSecurity().getTls().getKeystoreFile();
+        String truststoreFileName = config.getSecurity().getTls().getTruststoreFile();
         File keystoreFile = new File(keystoreFileName);
         File truststoreFile = new File(truststoreFileName);
         HashMap<String, Boolean> ret = new HashMap<String, Boolean>();
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/Subscription.java b/src/takserver-core/src/main/java/com/bbn/marti/service/Subscription.java
index 55235f1d..4e17e008 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/Subscription.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/Subscription.java
@@ -8,6 +8,7 @@
 import java.util.Queue;
 import java.util.concurrent.atomic.AtomicBoolean;
 
+import com.google.common.collect.Lists;
 import org.apache.commons.collections4.queue.CircularFifoQueue;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -16,7 +17,6 @@
 import com.bbn.cot.filter.DropEventFilter;
 import com.bbn.cot.filter.GeospatialEventFilter;
 import com.bbn.marti.config.Configuration;
-import com.bbn.marti.config.DataFeed;
 import com.bbn.marti.nio.channel.ChannelHandler;
 import com.bbn.marti.nio.codec.Codec;
 import com.bbn.marti.nio.protocol.Protocol;
@@ -27,10 +27,9 @@
 import com.bbn.marti.util.MessageConversionUtil;
 import com.bbn.marti.util.MessageConversionUtil.CotEndpoint;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import com.google.common.collect.Lists;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
-import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cluster.ClusterManager;
 import tak.server.cot.CotEventContainer;
 import tak.server.ignite.IgniteHolder;
@@ -40,13 +39,14 @@ public class Subscription extends RemoteSubscription {
 	
 	private static final Logger log = LoggerFactory.getLogger(Subscription.class);
 	
-	protected final Queue<CotEventContainer> messageWriteQueueSize = new CircularFifoQueue<>(DistributedConfiguration.getInstance().getBuffer().getQueue().getMessageWriteQueueSize());
+	protected final Queue<CotEventContainer> messageWriteQueueSize = new CircularFifoQueue<>(
+			CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getMessageWriteQueueSize());
 
 	protected final AtomicBoolean writeComplete = new AtomicBoolean(true);
 
 	private static final String className = Subscription.class.getSimpleName();
 
-	protected final Configuration config = DistributedConfiguration.getInstance().getRemoteConfiguration();
+	protected final Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
 	public static String getClassName() {
 		return className;
@@ -126,7 +126,7 @@ public Subscription(String endpoint, int ttl) throws IOException {
 	}
 
 	public Subscription(CotEndpoint endpoint, int ttl) throws IOException {
-		if(endpoint == null) {
+		if (endpoint == null) {
 			throw new IOException("Error parsing CoT endpoint: " + endpoint);
 		}
 
@@ -232,7 +232,7 @@ private void doSubmit(CotEventContainer message) throws Exception {
 				}
 			}
 		} catch (Exception e) {
-			if(message.getType().compareTo("t-x-d-d") == 0) {
+			if (message.getType().compareTo("t-x-d-d") == 0) {
 				if (log.isTraceEnabled()) {
 					log.trace("Write disconnect to subscription " + this.uid + " failed, cleaning up");
 				}
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/SubscriptionStore.java b/src/takserver-core/src/main/java/com/bbn/marti/service/SubscriptionStore.java
index c2eb8273..1a87654e 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/SubscriptionStore.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/SubscriptionStore.java
@@ -44,10 +44,9 @@
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.ConcurrentMultiHashMap;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.google.common.collect.Multimap;
 
-import io.grpc.stub.StreamObserver;
 import tak.server.Constants;
 import tak.server.federation.FederateSubscription;
 import tak.server.federation.FederationSubscriptionCacheDAO;
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/TransportCotEvent.java b/src/takserver-core/src/main/java/com/bbn/marti/service/TransportCotEvent.java
index 234dbe7e..d53dbad6 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/TransportCotEvent.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/TransportCotEvent.java
@@ -9,7 +9,8 @@
 import java.util.List;
 import java.util.concurrent.LinkedBlockingQueue;
 
-import com.bbn.marti.nio.protocol.connections.*;
+import com.bbn.marti.nio.protocol.connections.SingleCotProtocol;
+import com.bbn.marti.nio.protocol.connections.SingleProtobufOrCotProtocol;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/service/WebsocketMessagingBroker.java b/src/takserver-core/src/main/java/com/bbn/marti/service/WebsocketMessagingBroker.java
index d4025b2a..22535954 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/service/WebsocketMessagingBroker.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/service/WebsocketMessagingBroker.java
@@ -17,7 +17,7 @@
 public class WebsocketMessagingBroker {
 	
 	public static void brokerTargetedWebSocketMessage(Set<String> websocketConnectionIds, CotEventContainer data, UUID websocketApiId) {
-		ByteBuffer message = StreamingProtoBufProtocol.convertCotToProtoBufBytes(data);
+		ByteBuffer message = StreamingProtoBufProtocol.convertCotToProtoBufBytes(data, true);
 		
 		IgniteHolder.getInstance()
 			.getIgnite()
@@ -36,7 +36,7 @@ public static void brokerWebSocketMessage(Set<String> websocketConnectionIds, Co
 					.message(IgniteHolder.getInstance().getIgnite().cluster().forAttribute(Constants.TAK_PROFILE_KEY, Constants.API_PROFILE_NAME))
 					.send("websocket-payload-write-listener", new WebsocketMessageTransporter(websocketConnectionIds, message.array(), data.getUid(), data.getType()));
 		} else {
-			ByteBuffer message = StreamingProtoBufProtocol.convertCotToProtoBufBytes(data);
+			ByteBuffer message = StreamingProtoBufProtocol.convertCotToProtoBufBytes(data, true);
 
 			IgniteHolder.getInstance()
 					.getIgnite()
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/util/Assertion.java b/src/takserver-core/src/main/java/com/bbn/marti/util/Assertion.java
index c25ba120..b8f6fbb3 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/util/Assertion.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/util/Assertion.java
@@ -2,7 +2,7 @@
 
 package com.bbn.marti.util;
 
-import com.bbn.marti.service.DistributedConfiguration;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 /**
  * A simple class for asserting things
@@ -10,7 +10,7 @@
  */
 public class Assertion {
 	
-	private static final boolean throwOnAssertionFail = DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue().isThrowOnAssertionFail();
+	private static final boolean throwOnAssertionFail = CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().isThrowOnAssertionFail();
 	
     public static class AssertionException extends RuntimeException {
 
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/util/CircularlyLinkedQueue.java b/src/takserver-core/src/main/java/com/bbn/marti/util/CircularlyLinkedQueue.java
index c370e188..60c1cbce 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/util/CircularlyLinkedQueue.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/util/CircularlyLinkedQueue.java
@@ -355,7 +355,7 @@ public boolean addAll(Collection<? extends E> coll) {
 	*/
 	@Override
 	public boolean addAll(int index, Collection<? extends E> coll) {
-		if(index < 0 || index > size()) throw new IndexOutOfBoundsException();
+		if (index < 0 || index > size()) throw new IndexOutOfBoundsException();
 		else if (index == size()) return addAll(coll); // defer to simple tail append
 
 		// build new circular queue, returns tail
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/util/FileSystemUtils.java b/src/takserver-core/src/main/java/com/bbn/marti/util/FileSystemUtils.java
index 8184da8c..5c786cb9 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/util/FileSystemUtils.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/util/FileSystemUtils.java
@@ -21,14 +21,14 @@ public class FileSystemUtils {
 			.getSimpleName());
 
 	public static String md5sumFile(String path){
-		if(path == null || path.length() < 1)
+		if (path == null || path.length() < 1)
 			return null;
 
 		return md5sumFile(new File(path));
 	}
 
 	public static String md5sumFile(File file){ 
-		if(file == null || !file.exists())
+		if (file == null || !file.exists())
 			return null;
 
 		try {
@@ -41,7 +41,7 @@ public static String md5sumFile(File file){
 	}
 
 	public static String md5sumContent(String content){
-		if(content == null || content.length() < 1)
+		if (content == null || content.length() < 1)
 			return null;
 		try {
 			return md5sum(new ByteArrayInputStream(content.getBytes("UTF-8")));
@@ -57,7 +57,7 @@ public static String md5sumContent(String content){
 	public static String md5sum(InputStream input){
 		String checksum = null;
 
-		if(input == null)
+		if (input == null)
 			return checksum;
 
 		try {
@@ -77,7 +77,7 @@ public static String md5sum(InputStream input){
 		} catch (NoSuchAlgorithmException ex) {
 			log.warn("Error computing md5sum", ex);
 		} finally{
-			if(input != null)
+			if (input != null)
 			{
 				try {
 					input.close();
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/util/FixedSizeBlockingQueue.java b/src/takserver-core/src/main/java/com/bbn/marti/util/FixedSizeBlockingQueue.java
index 1f636f14..1f0df8e0 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/util/FixedSizeBlockingQueue.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/util/FixedSizeBlockingQueue.java
@@ -8,10 +8,11 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.bbn.marti.config.Buffer.Queue;
+import com.bbn.marti.config.Queue;
 import com.bbn.marti.config.Configuration;
 import com.bbn.marti.remote.QueueMetric;
-import com.bbn.marti.service.DistributedConfiguration;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 public class FixedSizeBlockingQueue<E> {
 	
@@ -22,12 +23,12 @@ public class FixedSizeBlockingQueue<E> {
 
 	public FixedSizeBlockingQueue() {
 		
-		Configuration config = DistributedConfiguration.getInstance().getRemoteConfiguration();
-		
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
 		Queue queueConfig = config.getBuffer().getQueue();
-		
-     	queue = new BlockingArrayQueue<>(queueConfig.getQueueSizeInitial(), queueConfig.getQueueSizeIncrement(), queueConfig.getCapacity());
-     	queueMetric.capacity.set(queueConfig.getCapacity());
+
+     	queue = new BlockingArrayQueue<>(queueConfig.getQueueSizeInitial(), queueConfig.getQueueSizeIncrement(), queueConfig.getQueueSizeMaxCapacity());
+     	queueMetric.capacity.set(queueConfig.getQueueSizeMaxCapacity());
 	}
 
 	public boolean add(E element) {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/util/MessageConversionUtil.java b/src/takserver-core/src/main/java/com/bbn/marti/util/MessageConversionUtil.java
index 26221bfd..a4542b80 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/util/MessageConversionUtil.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/util/MessageConversionUtil.java
@@ -2,14 +2,6 @@
 
 package com.bbn.marti.util;
 
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
@@ -21,12 +13,7 @@
 import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
 
-import org.apache.commons.io.FileUtils;
 import org.dom4j.Attribute;
 import org.json.JSONObject;
 import org.json.XML;
@@ -49,7 +36,7 @@
 import com.bbn.marti.remote.socket.SituationAwarenessMessage;
 import com.bbn.marti.remote.util.DateUtil;
 import com.bbn.marti.service.TransportCotEvent;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.base.Strings;
@@ -213,7 +200,7 @@ public static String getConnectionId(SocketChannel socket) {
         String id = null;
 
         try {
-            id = new Integer(socket.hashCode()).toString();
+            
         } catch (Exception e) {
             logger.debug("exception getting connection id", e);
         }
@@ -225,7 +212,7 @@ public static String getConnectionId(io.netty.channel.socket.SocketChannel socke
         String id = null;
 
         try {
-            id = new Integer(socket.hashCode()).toString();
+            id = Integer.valueOf(socket.hashCode()).toString();
         } catch (Exception e) {
             logger.debug("exception getting connection id", e);
         }
@@ -247,71 +234,7 @@ public static String getIp(ChannelHandler handler) {
         return ip;
     }
 
-    /**
-     * Parses an XML file to the specified packageName.  It issumes the packageName is valid and that is has been
-     * generated from the schema
-     *
-     * @param xmlFile     The file to open
-     * @param packageName The name of the package that corresponds to the contents of the file
-     * @param <T>         The type corresponding to the packagename
-     * @return The object of type {@link T} if the file exists, null if it does not
-     * @throws FileNotFoundException If the file was not found
-     * @throws JAXBException         If a parsing exception occurs
-     */
-    public static <T> T loadJAXifiedXML(String xmlFile, String packageName) throws FileNotFoundException, JAXBException {
-    	
-        File f = new File(xmlFile);
-        
-        try(InputStream is = new FileInputStream(f)) {
-            JAXBContext jc = JAXBContext.newInstance(packageName);
-            Unmarshaller u = jc.createUnmarshaller();
-            return (T) u.unmarshal(is);
-        }
-        catch (FileNotFoundException ex){
-        	logger.error(xmlFile + " not found.");
-        	return null;
-        } catch (IOException ex){
-        	logger.error("Error loading XML from " + xmlFile, ex);
-        	return null;
-        }
-    }
-
-    /**
-     * Saves The object created with JAXB to an xml file
-     * @param xmlFile The target file
-     * @param obj THe object to serialize
-     * @param createNewIfNecessary If true, a new file will be created if one does not exist
-     * @throws IOException If an IOException occurs. May result in a mangled file
-     * @throws JAXBException If a JAXBException occurs. Will not result in a mangled file
-     */
-    public static void saveJAXifiedObject(String xmlFile, Object obj, boolean createNewIfNecessary) throws IOException, JAXBException {
-        // First write it into a ByteArrayOutputStream so JAXBExceptions don't result in a mangled original file
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        String packageName = obj.getClass().getPackage().getName();
-        JAXBContext jc = JAXBContext.newInstance(packageName, obj.getClass().getClassLoader());
-        Marshaller m = jc.createMarshaller();
-        m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
-        m.marshal(obj, baos);
-
-        // Yay, not JAXBException. Now write to the file
-        File file = new File(xmlFile);
-
-        // Create a new file if necessary and allowed
-        if (!file.exists() && createNewIfNecessary){
-            file.createNewFile();
-        }
-        else{
-            File copied = new File(xmlFile + ".backup");
-            FileUtils.copyFile(file, copied);
-        }
 
-        try(OutputStream fos = new FileOutputStream(file)) {
-            // Write to the file
-            baos.writeTo(fos);
-            fos.flush();
-        }
-    }
-    
     public InputMetric getInputMetric(Input input) {
     	if (input == null) {
     		throw new IllegalArgumentException("null input object");
@@ -330,7 +253,7 @@ public static String getCN(String dn) {
             LdapName ldapName = new LdapName(dn);
 
             for(Rdn rdn : ldapName.getRdns()) {
-                if(rdn.getType().equalsIgnoreCase("CN")) {
+                if (rdn.getType().equalsIgnoreCase("CN")) {
 
                     return rdn.getValue().toString();
                 }
@@ -658,7 +581,7 @@ public ChatMessage chatMessageFromCot(CotEventContainer cotEvent) {
 
                         //logger.debug("Chatroom uid: " + chatroom + " == contact uid: " + contact.getUid() );
                         //Next try to match to a uid
-                        if(contact.getUid().equals(chatroom)){
+                        if (contact.getUid().equals(chatroom)){
                             logger.trace("Matched chatroom id to contact uid: " + contact);
                             result.getAddresses().add("uid:" + chatroom);
                             added = true;
@@ -666,7 +589,7 @@ public ChatMessage chatMessageFromCot(CotEventContainer cotEvent) {
                         }
                     }
                     //If chatroom id can't be matched to a contact, treat it as an actual chatroom
-                    if(!added){
+                    if (!added){
                         logger.trace("Didn't match chatroom to name or id, treating as normal chatroom");
                         result.getAddresses().add("chatroom:" + chatroom);
                     }
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/util/MessagingDependencyInjectionProxy.java b/src/takserver-core/src/main/java/com/bbn/marti/util/MessagingDependencyInjectionProxy.java
index 72267ddf..15471672 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/util/MessagingDependencyInjectionProxy.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/util/MessagingDependencyInjectionProxy.java
@@ -20,7 +20,6 @@
 import com.bbn.marti.remote.SubscriptionManagerLite;
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.repeater.RepeaterStore;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.SubmissionService;
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.sync.EnterpriseSyncService;
@@ -31,6 +30,7 @@
 import com.bbn.marti.sync.repository.MissionSubscriptionRepository;
 import com.bbn.marti.sync.service.MissionService;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cache.DatafeedCacheHelper;
 import tak.server.cluster.ClusterManager;
@@ -42,9 +42,9 @@
 import tak.server.qos.QoSManager;
 
 /*
- * 
+ *
  * Singleton that provides access to Spring context for non Spring-managed objects, and keeps references to other singleton services and utility classes.
- * 
+ *
  */
 public class MessagingDependencyInjectionProxy implements ApplicationContextAware {
 	private static ApplicationContext springContext;
@@ -115,27 +115,27 @@ public GroupStore groupStore() {
 		return groupStore;
 	}
 
-	private DistributedConfiguration coreConfig = null;
+	private CoreConfig coreConfig = null;
 
-	public DistributedConfiguration coreConfig() {
+	public CoreConfig coreConfig() {
 		if (coreConfig == null) {
 			synchronized (this) {
 				if (coreConfig == null) {
-					coreConfig = springContext.getBean(DistributedConfiguration.class);
+					coreConfig = CoreConfigFacade.getInstance();
 				}
 			}
 		}
 
 		return coreConfig;
 	}
-	
+
 	private CoreConfig simpleCoreConfig = null;
 
 	public CoreConfig simpleCoreConfig() {
 		if (simpleCoreConfig == null) {
 			synchronized (this) {
 				if (simpleCoreConfig == null) {
-					simpleCoreConfig = springContext.getBean(CoreConfig.class);
+					simpleCoreConfig = CoreConfigFacade.getInstance();
 				}
 			}
 		}
@@ -212,7 +212,7 @@ public RepeaterStore repeaterStore() {
 
 		return repeaterStore;
 	}
-	
+
 	private MissionService missionService = null;
 
 	public MissionService missionService() {
@@ -228,7 +228,7 @@ public MissionService missionService() {
 	}
 
 	private FileAuthenticator fileAuthenticator = null;
-	
+
 	public FileAuthenticator fileAuthenticator() {
 		if (fileAuthenticator  == null) {
 			synchronized (this) {
@@ -256,7 +256,7 @@ public NioNettyBuilder nioNettyBuilder() {
 	}
 	
 	private Messenger<CotEventContainer> cotMessenger = null;
-	
+
 	@SuppressWarnings("unchecked")
 	public Messenger<CotEventContainer> cotMessenger() {
 		if (cotMessenger  == null) {
@@ -269,12 +269,12 @@ public Messenger<CotEventContainer> cotMessenger() {
 
 		return cotMessenger;
 	}
-	
+
 	private ClusterManager clusterManager = null;
-	
+
 	public ClusterManager clusterManager() {
 		if (!coreConfig().getRemoteConfiguration().getCluster().isEnabled()) return null;
-		
+
 		if (clusterManager  == null) {
 			synchronized (this) {
 				if (clusterManager  == null) {
@@ -285,13 +285,13 @@ public ClusterManager clusterManager() {
 
 		return clusterManager;
 	}
-	
+
 	private FederationEventRepository fedEventRepo = null;
-	
+
 	private Object fedEventRepoLock = new Object();
-	
+
 	public FederationEventRepository fedEventRepo() {
-		
+
 		if (fedEventRepo == null) {
 			synchronized (fedEventRepoLock) {
 				if (fedEventRepo  == null) {
@@ -302,11 +302,11 @@ public FederationEventRepository fedEventRepo() {
 
 		return fedEventRepo;
 	}
-	
+
 	private ServerInfo serverInfo = null;
-	
+
 	public ServerInfo serverInfo() {
-		
+
 		if (serverInfo  == null) {
 			synchronized (this) {
 				if (serverInfo  == null) {
@@ -317,7 +317,7 @@ public ServerInfo serverInfo() {
 
 		return serverInfo;
 	}
-	
+
 	private MessageDeliveryStrategy mds = null;
 
 	public MessageDeliveryStrategy mds() {
@@ -347,7 +347,7 @@ public MessageReadStrategy mrs() {
 
 		return mrs;
 	}
-	
+
 	private MessageDOSStrategy mdoss = null;
 
 	public MessageDOSStrategy mdoss() {
@@ -362,11 +362,11 @@ public MessageDOSStrategy mdoss() {
 
 		return mdoss;
 	}
-	
+
 	private VersionBean vb = null;
-	
+
 	public VersionBean versionBean() {
-		
+
 		if (vb == null) {
 			synchronized (this) {
 				if (vb == null) {
@@ -374,14 +374,14 @@ public VersionBean versionBean() {
 				}
 			}
 		}
-		
+
 		return vb;
 	}
-	
+
 	private QoSManager qm = null;
-	
+
 	public QoSManager qosManager() {
-		
+
 		if (qm == null) {
 			synchronized (this) {
 				if (qm == null) {
@@ -389,18 +389,18 @@ public QoSManager qosManager() {
 				}
 			}
 		}
-		
+
 		return qm;
 	}
-	
+
 	@Autowired
 	private ApplicationEventPublisher aep;
-	
+
 	public ApplicationEventPublisher eventPublisher() {
-		
+
 		return aep;
 	}
-	
+
 	private DataFeedRepository dataFeedRepository = null;
 
 	public DataFeedRepository dataFeedRepository() {
@@ -414,7 +414,7 @@ public DataFeedRepository dataFeedRepository() {
 
 		return dataFeedRepository;
 	}
-	
+
 	private EnterpriseSyncService esyncService = null;
 
 	public EnterpriseSyncService esyncService() {
@@ -427,9 +427,9 @@ public EnterpriseSyncService esyncService() {
 		}
 		return esyncService;
 	}
-					
+
 	private MissionRepository missionRepository = null;
-	
+
 	public MissionRepository missionRepository() {
 		if (missionRepository == null) {
 			synchronized (this) {
@@ -441,9 +441,9 @@ public MissionRepository missionRepository() {
 
 		return missionRepository;
 	}
-	
+
 	private SubscriptionManagerLite subscriptionManagerLite = null;
-	
+
 	public SubscriptionManagerLite subscriptionManagerLite() {
 		if (subscriptionManagerLite == null) {
 			synchronized (this) {
@@ -455,9 +455,9 @@ public SubscriptionManagerLite subscriptionManagerLite() {
 
 		return subscriptionManagerLite;
 	}
-	
+
 	private MissionRoleRepository missionRoleRepository = null;
-	
+
 	public MissionRoleRepository missionRoleRepository() {
 		if (missionRoleRepository == null) {
 			synchronized (this) {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/util/concurrent/executor/SizableOrderedExecutor.java b/src/takserver-core/src/main/java/com/bbn/marti/util/concurrent/executor/SizableOrderedExecutor.java
index 962439e5..080a0946 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/util/concurrent/executor/SizableOrderedExecutor.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/util/concurrent/executor/SizableOrderedExecutor.java
@@ -11,13 +11,14 @@
 
 import com.bbn.marti.config.Configuration;
 import com.bbn.marti.remote.QueueMetric;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.util.Assertion;
 import com.bbn.marti.util.Tuple;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
 import com.bbn.marti.util.concurrent.future.AsyncFutureImpl;
 import com.bbn.marti.util.concurrent.future.AsyncFutureTask;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
+
 /**
 * An OrderedExecutor implementation that provides "ordered views" to those who request them
 *
@@ -432,20 +433,20 @@ public void name(String name) {
 	*/
 	public OrderedExecutorView createOrderedView() {
 		
-		Configuration config = DistributedConfiguration.getInstance().getRemoteConfiguration();
-			
-		com.bbn.marti.config.Buffer.Queue queueConfig = config.getBuffer().getQueue();
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
+		com.bbn.marti.config.Queue queueConfig = config.getBuffer().getQueue();
 				
-		return new ClientExecutorView(new BlockingArrayQueue<>(queueConfig.getQueueSizeInitial(), queueConfig.getQueueSizeIncrement(), queueConfig.getCapacity()));
+		return new ClientExecutorView(new BlockingArrayQueue<>(queueConfig.getQueueSizeInitial(), queueConfig.getQueueSizeIncrement(), queueConfig.getQueueSizeMaxCapacity()));
 	}
 	
 	public OrderedExecutorView createOrderedView(int capacity) {
 		
-Configuration config = DistributedConfiguration.getInstance().getRemoteConfiguration();
-		
-        com.bbn.marti.config.Buffer.Queue queueConfig = config.getBuffer().getQueue();
+Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
+		com.bbn.marti.config.Queue queueConfig = config.getBuffer().getQueue();
       		
-		return new ClientExecutorView(new BlockingArrayQueue<>(queueConfig.getQueueSizeInitial(), queueConfig.getQueueSizeIncrement(), queueConfig.getCapacity()));
+		return new ClientExecutorView(new BlockingArrayQueue<>(queueConfig.getQueueSizeInitial(), queueConfig.getQueueSizeIncrement(), queueConfig.getQueueSizeMaxCapacity()));
 	}
 	
 	public String toString() {
diff --git a/src/takserver-core/src/main/java/com/bbn/marti/util/spring/TakAuthenticationProvider.java b/src/takserver-core/src/main/java/com/bbn/marti/util/spring/TakAuthenticationProvider.java
index 77da5ca3..6ff1fb65 100644
--- a/src/takserver-core/src/main/java/com/bbn/marti/util/spring/TakAuthenticationProvider.java
+++ b/src/takserver-core/src/main/java/com/bbn/marti/util/spring/TakAuthenticationProvider.java
@@ -4,14 +4,12 @@
 
 import java.security.cert.X509Certificate;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
-import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.JwtException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.remoting.RemoteLookupFailureException;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -21,13 +19,14 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
+import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
+import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.security.web.authentication.session.SessionAuthenticationException;
 
 import com.bbn.marti.exceptions.CoreCommunicationException;
-import com.bbn.marti.remote.CoreConfig;
+
+import com.bbn.marti.remote.exception.RemoteLookupFailureException;
 import com.bbn.marti.remote.groups.AuthResult;
 import com.bbn.marti.remote.groups.AuthStatus;
 import com.bbn.marti.remote.groups.AuthenticatedUser;
@@ -38,6 +37,7 @@
 import com.google.common.base.Strings;
 
 import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 /*
  * Spring Security authentication provider that delegates authentication to GroupManager, and does authorization based on whatever UserService is available.
@@ -57,10 +57,7 @@ public class TakAuthenticationProvider extends AbstractUserDetailsAuthentication
     
     @Autowired
     private RolePortUserServiceWrapper rpusw;
-    
-    @Autowired
-    private CoreConfig coreConfig;
-    
+
     private String httpsAndBasicRole;
     
     public UserDetailsService getUserDetailsService() {
@@ -86,8 +83,16 @@ public final boolean supports(Class<?> authentication) {
         if (PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication)) {
             return true;
         }
-        
-        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
+
+        if (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication)) {
+            return true;
+        }
+
+        if (BearerTokenAuthenticationToken.class.isAssignableFrom(authentication)) {
+            return true;
+        }
+
+        return false;
     }
 
     @Override
@@ -137,16 +142,20 @@ protected User authenticateCore(Authentication authentication, String authentica
         }
 
         X509Certificate clientCert = null;
-        
+        String token = null;
+
         if (PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
             if (((PreAuthenticatedAuthenticationToken) authentication).getCredentials() instanceof X509Certificate) {
                 clientCert = (X509Certificate) ((PreAuthenticatedAuthenticationToken) authentication).getCredentials();
                 request.getSession().setAttribute(Constants.X509_CERT, clientCert);
                 request.getSession().setAttribute(Constants.X509_CERT_FP, remoteUtil.getCertSHA256Fingerprint(clientCert));
+            } else if (((PreAuthenticatedAuthenticationToken) authentication).getPrincipal() instanceof String) {
+                token = (String)((PreAuthenticatedAuthenticationToken) authentication).getPrincipal();
             }
         }
-        
+
         User user = new AuthenticatedUser(username, connectionId, ip, clientCert, username, password, "", ConnectionType.WEB);
+        user.setToken(token);
         
         if (logger.isTraceEnabled()) {
         	logger.trace(user.toString());
@@ -159,11 +168,11 @@ protected User authenticateCore(Authentication authentication, String authentica
             authResult = groupManager.authenticate(authenticatorName, user);
         } catch (RemoteLookupFailureException e) {
             throw new CoreCommunicationException("Unable to establish connection with TAK Server core services", e);
-        } catch (OAuth2Exception | JwtException e) {
+        } catch (InvalidBearerTokenException | JwtException e) {
             if (logger.isDebugEnabled()) {
                 logger.debug("{}", e.getMessage(), e);
             }
-            throw e;
+            throw new InvalidBearerTokenException(e.getMessage(), e);
         } catch (Exception e) {
             throw new BadCredentialsException("Exception performing TAK Server authentication", e);
         } 
@@ -174,7 +183,7 @@ protected User authenticateCore(Authentication authentication, String authentica
         		logger.debug("auth success for authentication type " + authentication.getClass());
         	}
             
-            String requestPort = new Integer(request.getLocalPort()).toString();
+            String requestPort = Integer.valueOf(request.getLocalPort()).toString();
 
             if (logger.isDebugEnabled()) {
             	logger.debug("request port " + requestPort);
@@ -231,21 +240,16 @@ public Authentication authenticate(Authentication authentication) throws Authent
         try {
             User coreUser = null;
 
-            // X509 and OAuth Authentication will be this type
             if (PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
-
-                String authenticatorName = "X509";
-                if (OAuth2AuthenticationDetails.class.isAssignableFrom(authentication.getDetails().getClass())) {
-                    authenticatorName = "oauth";
-                }
-
-                coreUser = authenticateCore(authentication, authenticatorName);
-            }  else {
+                coreUser = authenticateCore(authentication, "X509");
+            } else if (BearerTokenAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
+                coreUser = authenticateCore(authentication, "oauth");
+            } else {
                 try {
-                    coreUser = authenticateCore(authentication, coreConfig.getRemoteConfiguration().getAuth().getDefault());
+                    coreUser = authenticateCore(authentication, CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getDefault());
                 } catch (RemoteLookupFailureException e) {
                     return super.authenticate(authentication);
-                } catch (BadCredentialsException | UsernameNotFoundException | SessionAuthenticationException | OAuth2Exception e) {
+                } catch (BadCredentialsException | UsernameNotFoundException | SessionAuthenticationException | InvalidBearerTokenException e) {
                     throw e;
                 } catch (Exception e) {
                     throw new RuntimeException(e);
diff --git a/src/takserver-core/src/main/java/com/bbn/metrics/dto/MetricSubscription.java b/src/takserver-core/src/main/java/com/bbn/metrics/dto/MetricSubscription.java
index 57b46617..5c98a209 100644
--- a/src/takserver-core/src/main/java/com/bbn/metrics/dto/MetricSubscription.java
+++ b/src/takserver-core/src/main/java/com/bbn/metrics/dto/MetricSubscription.java
@@ -69,13 +69,13 @@ public MetricSubscription(Subscription subscription) {
 			this.writeQueueDepth = subscription.writeQueueDepth;
 			this.xpath = subscription.xpath;
 			
-			if(subscription.getUser() != null) {
+			if (subscription.getUser() != null) {
 				this.address = subscription.getUser().getAddress();
 				this.displayName = subscription.getUser().getDisplayName();
 				this.name = subscription.getUser().getName();
 			}
 			
-			if(subscription.getHandler() != null && subscription.getHandler() instanceof TcpChannelHandler) {
+			if (subscription.getHandler() != null && subscription.getHandler() instanceof TcpChannelHandler) {
 				TcpChannelHandler handler = (TcpChannelHandler) subscription.getHandler();
 				this.totalTcpBytesRead = handler.totalTcpBytesRead;
 				this.totalTcpBytesWritten = handler.totalTcpBytesWritten;
diff --git a/src/takserver-core/src/main/java/com/bbn/metrics/service/QueueMetricsService.java b/src/takserver-core/src/main/java/com/bbn/metrics/service/QueueMetricsService.java
index bac023dd..9018d6d7 100644
--- a/src/takserver-core/src/main/java/com/bbn/metrics/service/QueueMetricsService.java
+++ b/src/takserver-core/src/main/java/com/bbn/metrics/service/QueueMetricsService.java
@@ -9,7 +9,7 @@
 import com.bbn.marti.service.BrokerService;
 import com.bbn.marti.service.RepositoryService;
 import com.bbn.marti.service.SubmissionService;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 
 public final class QueueMetricsService implements Serializable {
diff --git a/src/takserver-core/src/main/java/com/bbn/vbm/VBMConfigurationApi.java b/src/takserver-core/src/main/java/com/bbn/vbm/VBMConfigurationApi.java
index 95c9af15..77106719 100644
--- a/src/takserver-core/src/main/java/com/bbn/vbm/VBMConfigurationApi.java
+++ b/src/takserver-core/src/main/java/com/bbn/vbm/VBMConfigurationApi.java
@@ -1,8 +1,8 @@
 package com.bbn.vbm;
 
+import com.bbn.marti.remote.CoreConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -10,8 +10,8 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import com.bbn.marti.config.Vbm;
-import com.bbn.marti.remote.CoreConfig;
-import com.bbn.marti.service.DistributedConfiguration;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 @Validated
 @RestController
@@ -20,18 +20,18 @@ public class VBMConfigurationApi {
 	
     Logger logger = LoggerFactory.getLogger(VBMConfigurationApi.class);
     
-    @Autowired
-    CoreConfig config;
-
     @RequestMapping(value = "/config", method = RequestMethod.GET)
     public VBMConfigurationModel getVBMConfiguration() {
     	
     	try {
-    		Vbm vbm = DistributedConfiguration.getInstance().getVbm();
+    		Vbm vbm = CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm();
     		VBMConfigurationModel config = new VBMConfigurationModel();
     		config.setVbmEnabled(vbm.isEnabled());
     		config.setSADisabled(vbm.isDisableSASharing());
     		config.setChatDisabled(vbm.isDisableChatSharing());
+			config.setIsmStrictEnforcing(vbm.isIsmStrictEnforcing());
+			config.setIsmUrl(vbm.getIsmUrl());
+    		config.setNetworkClassification(vbm.getNetworkClassification());
 			
 			return config;
 			
@@ -50,15 +50,36 @@ public void setVBMConfiguration(@RequestBody VBMConfigurationModel vbmConfigurat
     	
     	try {
     		Vbm vbm = new Vbm();
-    		vbm.setReturnCopsWithPublicMissions(config.getRemoteConfiguration().getVbm().isReturnCopsWithPublicMissions());
+    		vbm.setReturnCopsWithPublicMissions(CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isReturnCopsWithPublicMissions());
+            vbm.setIsmConnectTimeoutSeconds(CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().getIsmConnectTimeoutSeconds());
+            vbm.setIsmReadTimeoutSeconds(CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().getIsmReadTimeoutSeconds());
     		vbm.setDisableChatSharing(vbmConfigurationModel.isChatDisabled());
     		vbm.setDisableSASharing(vbmConfigurationModel.isSADisabled());
     		vbm.setEnabled(vbmConfigurationModel.isVbmEnabled());
+    		vbm.setIsmStrictEnforcing(vbmConfigurationModel.isIsmStrictEnforcing());
+			vbm.setIsmUrl(vbmConfigurationModel.getIsmUrl());
+    		vbm.setNetworkClassification(vbmConfigurationModel.getNetworkClassification());
     		
-    		config.setAndSaveVbmConfiguration(vbm);
+    		CoreConfigFacade.getInstance().setAndSaveVbmConfiguration(vbm);
 		} catch (Exception e) {
 			logger.error("Error in setVBMConfiguration: ", e);
 			throw new RuntimeException(e);
 		}
     }
+
+	@RequestMapping(value = "/classification", method = RequestMethod.GET)
+	public String getVBMNetworkClassification() {
+
+		try {
+			String classification = null;
+			Vbm vbm = CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm();
+			if (vbm != null) {
+				classification = vbm.getNetworkClassification();
+			}
+			return classification;
+		} catch (Exception e) {
+			logger.error("Error in getVBMNetworkClassification: ", e);
+			throw new RuntimeException(e);
+		}
+	}
 }
diff --git a/src/takserver-core/src/main/java/com/bbn/vbm/VBMConfigurationModel.java b/src/takserver-core/src/main/java/com/bbn/vbm/VBMConfigurationModel.java
index 662b2db4..f01242c4 100644
--- a/src/takserver-core/src/main/java/com/bbn/vbm/VBMConfigurationModel.java
+++ b/src/takserver-core/src/main/java/com/bbn/vbm/VBMConfigurationModel.java
@@ -8,7 +8,10 @@ public class VBMConfigurationModel {
 	private boolean vbmEnabled;
 	private boolean saDisabled;
 	private boolean chatDisabled;
-	
+	private boolean ismStrictEnforcing;
+	private String ismUrl;
+	private String networkClassification;
+
 	public VBMConfigurationModel() {
 		this.vbmEnabled = false;
 	}
@@ -36,4 +39,28 @@ public boolean isSADisabled() {
 	public void setSADisabled(boolean saDisabled) {
 		this.saDisabled = saDisabled;
 	}
+
+	public boolean isIsmStrictEnforcing() {
+		return ismStrictEnforcing;
+	}
+
+	public void setIsmStrictEnforcing(boolean ismStrictEnforcing) {
+		this.ismStrictEnforcing = ismStrictEnforcing;
+	}
+
+	public String getIsmUrl() {
+		return ismUrl;
+	}
+
+	public void setIsmUrl(String ismUrl) {
+		this.ismUrl = ismUrl;
+	}
+
+	public String getNetworkClassification() {
+		return networkClassification;
+	}
+
+	public void setNetworkClassification(String networkClassification) {
+		this.networkClassification = networkClassification;
+	}
 }
diff --git a/src/takserver-core/src/main/java/org/eclipse/jetty/util/BlockingArrayQueue.java b/src/takserver-core/src/main/java/org/eclipse/jetty/util/BlockingArrayQueue.java
index f9327cbf..5e3ed439 100644
--- a/src/takserver-core/src/main/java/org/eclipse/jetty/util/BlockingArrayQueue.java
+++ b/src/takserver-core/src/main/java/org/eclipse/jetty/util/BlockingArrayQueue.java
@@ -666,9 +666,7 @@ public E remove(int index)
                     {
                         System.arraycopy(_elements,1,_elements,0,tail);
                         --_indexes[TAIL_OFFSET];
-                    }
-                    else
-                    {
+                    } else {
                         _indexes[TAIL_OFFSET] = capacity - 1;
                     }
                     _elements[_indexes[TAIL_OFFSET]] = null;
@@ -708,9 +706,7 @@ public ListIterator<E> listIterator(int index)
                     if (head < tail)
                     {
                         System.arraycopy(_elements,head,elements,0,tail - head);
-                    }
-                    else
-                    {
+                    } else {
                         int chunk = _elements.length - head;
                         System.arraycopy(_elements,head,elements,0,chunk);
                         System.arraycopy(_elements,0,elements,chunk,tail);
@@ -791,9 +787,7 @@ else if (head > tail || _size.get() > 0)
                     int cut = capacity - head;
                     System.arraycopy(_elements,head,elements,0,cut);
                     System.arraycopy(_elements,0,elements,cut,tail);
-                }
-                else
-                {
+                } else {
                     newTail = 0;
                 }
 
diff --git a/src/takserver-core/src/main/java/tak/server/ServerConfiguration.java b/src/takserver-core/src/main/java/tak/server/ServerConfiguration.java
index b02b3e83..2ff549ae 100644
--- a/src/takserver-core/src/main/java/tak/server/ServerConfiguration.java
+++ b/src/takserver-core/src/main/java/tak/server/ServerConfiguration.java
@@ -7,15 +7,21 @@
 import java.lang.reflect.Method;
 import java.nio.file.Paths;
 import java.rmi.RemoteException;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
+import java.util.Map;
 import java.util.Properties;
 import java.util.UUID;
 
 import javax.sql.DataSource;
 
+import com.bbn.marti.jwt.JwtUtils;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.catalina.Container;
 import org.apache.catalina.Context;
 import org.apache.catalina.Wrapper;
@@ -25,11 +31,15 @@
 import org.apache.ignite.Ignite;
 import org.apache.ignite.cache.spring.SpringCacheManager;
 import org.apache.ignite.configuration.CacheConfiguration;
+import org.apache.tomcat.util.net.SSLHostConfig;
+import org.apache.tomcat.util.net.SSLHostConfigCertificate;
+import org.hibernate.jpa.HibernatePersistenceProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.bridge.SLF4JBridgeHandler;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
+import org.springframework.boot.WebApplicationType;
 import org.springframework.boot.autoconfigure.domain.EntityScan;
 import org.springframework.boot.web.embedded.tomcat.TomcatContextCustomizer;
 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
@@ -45,13 +55,17 @@
 import org.springframework.context.annotation.ImportResource;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.context.annotation.Profile;
+import org.springframework.context.annotation.Scope;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
+import org.springframework.format.support.FormattingConversionServiceFactoryBean;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.oxm.Marshaller;
+import org.springframework.oxm.jaxb.Jaxb2Marshaller;
 import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.transaction.annotation.EnableTransactionManagement;
 import org.springframework.web.context.request.RequestContextListener;
 
 import com.bbn.cluster.ClusterGroupDefinition;
@@ -65,6 +79,12 @@
 import com.bbn.marti.config.Network;
 import com.bbn.marti.config.Oauth;
 import com.bbn.marti.config.Security;
+import tak.server.config.ApiConfiguration;
+import tak.server.config.ApiOnlyConfiguration;
+import tak.server.config.ConfigServiceConfiguration;
+import tak.server.config.MessagingConfiguration;
+import tak.server.config.MessagingOnlyConfiguration;
+import tak.server.util.ActiveProfiles;
 import com.bbn.marti.config.Tls;
 import com.bbn.marti.config.Tls.Crl;
 import com.bbn.marti.dao.kml.JDBCCachingKMLDao;
@@ -77,15 +97,16 @@
 import com.bbn.marti.groups.X509Authenticator;
 import com.bbn.marti.logging.AuditLogUtil;
 import com.bbn.marti.maplayer.MapLayerService;
-import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.model.kml.Icon;
+import com.bbn.marti.model.kml.Iconset;
 import com.bbn.marti.remote.SubmissionInterface;
 import com.bbn.marti.remote.SubscriptionManagerLite;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.groups.GroupManager;
+import com.bbn.marti.remote.util.LoggingConfigPropertiesSetupUtil;
 import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.service.ClusterSubscriptionStore;
-import com.bbn.marti.service.DistributedConfiguration;
-import com.bbn.marti.service.LocalConfiguration;
+import com.bbn.marti.remote.config.LocalConfiguration;
 import com.bbn.marti.service.RepositoryService;
 import com.bbn.marti.service.SubscriptionManager;
 import com.bbn.marti.service.SubscriptionStore;
@@ -99,7 +120,11 @@
 import com.bbn.marti.sync.cache.MethodNameMultiStringArgCacheKeyGenerator;
 import com.bbn.marti.sync.federation.MissionChangeAspect;
 import com.bbn.marti.sync.model.MissionChange;
+import com.bbn.marti.sync.model.MissionChanges;
 import com.bbn.marti.sync.model.MissionFeed;
+import com.bbn.marti.sync.model.MissionLayer;
+import com.bbn.marti.sync.model.Resource;
+import com.bbn.marti.sync.model.UidDetails;
 import com.bbn.marti.sync.repository.DataFeedRepository;
 import com.bbn.marti.sync.repository.ExternalMissionDataRepository;
 import com.bbn.marti.sync.repository.LogEntryRepository;
@@ -116,7 +141,7 @@
 import com.bbn.marti.sync.service.MissionServiceDefaultImpl;
 import com.bbn.marti.util.CommonUtil;
 import com.bbn.marti.util.VersionBean;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.bbn.marti.util.spring.TakAuthenticationProvider;
 import com.bbn.metrics.MetricsCollector;
 import com.bbn.metrics.MissionServiceAspect;
@@ -128,18 +153,19 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.google.common.base.Strings;
+import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
+import com.nimbusds.jose.jwk.source.JWKSource;
+import com.nimbusds.jose.proc.SecurityContext;
 import com.zaxxer.hikari.HikariDataSource;
 
+import jakarta.persistence.EntityManagerFactory;
 import tak.server.cache.ActiveGroupCacheHelper;
 import tak.server.cache.CoTCacheHelper;
 import tak.server.cache.MissionCacheHelper;
 import tak.server.cache.TakIgniteSpringCacheManager;
 import tak.server.cluster.ClusterManager;
 import tak.server.cluster.DistributedSubmissionService;
-import tak.server.config.ApiConfiguration;
-import tak.server.config.ApiOnlyConfiguration;
-import tak.server.config.MessagingConfiguration;
-import tak.server.config.MessagingOnlyConfiguration;
 import tak.server.filemanager.FileManagerService;
 import tak.server.filemanager.FileManagerServiceDefaultImpl;
 import tak.server.ignite.IgniteConfigurationHolder;
@@ -150,13 +176,21 @@
 import tak.server.util.DataSourceUtils;
 import tak.server.util.JavaVersionChecker;
 
-@ImportResource({"classpath:app-context.xml", "classpath:security-context.xml"})
+import org.springframework.orm.jpa.JpaTransactionManager;
+import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
+import org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor;
+import org.springframework.orm.jpa.vendor.HibernateJpaDialect;
+import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
+
+@org.springframework.context.annotation.Configuration
+@ImportResource({"classpath:security-context.xml"})
 @Import({ApiConfiguration.class, ApiOnlyConfiguration.class, MessagingConfiguration.class, MessagingOnlyConfiguration.class})
 @EnableCaching
 @EnableAsync
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-@EnableJpaRepositories(basePackages= {"com.bbn.marti.sync.repository"})
-@EntityScan(basePackages={"com.bbn.marti.sync.model, tak.server.feeds"})
+@EnableJpaRepositories(basePackages= {"com.bbn.marti.sync.repository", "com.bbn.marti.dao.kml", "com.bbn.tak.tls.repository", "com.bbn.marti.device.profile.repository", "com.bbn.marti.maplayer.repository", "com.bbn.user.registration.repository", "com.bbn.marti.video", "tak.server.feeds"})
+@EntityScan(basePackages={"com.bbn.marti.sync.model", "tak.server.feeds"})
+@EnableTransactionManagement
 public class ServerConfiguration extends SpringBootServletInitializer  {
 	/*
 	 * This configuration contains beans that common to all configs (See Constants.java for configurations)
@@ -175,48 +209,62 @@ public static void main(String[] args) {
 
 		Locale.setDefault(Locale.US);
 
-    	if(args.length > 0 && !args[0].startsWith("--")) {
-
-            LocalConfiguration.CONFIG_FILE = args[0];
+    	if (args.length > 0 && !args[0].startsWith("--")) {
 
+			if (ActiveProfiles.getInstance().isConfigProfileActive()) {
+				LocalConfiguration.CONFIG_FILE = args[0];
+			}
             args = Arrays.copyOfRange(args, 1, args.length);
         }
 
-		SpringApplication application = new SpringApplication(ServerConfiguration.class);
-
-		try {
+		SpringApplication application = null;
 
-			LocalConfiguration config = LocalConfiguration.getInstance();
-			ClusterGroupDefinition.setCluster(config.getConfiguration().getCluster().isEnabled());
-			ClusterGroupDefinition.setProfile(LocalConfiguration.getInstance().getProfile());
-			setupInitialConfig(application, config);
+		if (ActiveProfiles.getInstance().isConfigProfileActive())
+		{
+			application = new SpringApplication(ConfigServiceConfiguration.class);
+			application.setWebApplicationType(WebApplicationType.NONE);
+		} else {
+			application = new SpringApplication(ServerConfiguration.class);
+		}
 
-			if (!config.getConfiguration().getNetwork().isCloudwatchEnable()) {
-				AwsCloudEnvironmentCheckUtils.setIsCloudEnvironment(false);
-			}
 
+		try {
+			ClusterGroupDefinition.setCluster(
+					IgniteConfigurationHolder.getInstance().getTAKIgniteConfiguration().isClusterEnabled());
+			ClusterGroupDefinition.setProfile(ActiveProfiles.getInstance().getProfile());
 		} catch (Exception e) {
 			logger.error("exception initializing remote configuration", e);
 			throw new TakException(e);
 
 		}
-
-		boolean hasConsoleProfile = Arrays.stream(System.getProperties().getProperty("spring.profiles.active", "").split(","))
-											.anyMatch("consolelog"::equals);
-
-		if (!hasConsoleProfile && !System.getProperties().containsKey(SYSARG_ENABLE_IGNITE_LOGGING)) {
+		if (!ActiveProfiles.getInstance().isConsoleProfileActive() &&
+				!System.getProperties().containsKey(SYSARG_ENABLE_IGNITE_LOGGING)) {
 			disableAccessWarnings();
 			disableStdout();
 		}
 
-		logger.info("Starting Ignite");
+		if (ActiveProfiles.getInstance().isConfigProfileActive()) {
+			ConfigServiceConfiguration.setInitialAppProps(application);
+			logger.info("Starting Config Microservice");
+		} else {
+			try {
+				logger.info("Starting Ignite for TAK Server" + ActiveProfiles.getInstance().getProfile() + "Service.");
+				Configuration configuration = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
-		IgniteHolder.getInstance();
+				setupInitialConfig(application, configuration);
 
-		logger.info("Starting TAK Server");
+				if (!configuration.getNetwork().isCloudwatchEnable()) {
+					AwsCloudEnvironmentCheckUtils.setIsCloudEnvironment(false);
+				}
+			} catch (Exception e) {
+				logger.error("exception initializing remote configuration", e);
+				throw new TakException(e);
+			}
+		}
 
 		@SuppressWarnings("unused")
 		ApplicationContext context = application.run(args);
+		logger.info("Started TAK Server " + ActiveProfiles.getInstance().getProfile() + " Microservice.");
 		JavaVersionChecker.check(logger);
 	}
 
@@ -230,7 +278,7 @@ public static void main(String[] args) {
 	@Profile({Constants.API_PROFILE_NAME, Constants.MONOLITH_PROFILE_NAME})
 	public TomcatServletWebServerFactory containerFactory() throws RemoteException {
 
-		Configuration config = LocalConfiguration.getInstance().getConfiguration();
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
 		final List<Network.Connector> connectors = config.getNetwork().getConnector();
 
@@ -239,7 +287,7 @@ public TomcatServletWebServerFactory containerFactory() throws RemoteException {
 		factory.addErrorPages(new ErrorPage(HttpStatus.NOT_FOUND, "/error"));
 
 		String loginUrl = "/login";
-		Oauth oauthConfig = LocalConfiguration.getInstance().getConfiguration().getAuth().getOauth();
+		Oauth oauthConfig = config.getAuth().getOauth();
 		if (oauthConfig != null && !oauthConfig.isUseTakServerLoginPage() && !oauthConfig.getAuthServer().isEmpty()) {
 			loginUrl = "/login/auth";
 		}
@@ -266,8 +314,12 @@ public TomcatServletWebServerFactory containerFactory() throws RemoteException {
 						if (crl != null) {
 							if (!Strings.isNullOrEmpty(crl.getCrlFile())) {
 								factory.addConnectorCustomizers(connector -> {
-									((AbstractHttp11Protocol<?>) connector.getProtocolHandler())
-									.setCrlFile(crl.getCrlFile());
+//									((AbstractHttp11Protocol<?>) connector.getProtocolHandler()).setCrlFile(crl.getCrlFile()); 
+									AbstractHttp11Protocol protocol = (AbstractHttp11Protocol) connector.getProtocolHandler();
+									for (SSLHostConfig sSLHostConfig: protocol.findSslHostConfigs()) {
+										sSLHostConfig.setCertificateRevocationListFile(crl.getCrlFile());
+									}
+								    
 								});
 							}
 						}
@@ -298,7 +350,7 @@ public void customize(Context context) {
 				try {
 					factory.addAdditionalTomcatConnectors(configureConnector(connectors.get(i)));
 				} catch (Exception e) { // if there is a problem setting up one of the connectors, still try to create the others.
-					logger.debug("exception setting up http connector " + (connectors.get(i).getName()));
+					logger.warn("Exception setting up http connector " + (connectors.get(i).getName()), e);
 				}
 			}
 		}
@@ -311,7 +363,7 @@ public void customize(Context context) {
 
 			logger.info("Tomcat base directory: " + cwd);
 		} catch (Exception e) {
-			logger.warn("exception setting Tomcat working directory", e);
+			logger.warn("Exception setting Tomcat working directory", e);
 		}
 
 		return factory;
@@ -319,7 +371,7 @@ public void customize(Context context) {
 
 	private Connector configureConnector(Network.Connector coreConnector) {
 
-		Configuration config = LocalConfiguration.getInstance().getConfiguration();
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
 		Tls tls = config.getSecurity().getTls();
 
@@ -373,7 +425,7 @@ private Connector configureConnector(Network.Connector coreConnector) {
 			}
 
 		} catch (Exception e) {
-			logger.warn("exception checking tls keystore and truststore files", e);
+			logger.warn("Exception checking tls keystore and truststore files", e);
 		}
 
 		try {
@@ -402,18 +454,35 @@ private Connector configureConnector(Network.Connector coreConnector) {
 				connector.setScheme("https");
 				connector.setSecure(true);
 				protocol.setSSLEnabled(true);
-				protocol.setClientAuth(coreConnector.getClientAuth());
+				
+				SSLHostConfig sslHostConfig = new SSLHostConfig();
+								
+//				protocol.setClientAuth(coreConnector.getClientAuth());
+				
+				// Starting from Tomcat 10
+				sslHostConfig.setCertificateVerification(coreConnector.getClientAuth());
 
 				if (!config.getNetwork().getWebCiphers().isEmpty()) {
-					protocol.setCiphers(config.getNetwork().getWebCiphers());
+//					protocol.setCiphers(config.getNetwork().getWebCiphers());
+					sslHostConfig.setCiphers(config.getNetwork().getWebCiphers());
 				}
-
-				protocol.setKeystoreType(keystore);
-				protocol.setKeystoreFile(keystoreFile);
-				protocol.setKeystorePass(keystorePass);
+				
+				SSLHostConfigCertificate sslHostConfigCertificate = new SSLHostConfigCertificate(sslHostConfig,
+					SSLHostConfigCertificate.Type.UNDEFINED);
+
+//				protocol.setKeystoreType(keystore);
+				sslHostConfigCertificate.setCertificateKeystoreType(keystore);
+//				protocol.setKeystoreFile(keystoreFile);
+				sslHostConfigCertificate.setCertificateKeystoreFile(keystoreFile);
+//				protocol.setKeystorePass(keystorePass);
+				sslHostConfigCertificate.setCertificateKeystorePassword(keystorePass);
+				
+				sslHostConfig.addCertificate(sslHostConfigCertificate);
 
 				if (coreConnector.getCrlFile() != null) {
-					protocol.setCrlFile(coreConnector.getCrlFile());
+//					protocol.setCrlFile(coreConnector.getCrlFile());
+					sslHostConfig.setRevocationEnabled(true);
+					sslHostConfig.setCertificateRevocationListFile(coreConnector.getCrlFile());
 				}
 
 				if (fedTruststoreExists && coreConnector.isUseFederationTruststore()) {
@@ -423,19 +492,31 @@ private Connector configureConnector(Network.Connector coreConnector) {
 
 					Tls fedTls = config.getFederation().getFederationServer().getTls();
 
-					protocol.setTruststoreType(fedTls.getTruststore());
-					protocol.setTruststoreFile(fedTls.getTruststoreFile());
-					protocol.setTruststorePass(fedTls.getTruststorePass());
+//					protocol.setTruststoreType(fedTls.getTruststore());
+					sslHostConfig.setTruststoreType(fedTls.getTruststore());
+//					protocol.setTruststoreFile(fedTls.getTruststoreFile());
+					sslHostConfig.setTruststoreFile(fedTls.getTruststoreFile());
+//					protocol.setTruststorePass(fedTls.getTruststorePass());
+					sslHostConfig.setTruststorePassword(fedTls.getTruststorePass());
+
 					connector.setProperty("bindOnInit", "false");
 
 				} else {
 					if (tlsKeystoreTruststoreExist) {
-						protocol.setTruststoreType(truststore);
-						protocol.setTruststoreFile(truststoreFile);
-						protocol.setTruststorePass(truststorePass);
+						
+//						protocol.setTruststoreType(truststore);
+						sslHostConfig.setTruststoreType(truststore);
+//						protocol.setTruststoreFile(truststoreFile);
+						sslHostConfig.setTruststoreFile(truststoreFile);
+//						protocol.setTruststorePass(truststorePass);
+						sslHostConfig.setTruststorePassword(truststorePass);
 					}
 				}
-				protocol.setSslEnabledProtocols("TLSv1.2,TLSv1.3");
+//				protocol.setSslEnabledProtocols("TLSv1.2,TLSv1.3");
+				sslHostConfig.setProtocols("TLSv1.2+TLSv1.3");
+				
+				protocol.addSslHostConfig(sslHostConfig);
+				
 			} else {
 				connector.setScheme("http");
 				connector.setSecure(false);
@@ -481,8 +562,8 @@ X509Authenticator x509Authenticator(GroupManager groupManager, ActiveGroupCacheH
 	}
 
 	@Bean("OauthAuthenticator")
-	OAuthAuthenticator OAuthAuthenticator(GroupManager groupManager) {
-		return new OAuthAuthenticator(groupManager);
+	OAuthAuthenticator OAuthAuthenticator(GroupManager groupManager, ActiveGroupCacheHelper activeGroupCacheHelper) {
+		return new OAuthAuthenticator(groupManager, activeGroupCacheHelper);
 	}
 
 	@Bean("fileAuthenticator")
@@ -502,10 +583,17 @@ Ignite ignite() {
 
 	@Bean
 	CacheManager cacheManager(Ignite ignite) {
+		Configuration configuration = null;
+
+		if (ActiveProfiles.getInstance().isConfigProfileActive()) {
+			configuration = LocalConfiguration.getInstance().getConfiguration();
+		}
+		else {
+			configuration = CoreConfigFacade.getInstance().getRemoteConfiguration();
+		}
 
-		LocalConfiguration coreConfig = LocalConfiguration.getInstance();
 
-		Cluster clusterConfig = coreConfig.getConfiguration().getCluster();
+		Cluster clusterConfig = configuration.getCluster();
 
 		SpringCacheManager scm = new TakIgniteSpringCacheManager(ignite);
 
@@ -517,21 +605,22 @@ CacheManager cacheManager(Ignite ignite) {
 
 		}
 
-		scm.setConfiguration(IgniteConfigurationHolder.getInstance().getConfiguration());
+		scm.setConfiguration(IgniteConfigurationHolder.getInstance().getIgniteConfiguration());
 
 		return scm;
 	}
 
 	@Bean
-    public KeyGenerator allMissionsCacheKeyGenerator() {
-        return new AllMissionsCacheKeyGenerator();
+    public KeyGenerator allCopsMissionsCacheKeyGenerator() {
+        return new AllCopMissionsCacheKeyGenerator();
     }
 
 	@Bean
-    public KeyGenerator allCopsMissionsCacheKeyGenerator() {
-        return new AllCopMissionsCacheKeyGenerator();
+    public KeyGenerator allMissionsCacheKeyGenerator() {
+        return new AllMissionsCacheKeyGenerator();
     }
 
+	
 	@Bean
 	public KeyGenerator inviteOnlyMissionsCacheKeyGenerator() {
 		return new InviteOnlyMissionCacheKeyGenerator();
@@ -542,9 +631,7 @@ public KeyGenerator methodNameMultiStringArgCacheKeyGenerator() {
         return new MethodNameMultiStringArgCacheKeyGenerator();
     }
 
-	private static void setupInitialConfig(SpringApplication application, LocalConfiguration coreConfig) {
-		Configuration config = coreConfig.getConfiguration();
-
+	private static void setupInitialConfig(SpringApplication application, Configuration config) {
 		List<String> profiles = new ArrayList<String>();
 
 		if (config.getCluster().isEnabled()) {
@@ -564,7 +651,7 @@ private static void setupInitialConfig(SpringApplication application, LocalConfi
 
 		Network.Connector connector = null;
 
-		if (coreConfig.isApiProfileActive() || coreConfig.isMonolithProfileActive()) {
+		if (ActiveProfiles.getInstance().isApiProfileActive() || ActiveProfiles.getInstance().isMonolithProfileActive()) {
 			// If no connectors are defined in CoreConfig: fail startup
 			if (config.getNetwork().getConnector().isEmpty()) {
 				throw new TakException("No connectors defined in CoreConfig");
@@ -622,7 +709,7 @@ private static void setupInitialConfig(SpringApplication application, LocalConfi
 			}
 		}
 
-		if ((coreConfig.isApiProfileActive() || coreConfig.isMonolithProfileActive()) && tlsKeystoreTruststoreExist && connector.isTls()) {
+		if ((ActiveProfiles.getInstance().isApiProfileActive() || ActiveProfiles.getInstance().isMonolithProfileActive()) && tlsKeystoreTruststoreExist && connector.isTls()) {
 
 			properties.put("server.ssl.client-auth", connector.getClientAuth().toLowerCase(Locale.ENGLISH).equals("true") ? "NEED" : connector.getClientAuth());
 			properties.put("server.ssl.key-store", tls.getKeystoreFile());
@@ -635,22 +722,22 @@ private static void setupInitialConfig(SpringApplication application, LocalConfi
 			}
 		}
 
-		if (coreConfig.getConfiguration().getNetwork().getTomcatMaxPool() > -1) {
-			properties.put("server.tomcat.threads.max", coreConfig.getConfiguration().getNetwork().getTomcatMaxPool());
+		if (config.getNetwork().getTomcatMaxPool() > -1) {
+			properties.put("server.tomcat.threads.max", config.getNetwork().getTomcatMaxPool());
 			
-			if (coreConfig.getConfiguration().getNetwork().isTomcatPoolIdleToMax()) {
-				properties.put("server.tomcat.threads.min-spare", coreConfig.getConfiguration().getNetwork().getTomcatMaxPool());
+			if (config.getNetwork().isTomcatPoolIdleToMax()) {
+				properties.put("server.tomcat.threads.min-spare", config.getNetwork().getTomcatMaxPool());
 			}
 
-			System.out.println("Tomcat explicit worker pool size: " + coreConfig.getConfiguration().getNetwork().getTomcatMaxPool());
+			System.out.println("Tomcat explicit worker pool size: " + config.getNetwork().getTomcatMaxPool());
 
 		} else {
 			
-			int tomcatPoolSize = Runtime.getRuntime().availableProcessors() * coreConfig.getConfiguration().getNetwork().getTomcatPoolMultiplier();
+			int tomcatPoolSize = Runtime.getRuntime().availableProcessors() * config.getNetwork().getTomcatPoolMultiplier();
 			
 			properties.put("server.tomcat.threads.max", tomcatPoolSize);
 			
-			if (coreConfig.getConfiguration().getNetwork().isTomcatPoolIdleToMax()) {
+			if (config.getNetwork().isTomcatPoolIdleToMax()) {
 				properties.put("server.tomcat.threads.min-spare", tomcatPoolSize);
 			}
 			
@@ -687,7 +774,7 @@ private static void setupInitialConfig(SpringApplication application, LocalConfi
 				serverName = UUID.randomUUID().toString();
 			}
 
-			String fullNamespace = config.getNetwork().getCloudwatchNamespace() + "-" + serverName + "-" + (coreConfig.isMessagingProfileActive() ? "messaging" : "api");
+			String fullNamespace = config.getNetwork().getCloudwatchNamespace() + "-" + serverName + "-" + (ActiveProfiles.getInstance().isMessagingProfileActive() ? "messaging" : "api");
 
 			properties.put("management.metrics.export.cloudwatch.namespace", fullNamespace);
 
@@ -702,6 +789,7 @@ private static void setupInitialConfig(SpringApplication application, LocalConfi
 
 		properties.put("cloud.aws.stack.auto", false); // make this configurable?
 
+		LoggingConfigPropertiesSetupUtil.getInstance().setupLoggingProperties(config);
 
 		if (tls != null && fedTruststoreExists && connector != null && connector.isUseFederationTruststore()) {
 			if (config.getFederation() == null || config.getFederation().getFederationServer().getTls() == null) {
@@ -727,10 +815,8 @@ private static void setupInitialConfig(SpringApplication application, LocalConfi
 			logger.warn("exception setting iconset directory location option from CoreConfig", e);
 		}
 
-		if (coreConfig.isMessagingProfileActive()) {
-
+		if (ActiveProfiles.getInstance().isMessagingProfileActive()) {
 			properties.put("server.ssl.enabled", false);
-
 		}
 		// make static content available
 		try {
@@ -744,9 +830,7 @@ private static void setupInitialConfig(SpringApplication application, LocalConfi
 
 	@Bean
 	public HikariDataSource dataSource() {
-        CoreConfig config = DistributedConfiguration.getInstance();
-        
-        return DataSourceUtils.setupDataSourceFromCoreConfig(config);
+        return DataSourceUtils.setupDataSourceFromCoreConfig();
         
 	}
 
@@ -843,9 +927,10 @@ public FileManagerService fileManagerService(DataSource dataSource) {
 	}
 
 	@Bean
-	public SubscriptionManagerProxyHandler subscriptionManagerProxyHandler(CoreConfig config) {
-		return new SubscriptionManagerProxyHandler(config);
+	public SubscriptionManagerProxyHandler subscriptionManagerProxyHandler() {
+		return new SubscriptionManagerProxyHandler();
 	}
+
 	// Used by messaging and API processes
 	@Bean
 	MissionService missionService(
@@ -861,7 +946,6 @@ MissionService missionService(
 			com.bbn.marti.sync.EnterpriseSyncService syncStore,
 			JDBCCachingKMLDao kmlDao,
 			KMLService kmlService,
-			CoreConfig coreConfig,
 			SubmissionInterface submission,
 			ExternalMissionDataRepository externalMissionDataRepository,
 			MissionInvitationRepository missionInvitationRepository,
@@ -891,7 +975,6 @@ MissionService missionService(
 	    		syncStore,
 	    		kmlDao,
 	    		kmlService,
-	    		coreConfig,
 	    		submission,
 	    		externalMissionDataRepository,
 	    		missionInvitationRepository,
@@ -1146,4 +1229,72 @@ public NetworkMetricsEndpoint networkMetrics(@Lazy MetricsCollector metricsColle
 	public EnterpriseSyncCacheHelper enterpriseSyncCacheHelper() {
 		return new EnterpriseSyncCacheHelper();
 	}
+	
+	@Bean
+	@Lazy
+	public LocalContainerEntityManagerFactoryBean entityManagerFactory(@Lazy DataSource dataSource) {
+		LocalContainerEntityManagerFactoryBean bean = new LocalContainerEntityManagerFactoryBean();
+		bean.setDataSource(dataSource);
+		bean.setPersistenceUnitName("martiPersistenceUnit");
+		bean.setPersistenceProviderClass(HibernatePersistenceProvider.class);
+
+		Map<String, Object> jpaProperty = new HashMap<>();
+		jpaProperty.put("hibernate.connection.driver_class", org.postgresql.Driver.class);
+		jpaProperty.put("hibernate.hbm2ddl.auto", "");
+		jpaProperty.put("hibernate.cache.use_query_cache", false);
+		jpaProperty.put("hibernate.cache.use_second_level_cache", false);
+		jpaProperty.put("hibernate.dialect", org.hibernate.dialect.PostgreSQLDialect.class);
+		jpaProperty.put("jakarta.persistence.sharedCache.mode", "ENABLE_SELECTIVE");
+		jpaProperty.put("hibernate.enable_lazy_load_no_trans", true);
+		bean.setJpaPropertyMap(jpaProperty);
+
+		bean.setJpaDialect(new HibernateJpaDialect());
+
+		bean.setJpaVendorAdapter(new HibernateJpaVendorAdapter());
+
+		bean.setPackagesToScan("com.bbn.marti.model.kml", "com.bbn.marti.sync.model", "com.bbn.tak.tls",
+				"com.bbn.marti.device.profile.model", "com.bbn.marti.maplayer.model", "com.bbn.user.registration.model",
+				"com.bbn.marti.video", "tak.server.feeds");
+
+		return bean;
+	}
+
+	@Bean
+	public PersistenceAnnotationBeanPostProcessor persistenceAnnotationBeanPostProcessor() {
+		return new PersistenceAnnotationBeanPostProcessor();
+	}
+
+	@Bean
+	@Scope("prototype")
+	public Jaxb2Marshaller jaxb2Marshaller() {
+		
+		Jaxb2Marshaller bean = new Jaxb2Marshaller();
+		bean.setClassesToBeBound(Iconset.class, Icon.class, MissionChanges.class, MissionChange.class, MissionLayer.class, UidDetails.class, Resource.class);
+		
+		return bean;
+
+	}
+	
+	@Bean
+	public JpaTransactionManager transactionManager(EntityManagerFactory entityManagerFactory) {
+		JpaTransactionManager bean = new JpaTransactionManager(entityManagerFactory);
+		return bean;
+	}
+	
+	@Bean("mvcConversionService")
+	public FormattingConversionServiceFactoryBean mvcConversionService(){
+	  return new FormattingConversionServiceFactoryBean();
+	}
+
+	@Bean
+	public JWKSource<SecurityContext> jwkSource() {
+		RSAPublicKey publicKey = (RSAPublicKey) JwtUtils.getInstance().getPublicKey();
+		RSAPrivateKey privateKey = (RSAPrivateKey) JwtUtils.getInstance().getPrivateKey();
+		com.nimbusds.jose.jwk.RSAKey rsaKey = new com.nimbusds.jose.jwk.RSAKey.Builder(publicKey)
+				.privateKey(privateKey)
+				.keyID(UUID.randomUUID().toString())
+				.build();
+		JWKSet jwkSet = new JWKSet(rsaKey);
+		return new ImmutableJWKSet<SecurityContext>(jwkSet);
+	}
 }
diff --git a/src/takserver-core/src/main/java/tak/server/api/DistributedPluginCoreConfigApi.java b/src/takserver-core/src/main/java/tak/server/api/DistributedPluginCoreConfigApi.java
index 0883c25a..26c82332 100644
--- a/src/takserver-core/src/main/java/tak/server/api/DistributedPluginCoreConfigApi.java
+++ b/src/takserver-core/src/main/java/tak/server/api/DistributedPluginCoreConfigApi.java
@@ -1,5 +1,6 @@
 package tak.server.api;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.ignite.services.ServiceContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -43,7 +44,7 @@ public void execute(ServiceContext ctx) throws Exception {
 
 	@Override
 	public synchronized Security getSecurity() throws Exception {
-		com.bbn.marti.config.Tls tls = ApiDependencyProxy.getInstance().coreConfig().getRemoteConfiguration().getSecurity().getTls();
+		com.bbn.marti.config.Tls tls = CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity().getTls();
 		if (security == null) {
 			security = new Security(new Tls(tls.getKeystore(), tls.getKeystoreFile(), tls.getKeystorePass(),
 					tls.getTruststore(), tls.getTruststoreFile(), tls.getTruststorePass(),
diff --git a/src/takserver-core/src/main/java/tak/server/cluster/ClusterManager.java b/src/takserver-core/src/main/java/tak/server/cluster/ClusterManager.java
index 750ededd..cc35fc7e 100755
--- a/src/takserver-core/src/main/java/tak/server/cluster/ClusterManager.java
+++ b/src/takserver-core/src/main/java/tak/server/cluster/ClusterManager.java
@@ -3,11 +3,14 @@
 import static java.util.Objects.requireNonNull;
 
 import java.io.IOException;
-import java.time.Duration;
 import java.util.Locale;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicLong;
 
+import com.google.common.base.Strings;
+import io.nats.client.Connection;
+import io.nats.client.Nats;
+
 import org.antlr.v4.runtime.ANTLRInputStream;
 import org.antlr.v4.runtime.BailErrorStrategy;
 import org.antlr.v4.runtime.CommonTokenStream;
@@ -24,28 +27,27 @@
 import org.springframework.context.ApplicationListener;
 import org.springframework.context.event.ContextRefreshedEvent;
 
+import atakmap.commoncommo.protobuf.v1.Missionannouncement.MissionAnnouncement;
+
 import com.atakmap.Tak.ROL;
+
+import tak.server.util.ActiveProfiles;
 import com.bbn.marti.config.Cluster;
 import com.bbn.marti.remote.ServerInfo;
 import com.bbn.marti.remote.exception.NotFoundException;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.DistributedSubscriptionManager;
-import com.bbn.marti.service.LocalConfiguration;
 import com.bbn.marti.service.Resources;
 import com.bbn.marti.service.Subscription;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import com.google.common.base.Strings;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
+
 
-import atakmap.commoncommo.protobuf.v1.Missionannouncement.MissionAnnouncement;
-import io.micrometer.core.instrument.Metrics;
-import io.nats.client.Connection;
-import io.nats.client.Dispatcher;
-import io.nats.client.Nats;
 import mil.af.rl.rol.RolLexer;
 import mil.af.rl.rol.RolParser;
+
 import tak.server.CommonConstants;
 import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 import tak.server.messaging.MessageConverter;
 import tak.server.qos.MessageBaseStrategy;
@@ -60,7 +62,7 @@ public class ClusterManager implements ApplicationContextAware, ApplicationListe
 
 	private static ClusterManager instance;
 
-	private final DistributedConfiguration coreConfig = DistributedConfiguration.getInstance();
+	private final CoreConfigFacade coreConfig = CoreConfigFacade.getInstance();
 
 	private final Cluster config = coreConfig.getRemoteConfiguration().getCluster();
 	
@@ -115,7 +117,7 @@ public void onApplicationEvent(ContextRefreshedEvent event) {
 		}
 		
 
-		if (LocalConfiguration.getInstance().isMessagingProfileActive()) {
+		if (ActiveProfiles.getInstance().isMessagingProfileActive()) {
 			Resources.clusterStateProcessor.execute(() -> {
 				try {
 					natsConnection.createDispatcher().subscribe(Constants.CLUSTER_DATA_MESSAGE, m -> {
diff --git a/src/takserver-core/src/main/java/tak/server/cluster/DistributedInputManager.java b/src/takserver-core/src/main/java/tak/server/cluster/DistributedInputManager.java
index 72c40d3c..758c61fd 100644
--- a/src/takserver-core/src/main/java/tak/server/cluster/DistributedInputManager.java
+++ b/src/takserver-core/src/main/java/tak/server/cluster/DistributedInputManager.java
@@ -1,11 +1,5 @@
 package tak.server.cluster;
 
-import java.util.Collection;
-
-import org.apache.ignite.services.ServiceContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import com.bbn.marti.config.DataFeed;
 import com.bbn.marti.config.Input;
 import com.bbn.marti.remote.InputMetric;
@@ -14,76 +8,102 @@
 import com.bbn.marti.remote.groups.NetworkInputAddResult;
 import com.bbn.marti.remote.service.InputManager;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
+import org.apache.ignite.services.ServiceContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Collection;
 
 /**
+ *
  */
 public class DistributedInputManager implements InputManager, org.apache.ignite.services.Service {
-	private static final long serialVersionUID = -2201082174814064404L;
-	private static final Logger logger = LoggerFactory.getLogger(DistributedInputManager.class);
+    private static final long serialVersionUID = -2201082174814064404L;
+    private static final Logger logger = LoggerFactory.getLogger(DistributedInputManager.class);
+
+    @Override
+    public void cancel(ServiceContext ctx) {
+        if (logger.isDebugEnabled()) {
+            logger.debug(getClass().getSimpleName() + " service cancelled");
+        }
+    }
+
+    @Override
+    public void init(ServiceContext ctx) throws Exception {
+        if (logger.isDebugEnabled()) {
+            logger.debug("init method " + getClass().getSimpleName());
+        }
+    }
 
-	@Override
-	public void cancel(ServiceContext ctx) {
-		if (logger.isDebugEnabled()) {
-			logger.debug(getClass().getSimpleName() + " service cancelled");
-		}
-	}
+    @Override
+    public void execute(ServiceContext ctx) throws Exception {
+        if (logger.isDebugEnabled()) {
+            logger.debug("execute method " + getClass().getSimpleName());
+        }
+    }
 
-	@Override
-	public void init(ServiceContext ctx) throws Exception {
-		if (logger.isDebugEnabled()) {
-			logger.debug("init method " + getClass().getSimpleName());
-		}
-	}
+    @Override
+    public NetworkInputAddResult createInput(Input input, boolean saveConfig) {
+        if (saveConfig) {
+            return MessagingDependencyInjectionProxy.getInstance().submissionService().addInputAndSave(input);
+        } else {
+            return MessagingDependencyInjectionProxy.getInstance().submissionService().addInputNoSave(input);
+        }
+    }
 
-	@Override
-	public void execute(ServiceContext ctx) throws Exception {
-		if (logger.isDebugEnabled()) {
-			logger.debug("execute method " + getClass().getSimpleName());
-		}
-	}
-	
-	@Override
-	public NetworkInputAddResult createInput(Input input) {
-		return MessagingDependencyInjectionProxy.getInstance().submissionService().addInputAndSave(input);
-	}
+    @Override
+    public NetworkInputAddResult createDataFeed(DataFeed dataFeed, boolean saveConfig) {
+        if (saveConfig) {
+            return MessagingDependencyInjectionProxy.getInstance().submissionService().addInputAndSave(dataFeed);
+        } else {
+            return MessagingDependencyInjectionProxy.getInstance().submissionService().addInputNoSave(dataFeed);
+        }
+    }
 
-	@Override
-	public NetworkInputAddResult createDataFeed(DataFeed dataFeed) {
-		return MessagingDependencyInjectionProxy.getInstance().submissionService().addInputAndSave(dataFeed);
-	}
-	
-	@Override
-	public void updateFederationDataFeed(DataFeed dataFeed) {
-		MessagingDependencyInjectionProxy.getInstance().submissionService().addMetric(dataFeed, new InputMetric(dataFeed));
-	}
+    @Override
+    public void updateFederationDataFeed(DataFeed dataFeed) {
+        MessagingDependencyInjectionProxy.getInstance().submissionService().addMetric(dataFeed, new InputMetric(dataFeed));
+    }
 
-	@Override
-	public ConnectionModifyResult modifyInput(String id, Input input) {
-		return MessagingDependencyInjectionProxy.getInstance().submissionService().modifyInputAndSave(id, input);
-	}
+    @Override
+    public ConnectionModifyResult modifyInput(String id, Input input, boolean saveConfig) {
+        if (saveConfig) {
+            return MessagingDependencyInjectionProxy.getInstance().submissionService().modifyInputAndSave(id, input);
+        } else {
+            return MessagingDependencyInjectionProxy.getInstance().submissionService().modifyInputNoSave(id, input);
+        }
+    }
 
-	@Override
-	public void deleteInput(String name) {
-		MessagingDependencyInjectionProxy.getInstance().submissionService().removeInputAndSave(name);
-	}
+    @Override
+    public void deleteInput(String name, boolean saveConfig) {
+        if (saveConfig) {
+            MessagingDependencyInjectionProxy.getInstance().submissionService().removeInputAndSave(name);
+        } else {
+            MessagingDependencyInjectionProxy.getInstance().submissionService().removeInputNoSave(name);
+        }
+    }
 
-	@Override
-	public void deleteDataFeed(String name) {
-		MessagingDependencyInjectionProxy.getInstance().submissionService().removeDataFeedAndSave(name);
-	}
+    @Override
+    public void deleteDataFeed(String name, boolean saveConfig) {
+        if (saveConfig) {
+            MessagingDependencyInjectionProxy.getInstance().submissionService().removeDataFeedAndSave(name);
+        } else {
+            MessagingDependencyInjectionProxy.getInstance().submissionService().removeDataFeedNoSave(name);
+        }
+    }
 
-	@Override
-	public Collection<InputMetric> getInputMetrics(boolean excludeDataFeeds) {
-		return MessagingDependencyInjectionProxy.getInstance().submissionService().getInputMetrics(excludeDataFeeds);
-	}
+    @Override
+    public Collection<InputMetric> getInputMetrics(boolean excludeDataFeeds) {
+        return MessagingDependencyInjectionProxy.getInstance().submissionService().getInputMetrics(excludeDataFeeds);
+    }
 
-	@Override
-	public MessagingConfigInfo getConfigInfo() {
-		return MessagingDependencyInjectionProxy.getInstance().submissionService().getMessagingConfig();
-	}
+    @Override
+    public MessagingConfigInfo getConfigInfo() {
+        return MessagingDependencyInjectionProxy.getInstance().submissionService().getMessagingConfig();
+    }
 
-	@Override
-	public void modifyConfigInfo(MessagingConfigInfo messagingConfigInfo) {
-		MessagingDependencyInjectionProxy.getInstance().submissionService().modifyMessagingConfig(messagingConfigInfo);
-	}
+    @Override
+    public void modifyConfigInfo(MessagingConfigInfo messagingConfigInfo) {
+        MessagingDependencyInjectionProxy.getInstance().submissionService().modifyMessagingConfig(messagingConfigInfo);
+    }
 }
diff --git a/src/takserver-core/src/main/java/tak/server/config/ApiConfiguration.java b/src/takserver-core/src/main/java/tak/server/config/ApiConfiguration.java
index 3abe47c3..de4eb6e8 100644
--- a/src/takserver-core/src/main/java/tak/server/config/ApiConfiguration.java
+++ b/src/takserver-core/src/main/java/tak/server/config/ApiConfiguration.java
@@ -4,12 +4,14 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 
-import javax.servlet.MultipartConfigElement;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-import javax.servlet.http.HttpSessionListener;
+import jakarta.servlet.MultipartConfigElement;
+import jakarta.servlet.ServletContextEvent;
+import jakarta.servlet.ServletContextListener;
+import jakarta.servlet.http.HttpSessionListener;
 import javax.sql.DataSource;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+
 import org.apache.ignite.Ignite;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -30,6 +32,7 @@
 import org.springframework.security.web.session.HttpSessionEventPublisher;
 import org.springframework.util.unit.DataSize;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@@ -82,22 +85,18 @@
 import com.bbn.marti.network.SubmissionApi;
 import com.bbn.marti.network.UIDSearchApi;
 import com.bbn.marti.oauth.OAuthApi;
-import com.bbn.marti.oauth.TokenApi;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.FederationConfigInterface;
 import com.bbn.marti.remote.groups.FileUserManagementInterface;
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.remote.service.RetentionQueryService;
 import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.repeater.RepeaterApi;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.DistributedFederationHttpConnectorManager;
 import com.bbn.marti.service.DistributedRetentionQueryManager;
 import com.bbn.marti.service.FederationHttpConnectorManager;
 import com.bbn.marti.service.RepositoryService;
 import com.bbn.marti.sync.ContentServlet;
 import com.bbn.marti.sync.DeleteServlet;
-import com.bbn.marti.sync.EnterpriseSyncCacheHelper;
 import com.bbn.marti.sync.EnterpriseSyncService;
 import com.bbn.marti.sync.FileList;
 import com.bbn.marti.sync.JDBCEnterpriseSyncService;
@@ -107,7 +106,6 @@
 import com.bbn.marti.sync.MissionPackageUploadServlet;
 import com.bbn.marti.sync.SearchServlet;
 import com.bbn.marti.sync.UploadServlet;
-import com.bbn.marti.sync.api.ClassificationApi;
 import com.bbn.marti.sync.api.ContactsApi;
 import com.bbn.marti.sync.api.CopViewApi;
 import com.bbn.marti.sync.api.CotApi;
@@ -126,7 +124,7 @@
 import com.bbn.marti.util.IconsetDirWatcher;
 import com.bbn.marti.util.VersionApi;
 import com.bbn.marti.util.spring.HttpSessionCreatedEventListener;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.bbn.marti.util.spring.TakAuthSessionDestructionListener;
 import com.bbn.marti.video.VideoConnectionManager;
 import com.bbn.marti.video.VideoConnectionManagerV2;
@@ -150,12 +148,13 @@
 import com.bbn.user.registration.service.UserRegistrationService;
 import com.bbn.useraccountmanagement.FileUserAccountManagementApi;
 import com.bbn.vbm.VBMConfigurationApi;
-import com.fasterxml.jackson.databind.ObjectMapper;
+
 
 import tak.server.Constants;
 import tak.server.api.DistributedPluginCoreConfigApi;
 import tak.server.api.DistributedPluginFileApi;
 import tak.server.api.DistributedPluginMissionApi;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cache.ContactCacheHelper;
 import tak.server.cache.MissionCacheResolver;
 import tak.server.cache.MissionLayerCacheResolver;
@@ -195,7 +194,7 @@ public class ApiConfiguration implements WebMvcConfigurer {
 	private String compatServletPath;
 
 	@Bean
-	public FederationHttpConnectorManager distributedFederationHttpConnectorManager(Ignite ignite, CoreConfig config) {
+	public FederationHttpConnectorManager distributedFederationHttpConnectorManager(Ignite ignite) {
 		DistributedFederationHttpConnectorManager distributedFederationHttpConnectorManager =  new DistributedFederationHttpConnectorManager();
 		ignite.services(ClusterGroupDefinition.getApiClusterDeploymentGroup(ignite))
 			.deployNodeSingleton(Constants.DISTRIBUTED_FEDERATION_HTTP_CONNECTOR_SERVICE, distributedFederationHttpConnectorManager);
@@ -232,12 +231,12 @@ public void contextDestroyed(ServletContextEvent sce) {
 	@Bean
 	public MultipartConfigElement multipartConfigElement() {
 
-		DistributedConfiguration config = DistributedConfiguration.getInstance();
+		CoreConfigFacade config = CoreConfigFacade.getInstance();
 
 		MultipartConfigFactory factory = new MultipartConfigFactory();
 
-		factory.setMaxFileSize(DataSize.ofBytes(config.getNetwork().getEnterpriseSyncSizeLimitMB() * 1024 * 1024));
-		factory.setMaxRequestSize(DataSize.ofBytes(config.getNetwork().getEnterpriseSyncSizeLimitMB() * 1024 * 1024));
+		factory.setMaxFileSize(DataSize.ofBytes(config.getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB() * 1024 * 1024));
+		factory.setMaxRequestSize(DataSize.ofBytes(config.getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB() * 1024 * 1024));
 
 		return factory.createMultipartConfig();
 	}
@@ -441,11 +440,6 @@ public void addViewControllers(ViewControllerRegistry registry) {
 		registry.addRedirectViewController("/locate/", "/locate/index.html");
 		registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
 	}
-	
-	@Bean
-	CoreConfig coreConfig() {
-		return DistributedConfiguration.getInstance();
-	}
 
 	@Bean
 	CertManagerService certManagerService() {
@@ -601,8 +595,8 @@ public SecurityAuthenticationApi securityAuthenticationApi() {
 	}
 
 	@Bean
-	public FederationConfigInterface federationConfigManager(CoreConfig coreConfig) throws RemoteException {
-		return new FederationConfigManager(coreConfig);
+	public FederationConfigInterface federationConfigManager() throws RemoteException {
+		return new FederationConfigManager();
 	}
 
 	@Bean
@@ -747,11 +741,6 @@ public ContactsApi contactsApi() {
 		return new ContactsApi();
 	}
 
-	@Bean
-	public ClassificationApi classificationApi() {
-		return new ClassificationApi();
-	}
-
 	@Bean
 	public SequenceApi sequenceApi() {
 		return new SequenceApi();
@@ -792,11 +781,6 @@ public InjectionApi injectionApi() {
 		return new InjectionApi();
 	}
 
-	@Bean
-	public TokenApi oAuth2AdminApi() {
-		return new TokenApi();
-	}
-
 	@Bean
 	public CustomExceptionHandler exceptionHandler() {
 		return new CustomExceptionHandler();
@@ -840,7 +824,7 @@ public RetentionApi retentionApi() {
 	@Override
 	public void addCorsMappings(CorsRegistry registry) {
 		try {
-			if (coreConfig().getRemoteConfiguration().getNetwork().isAllowAllOrigins()) {
+			if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isAllowAllOrigins()) {
 				registry.addMapping("/**").allowedMethods("OPTIONS", "HEAD", "GET", "PUT", "POST", "DELETE", "PATCH");
 			}
 		} catch (Exception e) {
@@ -935,13 +919,13 @@ public VideoConnectionManagerV2 videoConnectionManagerV2()  {
 	}
 	
 	@Bean
-	public ContactCacheHelper contactCacheHelper(CoreConfig conf) {
+	public ContactCacheHelper contactCacheHelper() {
 		return new ContactCacheHelper();
 	}
 	
 	@Bean
-	public ExecutorSource executorSource(CoreConfig conf) {
-		return new ExecutorSource(conf);
+	public ExecutorSource executorSource() {
+		return new ExecutorSource();
 	}
 
 	@Bean
@@ -987,4 +971,8 @@ public FileManagerService fileManagerService(DataSource dataSource) {
 		return new FileManagerServiceDefaultImpl(dataSource);
 	}
 
+	@Override
+	public void configurePathMatch(PathMatchConfigurer configurer) {
+		configurer.setUseTrailingSlashMatch(true);
+	}
 }
\ No newline at end of file
diff --git a/src/takserver-core/src/main/java/tak/server/config/ApiOnlyConfiguration.java b/src/takserver-core/src/main/java/tak/server/config/ApiOnlyConfiguration.java
index 48057f38..bfad1d82 100644
--- a/src/takserver-core/src/main/java/tak/server/config/ApiOnlyConfiguration.java
+++ b/src/takserver-core/src/main/java/tak/server/config/ApiOnlyConfiguration.java
@@ -3,6 +3,8 @@
 import java.util.concurrent.Executor;
 
 import org.apache.ignite.Ignite;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
@@ -11,6 +13,7 @@
 import org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration;
 import org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.web.embedded.EmbeddedWebServerFactoryCustomizerAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.error.ErrorMvcAutoConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -25,6 +28,7 @@
 import org.springframework.web.servlet.config.annotation.AsyncSupportConfigurer;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import com.bbn.cluster.ClusterGroupDefinition;
 import com.bbn.marti.config.Auth;
 import com.bbn.marti.groups.DistributedPersistentGroupManager;
 import com.bbn.marti.groups.GroupDao;
@@ -33,7 +37,6 @@
 import com.bbn.marti.groups.LdapAuthenticator;
 import com.bbn.marti.groups.PersistentGroupDao;
 import com.bbn.marti.remote.ContactManager;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.RepeaterManager;
 import com.bbn.marti.remote.ServerInfo;
 import com.bbn.marti.remote.groups.GroupManager;
@@ -46,6 +49,7 @@
 import com.bbn.marti.util.spring.MissionRoleAssignmentRequestHolderFilterBean;
 import com.bbn.metrics.MetricsCollector;
 import com.bbn.metrics.service.DatabaseMetricsService;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 import tak.server.CommonConstants;
 import tak.server.Constants;
@@ -53,7 +57,6 @@
 import tak.server.cache.classification.ClassificationCacheHelper;
 import tak.server.cot.CotEventContainer;
 import tak.server.grid.ContactManagerProxyFactory;
-import tak.server.grid.CoreConfigProxyFactoryForAPI;
 import tak.server.grid.DistributedDatafeedCotServiceProxyFactory;
 import tak.server.grid.FederationManagerProxyFactory;
 import tak.server.grid.GroupManagerProxyFactory;
@@ -75,9 +78,11 @@
  */
 @Configuration
 @Profile({Constants.API_PROFILE_NAME})
-@SpringBootApplication(exclude = {MongoAutoConfiguration.class, MongoDataAutoConfiguration.class, ErrorMvcAutoConfiguration.class, SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class})
+@SpringBootApplication(exclude = {MongoAutoConfiguration.class, MongoDataAutoConfiguration.class, ErrorMvcAutoConfiguration.class, SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, EmbeddedWebServerFactoryCustomizerAutoConfiguration.class})
 public class ApiOnlyConfiguration implements AsyncConfigurer, WebMvcConfigurer {
 
+	private static final Logger logger = LoggerFactory.getLogger(tak.server.config.ApiOnlyConfiguration.class);
+
 	@Bean
 	public FederationManagerProxyFactory federationManagerProxyFactory() {
 		return new FederationManagerProxyFactory();
@@ -131,8 +136,8 @@ public GroupDao groupDao() {
 	}
 
 	@Bean(Constants.DISTRIBUTED_COT_MESSENGER)
-	public Messenger<CotEventContainer> messenger(Ignite ignite, SubscriptionStore subscriptionStore, ServerInfo serverInfo, MessageConverter messageConverter, CoreConfig config) {
-		return new DistributedCotMessengerForApi(ignite, subscriptionStore, serverInfo,  messageConverter, config);
+	public Messenger<CotEventContainer> messenger(Ignite ignite, SubscriptionStore subscriptionStore, ServerInfo serverInfo, MessageConverter messageConverter) {
+		return new DistributedCotMessengerForApi(ignite, subscriptionStore, serverInfo,  messageConverter);
 	}
 
 	@Bean
@@ -146,18 +151,6 @@ public ContactManagerProxyFactory contactManagerProxyFactory() {
 		return new ContactManagerProxyFactory();
 	}
 
-	// dependency injection to address Spring bean instantiation
-	@Bean
-	@Primary
-	public CoreConfig coreConfig(CoreConfigProxyFactoryForAPI coreConfigProxyFactoryForAPI) throws Exception {
-		return coreConfigProxyFactory().getObject();
-	}
-
-	@Bean
-	public CoreConfigProxyFactoryForAPI coreConfigProxyFactory() {
-		return new CoreConfigProxyFactoryForAPI();
-	}
-
 	@Bean
 	@Primary
 	public RepeaterManager repeaterManager() throws Exception {
@@ -178,8 +171,8 @@ public RepeaterManagerProxyFactory repeaterManagerProxyFactory() {
 
 	@Bean
 	@Primary
-	public ServerInfo serverInfo(Ignite ignite, CoreConfig config) throws Exception {
-		return new DistributedServerInfo(ignite, config);
+	public ServerInfo serverInfo(Ignite ignite) throws Exception {
+		return new DistributedServerInfo(ignite);
 	}
 
 	@Bean
@@ -242,8 +235,8 @@ public MissionRoleAssignmentRequestHolderFilterBean requestHolderFilterBean() {
 	}
 
     @Bean
-    public LdapAuthenticator ldapAuthenticator(CoreConfig config, GroupManager groupManager) {
-        Auth.Ldap ldapConfig = config.getRemoteConfiguration().getAuth().getLdap();
+    public LdapAuthenticator ldapAuthenticator(GroupManager groupManager) {
+        Auth.Ldap ldapConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getLdap();
 
         if (ldapConfig == null) {
             return null;
diff --git a/src/takserver-core/src/main/java/tak/server/config/ConfigServiceConfiguration.java b/src/takserver-core/src/main/java/tak/server/config/ConfigServiceConfiguration.java
new file mode 100644
index 00000000..23d4d0d8
--- /dev/null
+++ b/src/takserver-core/src/main/java/tak/server/config/ConfigServiceConfiguration.java
@@ -0,0 +1,110 @@
+package tak.server.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import tak.server.util.ActiveProfiles;
+import com.google.common.base.Strings;
+import org.apache.ignite.Ignite;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.data.jpa.JpaRepositoriesAutoConfiguration;
+import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
+import org.springframework.cloud.aws.context.support.env.AwsCloudEnvironmentCheckUtils;
+
+import com.bbn.cluster.ClusterGroupDefinition;
+import com.bbn.marti.remote.config.DistributedConfiguration;
+import com.bbn.marti.remote.config.LocalConfiguration;
+
+import tak.server.Constants;
+import tak.server.ignite.IgniteHolder;
+
+import java.util.Properties;
+import java.util.UUID;
+
+
+@Configuration
+@Profile(Constants.CONFIG_PROFILE_NAME)
+@SpringBootApplication(exclude = {HibernateJpaAutoConfiguration.class, JpaRepositoriesAutoConfiguration.class})
+public class ConfigServiceConfiguration {
+
+	private static final Logger logger = LoggerFactory.getLogger(ConfigServiceConfiguration.class);
+
+	@Bean
+	public LocalConfiguration getLocalConfiguration() {
+		if (logger.isDebugEnabled()) {
+			logger.debug("Setting up local and ignite configuration.");
+		}
+		return LocalConfiguration.getInstance();
+	}
+
+	@Bean
+	Ignite ignite() {
+		if (logger.isDebugEnabled()) {
+			logger.debug("Starting ignite.");
+		}
+		return IgniteHolder.getInstance().getIgnite();
+	}
+	@Bean(Constants.DISTRIBUTED_CONFIGURATION)
+	public DistributedConfiguration getDistributedConfiguration(Ignite ignite) {
+		if (logger.isDebugEnabled()) {
+			logger.debug("Setting up distributed configuration.");
+		}
+		DistributedConfiguration distributedConfiguration = DistributedConfiguration.getInstance();
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("Adding distributed configuration to ignite");
+		}
+		ignite.services(ClusterGroupDefinition.getConfigClusterDeploymentGroup(ignite)).deployNodeSingleton(
+				Constants.DISTRIBUTED_CONFIGURATION, distributedConfiguration);
+
+		return distributedConfiguration;
+	}
+
+	public static void setInitialAppProps(SpringApplication application){
+		Properties properties = new Properties();
+		LocalConfiguration config = LocalConfiguration.getInstance();
+
+		if (config.getConfiguration().getNetwork().isCloudwatchEnable()) {
+			String serverName = config.getConfiguration().getNetwork().getCloudwatchName();
+			if (Strings.isNullOrEmpty(serverName)) {
+				serverName = config.getConfiguration().getNetwork().getServerId();
+			}
+
+			if (Strings.isNullOrEmpty(serverName)) {
+				serverName = UUID.randomUUID().toString();
+			}
+
+			String fullNamespace = config.getConfiguration().getNetwork().getCloudwatchNamespace() + "-" + serverName + "-" + (ActiveProfiles.getInstance().isMessagingProfileActive() ? "messaging" : "api");
+
+			properties.put("management.metrics.export.cloudwatch.namespace", fullNamespace);
+
+			logger.info("AWS CloudWatch metrics namespace: " + fullNamespace);
+
+			properties.put("management.metrics.export.cloudwatch.batchSize", config.getConfiguration().getNetwork().getCloudwatchMetricsBatchSize());
+
+		} else {
+			properties.put("cloud.aws.region.auto", false);
+			properties.put("cloud.aws.region.static", "us-east-1");
+		}
+
+		properties.put("cloud.aws.stack.auto", false); // make this configurable?
+
+		if (!config.getConfiguration().getNetwork().isCloudwatchEnable()) {
+			AwsCloudEnvironmentCheckUtils.setIsCloudEnvironment(false);
+		}
+
+		try {
+			properties.put("takserver.iconsets.dir", config.getConfiguration().getRepository().getIconsetDir());
+		} catch (Exception e) {
+			logger.warn("exception setting iconset directory location option from CoreConfig", e);
+		}
+
+		application.setDefaultProperties(properties);
+	}
+
+}
\ No newline at end of file
diff --git a/src/takserver-core/src/main/java/tak/server/config/DistributedSystemInfoApi.java b/src/takserver-core/src/main/java/tak/server/config/DistributedSystemInfoApi.java
index f7a08b16..f7b10d0e 100644
--- a/src/takserver-core/src/main/java/tak/server/config/DistributedSystemInfoApi.java
+++ b/src/takserver-core/src/main/java/tak/server/config/DistributedSystemInfoApi.java
@@ -5,8 +5,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.bbn.marti.service.DistributedConfiguration;
-
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.plugins.SystemInfoApi;
 
 /**
@@ -40,7 +39,7 @@ public void execute(ServiceContext ctx) throws Exception {
 	@Override
 	public String getTAKServerUrl() {
 		try {
-			return DistributedConfiguration.getInstance()
+			return CoreConfigFacade.getInstance()
 					.getRemoteConfiguration().getFederation().getFederationServer().getWebBaseUrl();
 		} catch (Exception e) {
 			return null;
diff --git a/src/takserver-core/src/main/java/tak/server/config/MessagingConfiguration.java b/src/takserver-core/src/main/java/tak/server/config/MessagingConfiguration.java
index 42e380e3..0f88cf9e 100644
--- a/src/takserver-core/src/main/java/tak/server/config/MessagingConfiguration.java
+++ b/src/takserver-core/src/main/java/tak/server/config/MessagingConfiguration.java
@@ -4,11 +4,16 @@
 import java.rmi.RemoteException;
 import java.util.List;
 
-import javax.servlet.ServletContext;
+import jakarta.servlet.ServletContext;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import io.awspring.cloud.autoconfigure.context.properties.AwsS3ResourceLoaderProperties;
+import io.awspring.cloud.autoconfigure.metrics.CloudWatchExportAutoConfiguration;
 
 import org.apache.ignite.Ignite;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.actuate.autoconfigure.metrics.MetricsAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.metrics.MetricsEndpointAutoConfiguration;
 import org.springframework.boot.actuate.metrics.MetricsEndpoint;
@@ -56,7 +61,6 @@
 import com.bbn.marti.nio.netty.NioNettyBuilder;
 import com.bbn.marti.nio.server.NioServer;
 import com.bbn.marti.remote.ContactManager;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.DataFeedCotService;
 import com.bbn.marti.remote.FederationManager;
 import com.bbn.marti.remote.ServerInfo;
@@ -70,10 +74,8 @@
 import com.bbn.marti.repeater.DistributedRepeaterManager;
 import com.bbn.marti.repeater.RepeaterStore;
 import com.bbn.marti.service.BrokerService;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.DistributedContactManager;
 import com.bbn.marti.service.DistributedSubscriptionManager;
-import com.bbn.marti.service.LocalConfiguration;
 import com.bbn.marti.service.MessagingInitializer;
 import com.bbn.marti.service.MissionPackageExtractor;
 import com.bbn.marti.service.PluginStore;
@@ -87,7 +89,6 @@
 import com.bbn.marti.sync.federation.FederationROLHandler;
 import com.bbn.marti.sync.federation.MissionActionROLConverter;
 import com.bbn.marti.sync.repository.DataFeedRepository;
-import com.bbn.marti.sync.repository.FederationEventRepository;
 import com.bbn.marti.sync.service.DistributedDataFeedCotService;
 import com.bbn.marti.sync.service.MissionService;
 import com.bbn.marti.util.MessageConversionUtil;
@@ -99,10 +100,7 @@
 import com.bbn.metrics.service.DatabaseMetricsService;
 import com.bbn.metrics.service.NetworkMetricsService;
 import com.bbn.metrics.service.QueueMetricsService;
-import com.fasterxml.jackson.databind.ObjectMapper;
 
-import io.awspring.cloud.autoconfigure.context.properties.AwsS3ResourceLoaderProperties;
-import io.awspring.cloud.autoconfigure.metrics.CloudWatchExportAutoConfiguration;
 import tak.server.Constants;
 import tak.server.cache.ActiveGroupCacheHelper;
 import tak.server.cache.classification.ClassificationCacheHelper;
@@ -118,7 +116,6 @@
 import tak.server.federation.FederationServer;
 import tak.server.federation.MissionDisruptionManager;
 import tak.server.federation.TakFigClient;
-import tak.server.grid.CoreConfigProxyFactoryForMessaging;
 import tak.server.messaging.DistributedCotMessenger;
 import tak.server.messaging.DistributedPluginApi;
 import tak.server.messaging.DistributedPluginDataFeedApi;
@@ -136,7 +133,6 @@
 import tak.server.qos.MessageDeliveryStrategy;
 import tak.server.qos.MessageReadStrategy;
 import tak.server.qos.QoSManager;
-
 /*
  * services that are only used in separate messaging process, and monolith
  */
@@ -149,19 +145,13 @@ public class MessagingConfiguration {
 	@Autowired
 	ServletContext servletContext;
 
-	@Order(Ordered.HIGHEST_PRECEDENCE)
-	@Bean
-	public LocalConfiguration localConfiguration() {
-		return LocalConfiguration.getInstance();
-	}
-
 	@Bean
 	public SubmissionService submissionService(DistributedFederationManager dfm, NioNettyBuilder nb, MessagingUtilImpl mui, NioServer ns, GroupManager gm,
 											   ScrubInvalidValues siv, MessageConversionUtil mcu, GroupFederationUtil gfu, InjectionManager im, RepositoryService rs, Ignite ig, SubscriptionManager sm,
-											   SubscriptionStore ss, FlowTagFilter flowTag, ContactManager contactManager, ServerInfo serverInfo, @Qualifier(Constants.MESSAGING_CORE_CONFIG_PROXY_BEAN) CoreConfig coreConfig,
+											   SubscriptionStore ss, FlowTagFilter flowTag, ContactManager contactManager, ServerInfo serverInfo,
 											   MessageConverter messageConverter, ActiveGroupCacheHelper activeGroupCacheHelper, RemoteUtil remoteUtil, DataFeedRepository dfr) {
 
-		return new SubmissionService(dfm, nb, mui, ns, gm, siv, mcu, gfu, im, rs, ig, sm, ss, flowTag, contactManager, serverInfo, coreConfig, messageConverter, activeGroupCacheHelper, remoteUtil, dfr);
+		return new SubmissionService(dfm, nb, mui, ns, gm, siv, mcu, gfu, im, rs, ig, sm, ss, flowTag, contactManager, serverInfo, messageConverter, activeGroupCacheHelper, remoteUtil, dfr);
 	}
 
 	@Bean
@@ -170,19 +160,15 @@ public BrokerService brokerService() {
 	}
 
 	@Bean
-	public RepeaterService repeaterService(CoreConfig coreConfig, BrokerService brokerService, GroupManager groupManager, DistributedRepeaterManager repeaterManager) {
-		return new RepeaterService(coreConfig, brokerService, groupManager, repeaterManager);
+	public RepeaterService repeaterService(BrokerService brokerService, GroupManager groupManager, DistributedRepeaterManager repeaterManager) {
+		return new RepeaterService(brokerService, groupManager, repeaterManager);
 	}
 
 	@Order(Ordered.LOWEST_PRECEDENCE)
 	@Bean
 	public DistributedFederationManager distributedFederationManager(
-			Ignite ignite,
-			CoreConfig coreConfig,
-			CoreConfigProxyFactoryForMessaging coreConfigProxy,
-			DistributedConfiguration distConf,
-			FederationEventRepository federationEventRepository) throws RemoteException {
-		DistributedFederationManager distributedFederationManager = new DistributedFederationManager(ignite, coreConfig);
+			Ignite ignite) throws RemoteException {
+		DistributedFederationManager distributedFederationManager = new DistributedFederationManager(ignite);
 		ignite.services(ClusterGroupDefinition.getMessagingClusterDeploymentGroup(ignite)).deployNodeSingleton(Constants.DISTRIBUTED_FEDERATION_MANAGER, distributedFederationManager);
 		return distributedFederationManager;
 	}
@@ -227,8 +213,8 @@ public FederationServer federationServer() {
 	}
 
 	@Bean(Constants.DISTRIBUTED_COT_MESSENGER)
-	public Messenger<CotEventContainer> distributedCotMessenger(Ignite ignite, SubscriptionStore subscriptionStore, ServerInfo serverInfo, MessageConverter messageConverter, SubmissionService submissionService, CoreConfig config) {
-		return new DistributedCotMessenger(ignite, subscriptionStore, serverInfo,  messageConverter, submissionService, config);
+	public Messenger<CotEventContainer> distributedCotMessenger(Ignite ignite, SubscriptionStore subscriptionStore, ServerInfo serverInfo, MessageConverter messageConverter, SubmissionService submissionService) {
+		return new DistributedCotMessenger(ignite, subscriptionStore, serverInfo,  messageConverter, submissionService);
 	}
 
 	@Bean(Constants.DISTRIBUTED_TAK_MESSENGER)
@@ -362,14 +348,6 @@ public ScrubInvalidValues scrubInvalidValues() {
 		return new ScrubInvalidValues();
 	}
 
-	@Bean
-	public DistributedConfiguration coreConfig(Ignite ignite) {
-		DistributedConfiguration distributedConfiguration = DistributedConfiguration.getInstance();
-		ignite.services(ClusterGroupDefinition.getMessagingClusterDeploymentGroup(ignite)).deployNodeSingleton(Constants.DISTRIBUTED_CONFIGURATION, distributedConfiguration);
-		
-		return distributedConfiguration;
-	}
-
 	@Bean
 	public com.bbn.marti.util.MessageConversionUtil coreMessagingUtil() {
 		return new com.bbn.marti.util.MessageConversionUtil();
@@ -390,8 +368,8 @@ public ContactManager contactManager(Ignite ignite) {
 	}
 
 	@Bean
-	public FederationROLHandler federationROLHandler(MissionService missionService, EnterpriseSyncService syncService, RemoteUtil remoteUtil, CoreConfig coreConfig, DataFeedRepository dataFeedRepository) throws RemoteException {
-		return new FederationROLHandler(missionService, syncService, remoteUtil, coreConfig, dataFeedRepository);
+	public FederationROLHandler federationROLHandler(MissionService missionService, EnterpriseSyncService syncService, RemoteUtil remoteUtil, DataFeedRepository dataFeedRepository) throws RemoteException {
+		return new FederationROLHandler(missionService, syncService, remoteUtil, dataFeedRepository);
 	}
 
 	@Bean
@@ -410,8 +388,8 @@ public RepeaterStore repeaterStore() {
 	// TODO: handle this for cluster
 	@Bean
 	@Primary
-	public ServerInfo serverInfo(Ignite ignite, CoreConfig config) {
-		DistributedServerInfo distributedServerInfo =  new DistributedServerInfo(ignite, config);
+	public ServerInfo serverInfo(Ignite ignite) {
+		DistributedServerInfo distributedServerInfo =  new DistributedServerInfo(ignite);
 		ignite.services(ClusterGroupDefinition.getMessagingClusterDeploymentGroup(ignite)).deployNodeSingleton(Constants.DISTRIBUTED_SERVER_INFO, distributedServerInfo);
 
 		ignite.services(ClusterGroupDefinition.getMessagingLocalClusterDeploymentGroup(ignite)).serviceProxy(Constants.DISTRIBUTED_SERVER_INFO, ServerInfo.class, false);
@@ -485,12 +463,6 @@ public MessagingUtilImpl messagingUtil() {
 		return new MessagingUtilImpl();
 	}
 
-	@Bean(Constants.MESSAGING_CORE_CONFIG_PROXY_BEAN)
-	@Primary
-	public CoreConfigProxyFactoryForMessaging coreConfigProxyFactory() {
-	    return new CoreConfigProxyFactoryForMessaging();
-	}
-	
 	@Bean
 	InjectionManager injectionManager(GroupFederationUtil groupFederationUtil) {
 		return new InjectionManager(groupFederationUtil);
@@ -620,7 +592,7 @@ public DataFeedCotService distributedDataFeedCotService(Ignite ignite) {
 	}
 	
 	@Bean
-	public DataFeedCotCacheHelper dataFeedCotCacheHelper(CoreConfig config) {
+	public DataFeedCotCacheHelper dataFeedCotCacheHelper() {
 		return new DataFeedCotCacheHelper();
 	}
 }
diff --git a/src/takserver-core/src/main/java/tak/server/config/MessagingOnlyConfiguration.java b/src/takserver-core/src/main/java/tak/server/config/MessagingOnlyConfiguration.java
index 642ad805..ec04135f 100644
--- a/src/takserver-core/src/main/java/tak/server/config/MessagingOnlyConfiguration.java
+++ b/src/takserver-core/src/main/java/tak/server/config/MessagingOnlyConfiguration.java
@@ -9,21 +9,22 @@
 import java.util.Map;
 import java.util.Set;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterRegistration;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.Servlet;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRegistration;
-import javax.servlet.SessionCookieConfig;
-import javax.servlet.SessionTrackingMode;
-import javax.servlet.ServletRegistration.Dynamic;
-import javax.servlet.descriptor.JspConfigDescriptor;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterRegistration;
+import jakarta.servlet.RequestDispatcher;
+import jakarta.servlet.Servlet;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRegistration;
+import jakarta.servlet.SessionCookieConfig;
+import jakarta.servlet.SessionTrackingMode;
+import jakarta.servlet.ServletRegistration.Dynamic;
+import jakarta.servlet.descriptor.JspConfigDescriptor;
 
 import org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.web.embedded.EmbeddedWebServerFactoryCustomizerAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
 import org.springframework.boot.autoconfigure.websocket.servlet.WebSocketMessagingAutoConfiguration;
 import org.springframework.boot.autoconfigure.websocket.servlet.WebSocketServletAutoConfiguration;
@@ -46,7 +47,7 @@
  * services that are only used in separate messaging process
  */
 @Configuration
-@EnableAutoConfiguration(exclude = {WebMvcAutoConfiguration.class, WebSocketMessagingAutoConfiguration.class, WebSocketServletAutoConfiguration.class, SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class})
+@EnableAutoConfiguration(exclude = {WebMvcAutoConfiguration.class, WebSocketMessagingAutoConfiguration.class, WebSocketServletAutoConfiguration.class, SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, EmbeddedWebServerFactoryCustomizerAutoConfiguration.class})
 @Profile({Constants.MESSAGING_PROFILE_NAME})
 public class MessagingOnlyConfiguration {
 
@@ -142,26 +143,26 @@ public RequestDispatcher getNamedDispatcher(String name) {
 				return null;
 			}
 
-			@Override
-			public Servlet getServlet(String name) throws ServletException {
-				return null;
-			}
-
-			@Override
-			public Enumeration<Servlet> getServlets() {
-				return null;
-			}
-
-			@Override
-			public Enumeration<String> getServletNames() {
-				return null;
-			}
+//			@Override
+//			public Servlet getServlet(String name) throws ServletException {
+//				return null;
+//			}
+//
+//			@Override
+//			public Enumeration<Servlet> getServlets() {
+//				return null;
+//			}
+//
+//			@Override
+//			public Enumeration<String> getServletNames() {
+//				return null;
+//			}
 
 			@Override
 			public void log(String msg) { }
 
-			@Override
-			public void log(Exception exception, String msg) { }
+//			@Override
+//			public void log(Exception exception, String msg) { }
 
 			@Override
 			public void log(String message, Throwable throwable) { }
@@ -248,17 +249,17 @@ public ServletRegistration getServletRegistration(String servletName) {
 			}
 
 			@Override
-			public javax.servlet.FilterRegistration.Dynamic addFilter(String filterName, String className) {
+			public jakarta.servlet.FilterRegistration.Dynamic addFilter(String filterName, String className) {
 				return null;
 			}
 
 			@Override
-			public javax.servlet.FilterRegistration.Dynamic addFilter(String filterName, Filter filter) {
+			public jakarta.servlet.FilterRegistration.Dynamic addFilter(String filterName, Filter filter) {
 				return null;
 			}
 
 			@Override
-			public javax.servlet.FilterRegistration.Dynamic addFilter(String filterName, Class<? extends Filter> filterClass) {
+			public jakarta.servlet.FilterRegistration.Dynamic addFilter(String filterName, Class<? extends Filter> filterClass) {
 
 				return null;
 			}
diff --git a/src/takserver-core/src/main/java/tak/server/config/RequestContextConfig.java b/src/takserver-core/src/main/java/tak/server/config/RequestContextConfig.java
index 2efa3413..368bf260 100644
--- a/src/takserver-core/src/main/java/tak/server/config/RequestContextConfig.java
+++ b/src/takserver-core/src/main/java/tak/server/config/RequestContextConfig.java
@@ -1,6 +1,6 @@
 package tak.server.config;
 
-import javax.servlet.annotation.WebListener;
+import jakarta.servlet.annotation.WebListener;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
diff --git a/src/takserver-core/src/main/java/tak/server/config/WebSocketConfiguration.java b/src/takserver-core/src/main/java/tak/server/config/WebSocketConfiguration.java
index 65a11cc9..dc8a76a9 100644
--- a/src/takserver-core/src/main/java/tak/server/config/WebSocketConfiguration.java
+++ b/src/takserver-core/src/main/java/tak/server/config/WebSocketConfiguration.java
@@ -3,6 +3,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import com.google.common.base.Strings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Bean;
@@ -30,7 +32,6 @@
 
 import com.bbn.marti.nio.websockets.BinaryPayloadWebSocketHandler;
 import com.bbn.marti.nio.websockets.TakProtoWebSocketHandler;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.Resources;
 
 import tak.server.Constants;
@@ -42,8 +43,6 @@
 public class WebSocketConfiguration implements WebSocketConfigurer, WebSocketMessageBrokerConfigurer {
 	private static final Logger logger = LoggerFactory.getLogger(WebSocketConfiguration.class);
 
-	private DistributedConfiguration config = DistributedConfiguration.getInstance();
-
 	public void registerWebSocketHandlers(WebSocketHandlerRegistry registry) {
 
 		WebSocketHandlerRegistration takProtoHandler = registry.addHandler(new TakProtoWebSocketHandler(), "/takproto/1");
@@ -52,7 +51,11 @@ public void registerWebSocketHandlers(WebSocketHandlerRegistry registry) {
         		.addHandler(new BinaryPayloadWebSocketHandler(), "/payload/1/*")
         		.addInterceptors(auctionInterceptor());
 
-		if(config.getRemoteConfiguration().getNetwork().isAllowAllOrigins()) {
+        String allowedOrigins = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getAllowOrigins();
+        if (!Strings.isNullOrEmpty(allowedOrigins)) {
+            takProtoHandler.setAllowedOrigins(allowedOrigins);
+            binaryPayloadHandler.setAllowedOrigins(allowedOrigins);
+        } else if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isAllowAllOrigins()) {
             takProtoHandler.setAllowedOrigins("*");
             binaryPayloadHandler.setAllowedOrigins("*");
 		}
@@ -93,7 +96,7 @@ public void configureClientInboundChannel(ChannelRegistration registration) {
     
     @Override
 	public void configureWebSocketTransport(WebSocketTransportRegistration registry) {
-    	registry.setSendBufferSizeLimit(DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketSendBufferSizeLimit());
+    	registry.setSendBufferSizeLimit(CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketSendBufferSizeLimit());
 	}
 
 	@Override
@@ -104,12 +107,12 @@ public void configureClientOutboundChannel(ChannelRegistration registration) {
     @Bean
     public ServletServerContainerFactoryBean createWebSocketContainer() {
         ServletServerContainerFactoryBean container = new ServletServerContainerFactoryBean();
-        container.setMaxBinaryMessageBufferSize(DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketMaxBinaryMessageBufferSize());
-        container.setMaxTextMessageBufferSize(DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketMaxBinaryMessageBufferSize());
+        container.setMaxBinaryMessageBufferSize(CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketMaxBinaryMessageBufferSize());
+        container.setMaxTextMessageBufferSize(CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketMaxBinaryMessageBufferSize());
         
         // negative value for maxSessionIdTimeout will use default
-        if (DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketMaxSessionIdleTimeout() > 0) {
-        	container.setMaxSessionIdleTimeout(DistributedConfiguration.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketMaxSessionIdleTimeout());
+        if (CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketMaxSessionIdleTimeout() > 0) {
+        	container.setMaxSessionIdleTimeout(CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getWebsocketMaxSessionIdleTimeout());
         }
         
         return container;
diff --git a/src/takserver-core/src/main/java/tak/server/config/websocket/SocketAuthHandshakeInterceptor.java b/src/takserver-core/src/main/java/tak/server/config/websocket/SocketAuthHandshakeInterceptor.java
index 736da4a0..ae056183 100644
--- a/src/takserver-core/src/main/java/tak/server/config/websocket/SocketAuthHandshakeInterceptor.java
+++ b/src/takserver-core/src/main/java/tak/server/config/websocket/SocketAuthHandshakeInterceptor.java
@@ -3,7 +3,7 @@
 import java.security.cert.X509Certificate;
 import java.util.Map;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/src/main/java/tak/server/federation/DistributedFederationManager.java b/src/takserver-core/src/main/java/tak/server/federation/DistributedFederationManager.java
index d6d2e144..d05f2665 100644
--- a/src/takserver-core/src/main/java/tak/server/federation/DistributedFederationManager.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/DistributedFederationManager.java
@@ -61,6 +61,7 @@
 import com.atakmap.Tak.ROL;
 import com.bbn.cluster.ClusterGroupDefinition;
 import com.bbn.cot.filter.GeospatialEventFilter;
+import com.bbn.marti.config.Configuration;
 import com.bbn.marti.config.Federation;
 import com.bbn.marti.config.Federation.Federate;
 import com.bbn.marti.config.Federation.Federate.Mission;
@@ -82,9 +83,9 @@
 import com.bbn.marti.nio.util.CodecSource;
 import com.bbn.marti.remote.ConnectionStatus;
 import com.bbn.marti.remote.ConnectionStatusValue;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.FederationManager;
 import com.bbn.marti.remote.RemoteContact;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.remote.exception.DuplicateFederateException;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.groups.ConnectionInfo;
@@ -94,7 +95,7 @@
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.RemoteUtil;
-import com.bbn.marti.service.DistributedConfiguration;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.bbn.marti.service.DistributedSubscriptionManager;
 import com.bbn.marti.service.FederatedSubscriptionManager;
 import com.bbn.marti.service.Resources;
@@ -103,7 +104,6 @@
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.util.MessageConversionUtil;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
 import com.bbn.roger.fig.FederationUtils;
 import com.google.common.base.Splitter;
 import com.google.common.base.Strings;
@@ -128,14 +128,6 @@ public class DistributedFederationManager implements FederationManager, Service
 	private static final long serialVersionUID = -8858646520017672442L;
 	private static final String OUTGOING_DELETED_FROM_UI = "Outgoing deleted from UI";
 
-	public DistributedFederationManager(Ignite ignite, CoreConfig coreConfig) {
-		this.coreConfig = DistributedConfiguration.getInstance();
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("DistributedFederationManager constructor. coreConfig: " + coreConfig);
-		}
-	}
-
 	private static AtomicBoolean outgoingsInitiated = new AtomicBoolean();
 
 	private static final Logger logger = LoggerFactory.getLogger(DistributedFederationManager.class);
@@ -144,14 +136,19 @@ public DistributedFederationManager(Ignite ignite, CoreConfig coreConfig) {
 
 	private static final String SSL_TRUSTSTORE_KEY = "fed-ssl-truststore";
 
-	private CoreConfig coreConfig;
-
 	private final AtomicReference<Messenger<CotEventContainer>> cotMessenger = new AtomicReference<>();
 
 	private final AtomicInteger counter = new AtomicInteger();
 
 	private ContinuousQuery<String, SSLConfig> continuousTrustStoreQuery = new ContinuousQuery<>();
-	
+
+    public DistributedFederationManager(Ignite ignite) {
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("DistributedFederationManager constructor.");
+        }
+    }
+    
 	@SuppressWarnings("unchecked")
 	private Messenger<CotEventContainer> messenger() {
 		if (cotMessenger.get() == null) {
@@ -193,28 +190,20 @@ public void cancel(ServiceContext ctx) {
 
 	@Override
 	public void init(ServiceContext ctx) throws Exception {
+
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
 		if (logger.isDebugEnabled()) {
 			logger.debug("init method DistributedFederationManager");
 		}
 
 		// This occurs in WebSocketTest
-		if (coreConfig == null || coreConfig.getRemoteConfiguration() == null
-				|| coreConfig.getRemoteConfiguration().getFederation() == null) {
+		if (config == null || config.getFederation() == null) {
 			return;
 		}
 
 		getSSLCache().putIfAbsent(SSL_TRUSTSTORE_KEY,
-				SSLConfig.getInstance(coreConfig.getRemoteConfiguration().getFederation().getFederationServer().getTls()));
-
-		continuousTrustStoreQuery.setLocalListener((evts) -> {
-   	    	saveTruststoreFile();
-			// reload the trust store from disk, and
-   	    	Tls tlsConfig = coreConfig.getRemoteConfiguration().getFederation().getFederationServer().getTls();
-   	    	tak.server.federation.FederationServer.refreshServer();
-			SSLConfig.getInstance(tlsConfig).refresh();
-     	 });
-
-		getSSLCache().query(continuousTrustStoreQuery);
+				SSLConfig.getInstance(config.getFederation().getFederationServer().getTls()));
 	}
 
 	@Override
@@ -242,7 +231,8 @@ public int incrementAndGetCounter() {
 
 	// start or restart the federation server
 	private void startListening() {
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+		Federation fedConfig = config.getFederation();
 
 		if (fedConfig.getFederationServer().getFederationPort().isEmpty()) { // this will update old CoreConfig to the new format
 			if (logger.isDebugEnabled()) {
@@ -256,7 +246,7 @@ private void startListening() {
 			fedConfig.getFederationServer().getFederationPort().add(p);
 
 			try {
-				coreConfig.setAndSaveFederation(fedConfig);
+				CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 			} catch (Exception e) {
 				logger.warn("exception trying to update CoreConfig.xml to new format." + e.getMessage(), e);
 			}
@@ -272,13 +262,13 @@ private void startListening() {
 
 	@EventListener({ ContextRefreshedEvent.class })
 	private void onContextRefreshed() {
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 		// This occurs in WebSocketTest
-		if (coreConfig == null || coreConfig.getRemoteConfiguration() == null
-				|| coreConfig.getRemoteConfiguration().getFederation() == null) {
+		if (config == null	|| config.getFederation() == null) {
 			return;
 		}
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		if (!fedConfig.isEnableFederation()) {
 
@@ -309,7 +299,7 @@ private void onContextRefreshed() {
 			logger.warn("FAIL" + e);
 		}
 
-		if (DistributedConfiguration.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster().isEnabled()) {
 			setupIgniteListeners();
 		}
 		
@@ -330,8 +320,9 @@ private void initiateAllOutgoing() {
 			// temporary set to check outgoing name uniqueness
 			Set<String> names = new HashSet<>();
 			Set<String> hostports = new HashSet<>();
+			Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
-			for (FederationOutgoing outgoing : coreConfig.getRemoteConfiguration().getFederation().getFederationOutgoing()) {
+			for (FederationOutgoing outgoing : config.getFederation().getFederationOutgoing()) {
 				// validate configuration
 				if (names.contains(outgoing.getDisplayName().toLowerCase())) {
 					throw new DuplicateFederateException("invalid configuration: multiple outgoing federates named " + outgoing.getDisplayName());
@@ -368,11 +359,11 @@ private void initiateAllOutgoing() {
 		}
 	}
 
-	private IgniteCache<String, SSLConfig>  sslCache = null;
+	private Map<String, SSLConfig>  sslCache = new ConcurrentHashMap<>();
 
-	private IgniteCache<String, SSLConfig> getSSLCache() {
+	private Map<String, SSLConfig> getSSLCache() {
 		if (sslCache == null) {
-			sslCache = IgniteHolder.getInstance().getIgnite().getOrCreateCache("sslCache");
+			sslCache = new ConcurrentHashMap<>();
 		}
 
 		return sslCache;
@@ -415,11 +406,9 @@ public boolean apply(DiscoveryEvent event) {
 						Ignite ignite = IgniteHolder.getInstance().getIgnite();
 						// if the orphaned node is null - no other node has handled this event - so lets do it here.
 						if (handlingNodeId == null) {
-
+							Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 							// TODO: check usage of forClients() below - is this only for cluster?
-							DistributedConfiguration.getInstance()
-								.getRemoteConfiguration()
-								.getFederation()
+							config.getFederation()
 								.getFederationOutgoing()
 								.stream()
 								.filter(o -> o.isEnabled())
@@ -476,8 +465,8 @@ private synchronized boolean initiateOutgoing(@NotNull FederationOutgoing outgoi
 	}
 
 	private void disableAllOutgoing() {
-		for (FederationOutgoing outgoing : coreConfig.getRemoteConfiguration()
-				.getFederation()
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+		for (FederationOutgoing outgoing : config.getFederation()
 				.getFederationOutgoing()) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("disabling outgoing connection: " + outgoing.getDisplayName());
@@ -488,7 +477,7 @@ private void disableAllOutgoing() {
 
 	@Override
 	public List<Federate> getAllFederates() {
-		return coreConfig.getRemoteConfiguration().getFederation().getFederate();
+		return CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederate();
 	}
 
 	/*
@@ -496,12 +485,12 @@ public List<Federate> getAllFederates() {
 	 *
 	 */
 	public void addFederateToConfig(@NotNull Federate federate) {
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		fedConfig.getFederate().add(federate);
 
 		try {
-			coreConfig.setAndSaveFederation(fedConfig);
+			CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("Remote Exception saving federate config", e);
@@ -511,7 +500,7 @@ public void addFederateToConfig(@NotNull Federate federate) {
 
 	@Override
 	public Federate getFederate(String federateUID) {
-		List<Federate> federates = coreConfig.getRemoteConfiguration().getFederation().getFederate();
+		List<Federate> federates = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederate();
 		for (Federate f : federates) {
 			if (f != null && f.getId() != null && f.getId().equals(federateUID)) {
 				return f;
@@ -522,7 +511,7 @@ public Federate getFederate(String federateUID) {
 
 	@Override
 	public List<String> getGroupsInbound(String federateUID) {
-		List<Federate> federates = coreConfig.getRemoteConfiguration().getFederation().getFederate();
+		List<Federate> federates = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederate();
 		for (Federate f : federates) {
 			if (f.getId().compareTo(federateUID) == 0) {
 				return f.getInboundGroup();
@@ -533,7 +522,7 @@ public List<String> getGroupsInbound(String federateUID) {
 
 	@Override
 	public Multimap<String, String> getInboundGroupMap(@NotNull String federateUID) {
-		List<Federate> federates = coreConfig.getRemoteConfiguration().getFederation().getFederate();
+		List<Federate> federates = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederate();
 		SortedSetMultimap<String, String> inboundMap = TreeMultimap.create();
 		for (Federate f : federates) {
 			if (f.getId().compareTo(federateUID) == 0) {
@@ -558,7 +547,7 @@ public Multimap<String, String> getInboundGroupMap(@NotNull String federateUID)
 
 	@Override
 	public List<String> getGroupsOutbound(String federateUID) {
-		List<Federate> federates = coreConfig.getRemoteConfiguration().getFederation().getFederate();
+		List<Federate> federates = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederate();
 		for (Federate f : federates) {
 			if (f.getId().compareTo(federateUID) == 0) {
 				return f.getOutboundGroup();
@@ -583,7 +572,7 @@ public List<String> getFederateRemoteGroups(String federateUID) {
 
 	@Override
 	public List<String> getCAGroupsInbound(String caID) {
-		List<Federation.FederateCA> federateCAs = coreConfig.getRemoteConfiguration().getFederation().getFederateCA();
+		List<Federation.FederateCA> federateCAs = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederateCA();
 		for (Federation.FederateCA ca : federateCAs) {
 			if (ca.getFingerprint().compareTo(caID) == 0) {
 				return ca.getInboundGroup();
@@ -594,7 +583,7 @@ public List<String> getCAGroupsInbound(String caID) {
 
 	@Override
 	public List<String> getCAGroupsOutbound(@NotNull String caID) {
-		List<Federation.FederateCA> federateCAs = coreConfig.getRemoteConfiguration().getFederation().getFederateCA();
+		List<Federation.FederateCA> federateCAs = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederateCA();
 		for (Federation.FederateCA ca : federateCAs) {
 			if (ca.getFingerprint().compareTo(caID) == 0) {
 				return ca.getOutboundGroup();
@@ -605,7 +594,7 @@ public List<String> getCAGroupsOutbound(@NotNull String caID) {
 
 	@Override
 	public int getCAMaxHops(@NotNull String caID) {
-		List<Federation.FederateCA> federateCAs = coreConfig.getRemoteConfiguration().getFederation().getFederateCA();
+		List<Federation.FederateCA> federateCAs = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederateCA();
 		for (Federation.FederateCA ca : federateCAs) {
 			if (ca.getFingerprint().compareTo(caID) == 0) {
 				return ca.getMaxHops();
@@ -617,7 +606,7 @@ public int getCAMaxHops(@NotNull String caID) {
 	@Override
 	public void addFederateToGroupsInbound(String federateUID, Set<String> localGroupNames) {
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		List<Federate> federates = fedConfig.getFederate();
 		
@@ -644,8 +633,8 @@ public void addFederateToGroupsInbound(String federateUID, Set<String> localGrou
 		} catch (Exception e) {
 			logger.warn("error updating federation user group config", e);
 		}
-		
-		coreConfig.setAndSaveFederation(fedConfig);
+
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 
 		clusterAddFederateUsersToGroups(federateUID, localGroupNames, Direction.IN, true);
 	}
@@ -653,7 +642,7 @@ public void addFederateToGroupsInbound(String federateUID, Set<String> localGrou
 	@Override
 	public void addFederateToGroupsOutbound(String federateUID, Set<String> localGroupNames) {
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		List<Federate> federates = fedConfig.getFederate();
 		
@@ -683,7 +672,7 @@ public void addFederateToGroupsOutbound(String federateUID, Set<String> localGro
 		
 		updateFederateGroups(federateConfig);
 
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 
 		clusterAddFederateUsersToGroups(federateUID, localGroupNames, Direction.OUT, true);
 	}
@@ -735,7 +724,7 @@ public void clusterAddFederateUsersToGroups(String federateUID, Set<String> loca
 	@Override
 	public void addFederateGroupsInboundMap(@NotNull String federateUID, @NotNull String remoteGroup,
 			@NotNull String localGroup) {
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 		List<Federate> federates = fedConfig.getFederate();
 
 		for (Federate f : federates) {
@@ -746,13 +735,13 @@ public void addFederateGroupsInboundMap(@NotNull String federateUID, @NotNull St
 				break;
 			}
 		}
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 	}
 
 	@Override
 	public synchronized void addInboundGroupToCA(@NotNull String caID, @NotNull Set<String> localGroupNames) {
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		List<Federation.FederateCA> federateCAs = fedConfig.getFederateCA();
 		boolean foundCA = false;
@@ -783,22 +772,22 @@ public synchronized void addInboundGroupToCA(@NotNull String caID, @NotNull Set<
 			}
 		}
 
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 	}
 
 	@Override
 	public synchronized void addOutboundGroupToCA(@NotNull String caID, @NotNull Set<String> localGroupNames) {
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
-		List<Federation.FederateCA> federateCAs = coreConfig.getRemoteConfiguration().getFederation().getFederateCA();
+		List<Federation.FederateCA> federateCAs = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederateCA();
 		boolean foundCA = false;
 		for (Federation.FederateCA ca : federateCAs) {
 			if (ca.getFingerprint().compareTo(caID) == 0) {
 				foundCA = true;
 				for (String gname : localGroupNames) {
 					ca.getOutboundGroup().add(gname);
-					coreConfig.setAndSaveFederation(fedConfig);
+					CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 				}
 				break;
 			}
@@ -819,13 +808,13 @@ public synchronized void addOutboundGroupToCA(@NotNull String caID, @NotNull Set
 			}
 		}
 
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 	}
 
 	@Override
 	public synchronized void removeFederateFromGroupsInbound(String federateUID, Set<String> localGroupNames) {
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		List<Federate> federates = fedConfig.getFederate();
 		for (Federate f : federates) {
@@ -837,7 +826,7 @@ public synchronized void removeFederateFromGroupsInbound(String federateUID, Set
 			}
 		}
 
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 
 		clusterRemoveFederateUsersToGroups(federateUID, localGroupNames, Direction.IN, true);
 	}
@@ -845,7 +834,7 @@ public synchronized void removeFederateFromGroupsInbound(String federateUID, Set
 	@Override
 	public void removeFederateFromGroupsOutbound(String federateUID, Set<String> localGroupNames) {
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		Federate federateConfig = null;
 		List<Federate> federates = fedConfig.getFederate();
@@ -861,7 +850,7 @@ public void removeFederateFromGroupsOutbound(String federateUID, Set<String> loc
 		
 		updateFederateGroups(federateConfig);
 
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 
 		clusterRemoveFederateUsersToGroups(federateUID, localGroupNames, Direction.OUT, true);
 	}
@@ -891,7 +880,7 @@ public void clusterRemoveFederateUsersToGroups(String federateUID, Set<String> l
 	@Override
 	public void removeFederateInboundGroupsMap(@NotNull String federateUID, @NotNull String remoteGroup,
 			@NotNull String localGroup) {
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 		List<Federate> federates = fedConfig.getFederate();
 
 		Set localGroupSet = new HashSet<String>(1);
@@ -903,13 +892,13 @@ public void removeFederateInboundGroupsMap(@NotNull String federateUID, @NotNull
 				break;
 			}
 		}
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 	}
 
 	@Override
 	public synchronized void removeInboundGroupFromCA(@NotNull String caID, @NotNull Set<String> localGroupNames) {
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		List<Federation.FederateCA> federateCAs = fedConfig.getFederateCA();
 		for (Federation.FederateCA ca : federateCAs) {
@@ -921,13 +910,13 @@ public synchronized void removeInboundGroupFromCA(@NotNull String caID, @NotNull
 			}
 		}
 
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 	}
 
 	@Override
 	public synchronized void removeOutboundGroupFromCA(@NotNull String caID, @NotNull Set<String> localGroupNames) {
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		List<Federation.FederateCA> federateCAs = fedConfig.getFederateCA();
 		for (Federation.FederateCA ca : federateCAs) {
@@ -939,12 +928,12 @@ public synchronized void removeOutboundGroupFromCA(@NotNull String caID, @NotNul
 			}
 		}
 
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 	}
 	
 	@Override
 	public synchronized void addMaxHopsToCA(@NotNull String caID, int maxHops) {
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		List<Federation.FederateCA> federateCAs = fedConfig.getFederateCA();
 		boolean foundCA = false;
@@ -971,13 +960,13 @@ public synchronized void addMaxHopsToCA(@NotNull String caID, int maxHops) {
 			}
 		}
 
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 	}
 
 	@Override
 	public List<Federation.FederationOutgoing> getOutgoingConnections() {
 
-		List<FederationOutgoing> result = coreConfig.getRemoteConfiguration().getFederation().getFederationOutgoing();
+		List<FederationOutgoing> result = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationOutgoing();
 
 		if (logger.isTraceEnabled()) {
 			logger.trace("outgoing connections: " + result);
@@ -1052,7 +1041,7 @@ public List<FederationOutgoing> getOutgoingConnections(String address, int port)
 
 		List<FederationOutgoing> result = new ArrayList<>();
 
-		for (FederationOutgoing outgoing : coreConfig.getRemoteConfiguration()
+		for (FederationOutgoing outgoing : CoreConfigFacade.getInstance().getRemoteConfiguration()
 				.getFederation()
 				.getFederationOutgoing()) {
 			if (outgoing.getAddress().equalsIgnoreCase(address) && outgoing.getPort().equals(port)) {
@@ -1065,7 +1054,7 @@ public List<FederationOutgoing> getOutgoingConnections(String address, int port)
 
 	public FederationOutgoing getOutgoingConnection(String name) {
 
-		for (FederationOutgoing outgoing : coreConfig.getRemoteConfiguration()
+		for (FederationOutgoing outgoing : CoreConfigFacade.getInstance().getRemoteConfiguration()
 				.getFederation()
 				.getFederationOutgoing()) {
 			if (outgoing.getDisplayName().equalsIgnoreCase(name)) {
@@ -1222,14 +1211,14 @@ public synchronized void disableOutgoing(@NotNull FederationOutgoing outgoing) {
 	}
 
 	private void saveOutgoing(FederationOutgoing outgoing, boolean enabled) {
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		for (FederationOutgoing fo : fedConfig.getFederationOutgoing()) {
 			if (fo != null && fo.getDisplayName() != null && fo.getDisplayName().equals(outgoing.getDisplayName())) {
 				fo.setEnabled(enabled);
 			}
 		}
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 	}
 
 	@Override
@@ -1287,11 +1276,11 @@ public synchronized void addOutgoingConnection(String name, String host, int por
 		outgoing.setMaxRetries(maxRetries);
 		outgoing.setUnlimitedRetries(unlimitedRetries);
 
-		Federation federationConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation federationConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		federationConfig.getFederationOutgoing().add(outgoing);
 
-		coreConfig.setAndSaveFederation(federationConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(federationConfig);
 
 		SubscriptionStore.getInstanceFederatedSubscriptionManager().putOutgoingNumRetries(name);
 		SubscriptionStore.getInstanceFederatedSubscriptionManager().putOutgoingRetryScheduled(name);
@@ -1313,21 +1302,110 @@ public synchronized void addOutgoingConnection(String name, String host, int por
 					.getAndPutFederateOutgoingStatus(outgoing.getDisplayName(), new ConnectionStatus(ConnectionStatusValue.DISABLED));
 		}
 	}
+	
+	@Override
+	public synchronized void updateOutgoingConnection(Federation.FederationOutgoing original, Federation.FederationOutgoing update) {
+		boolean wasNameChange = false;
+		
+		// if the name is being updated, make sure the new name isn't taken
+		if (!original.getDisplayName().equals(update.getDisplayName())) {
+			// check for dupes by name in the cache
+			if (SubscriptionStore.getInstanceFederatedSubscriptionManager().getCachedFederationConnectionStatus(update.getDisplayName()) != null) {
+				throw new DuplicateFederateException("outgoing " + update.getDisplayName() + " already exists");
+			}
+			wasNameChange = true;
+		}
+		
+		// if port / address has changed, make sure it doesn't already exist
+		if (!original.getPort().equals(update.getPort()) || !original.getAddress().equals(update.getAddress())) {
+			if (!getOutgoingConnections(update.getAddress(), update.getPort()).isEmpty()) {
+				throw new DuplicateFederateException("outgoing for " + update.getAddress() + ", " + update.getPort() + " already exists");
+			}
+		}
+
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+		
+		for (Federation.FederationOutgoing f : config.getFederation().getFederationOutgoing()) {
+			if (f.getDisplayName().compareTo(original.getDisplayName()) == 0) {
+
+				Federation federationConfig = config.getFederation();
+
+				f.setEnabled(update.isEnabled());
+				f.setAddress(update.getAddress());
+				f.setDisplayName(update.getDisplayName());
+				f.setPort(update.getPort());
+				f.setReconnectInterval(update.getReconnectInterval());
+				f.setProtocolVersion(update.getProtocolVersion());
+				f.setFallback(update.getFallback());
+				f.setMaxRetries(update.getMaxRetries());
+				f.setUnlimitedRetries(update.isUnlimitedRetries());
+
+				CoreConfigFacade.getInstance().setAndSaveFederation(federationConfig);
+
+				break;
+			}
+		}
+		
+		// clear old
+		SubscriptionStore.getInstanceFederatedSubscriptionManager().removeOutgoingNumRetries(original.getDisplayName());
+		SubscriptionStore.getInstanceFederatedSubscriptionManager().removeOutgoingRetryScheduled(original.getDisplayName());
+		
+		// add new
+		SubscriptionStore.getInstanceFederatedSubscriptionManager().putOutgoingNumRetries(update.getDisplayName());
+		SubscriptionStore.getInstanceFederatedSubscriptionManager().putOutgoingRetryScheduled(update.getDisplayName());
+		
+		// if the original and the updated are disabled, just update cache incase the name changed
+		if (!original.isEnabled() && !update.isEnabled()) {
+			ConnectionStatus status = new ConnectionStatus(ConnectionStatusValue.DISABLED);
+			SubscriptionStore.getInstanceFederatedSubscriptionManager().getAndPutFederateOutgoingStatus(update.getDisplayName(), status);
+		}
+		// if the original was enabled and the updated is disabled, nothing to do other than disable
+		else if (original.isEnabled() && !update.isEnabled()) {
+			// disable the original outgoing connection
+			disableOutgoing(original);
+		}
+		// if the original was disabled and the updated is enabled, initiate the outgoing
+		else if (!original.isEnabled() && update.isEnabled()) {
+			ConnectionStatus status = new ConnectionStatus(ConnectionStatusValue.CONNECTING);
+			SubscriptionStore.getInstanceFederatedSubscriptionManager().getAndPutFederateOutgoingStatus(update.getDisplayName(), status);
+			initiateOutgoing(update, status);
+		}
+		// if the display name, address, port or protocol version has changed, we need to restart the connection
+		// otherwise we can just update the config and keep it connected
+		else if (original.isEnabled() && update.isEnabled()) {
+			if (!original.getDisplayName().equals(update.getDisplayName()) || !original.getPort().equals(update.getPort()) || 
+					!original.getAddress().equals(update.getAddress()) || original.getProtocolVersion() != update.getProtocolVersion()) {
+				
+				// disable the original outgoing connection
+				disableOutgoing(original);
+				
+				// re-enable with the new outgoing connection
+				ConnectionStatus status = new ConnectionStatus(ConnectionStatusValue.CONNECTING);
+				SubscriptionStore.getInstanceFederatedSubscriptionManager().getAndPutFederateOutgoingStatus(update.getDisplayName(), status);
+				initiateOutgoing(update, status);
+			}
+		} 
+		
+		// remove references to old name		
+		if (wasNameChange) {
+			SubscriptionStore.getInstanceFederatedSubscriptionManager().removeFederateOutgoingStatus(original.getDisplayName());
+		}
+	}
 
 	@Override
 	public void removeOutgoing(String name) {
 		disableOutgoingForNode(name);
 
-		for (Federation.FederationOutgoing f : coreConfig.getRemoteConfiguration()
+		for (Federation.FederationOutgoing f : CoreConfigFacade.getInstance().getRemoteConfiguration()
 				.getFederation()
 				.getFederationOutgoing()) {
 			if (f.getDisplayName().compareTo(name) == 0) {
 
-				Federation federationConfig = coreConfig.getRemoteConfiguration().getFederation();
+				Federation federationConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 				federationConfig.getFederationOutgoing().remove(f); // avoid concurrentmodification with the break
 
-				coreConfig.setAndSaveFederation(federationConfig);
+				CoreConfigFacade.getInstance().setAndSaveFederation(federationConfig);
 
 				ConnectionStatus status = SubscriptionStore.getInstanceFederatedSubscriptionManager().removeFederateOutgoingStatus(f.getDisplayName());
 				SubscriptionStore.getInstanceFederatedSubscriptionManager().removeOutgoingNumRetries(f.getDisplayName());
@@ -1365,7 +1443,7 @@ public List<X509Certificate> getCAList() {
 	public List<X509Certificate> getCALocalList() {
 		List<X509Certificate> certs = new LinkedList<>();
 		try {
-			Enumeration<String> aliases = SSLConfig.getInstance(coreConfig.getRemoteConfiguration().getFederation().getFederationServer().getTls()).getTrust().aliases();
+			Enumeration<String> aliases = SSLConfig.getInstance(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getTls()).getTrust().aliases();
 			while (aliases.hasMoreElements()) {
 				String s = aliases.nextElement();
 				KeyStore.Entry entry = getSSLCache().get(SSL_TRUSTSTORE_KEY).getTrust().getEntry(s, null);
@@ -1420,7 +1498,7 @@ public void removeCA(X509Certificate ca) {
 	}
 
 	private synchronized void saveTruststoreFile() {
-		Tls tlsConfig = coreConfig.getRemoteConfiguration().getFederation().getFederationServer().getTls();
+		Tls tlsConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getTls();
 		try (FileOutputStream fos = new FileOutputStream(tlsConfig.getTruststoreFile())) {
 			getSSLCache().get(SSL_TRUSTSTORE_KEY).getTrust()
 				.store(fos, tlsConfig.getTruststorePass().toCharArray());
@@ -1613,7 +1691,7 @@ public void handleOnDataReceived(FederatedEvent data, ChannelHandler handler, Pr
 			try {
 				CotEventContainer cot = ProtoBufHelper.getInstance().proto2cot(data.getEvent());
 
-				if (coreConfig.getRemoteConfiguration().getSubmission().isIgnoreStaleMessages()) {
+				if (CoreConfigFacade.getInstance().getRemoteConfiguration().getSubmission().isIgnoreStaleMessages()) {
 					if (MessageConversionUtil.isStale(cot)) {
 						if (logger.isDebugEnabled()) {
 							logger.debug("ignoring stale federated message: " + cot);
@@ -1768,7 +1846,7 @@ public void handleOnConnect(ChannelHandler handler, Protocol<FederatedEvent> pro
 
 			DistributedSubscriptionManager.getInstance().addRawSubscription(subscription);
 
-			if (MessagingDependencyInjectionProxy.getInstance().coreConfig().getBuffer().getLatestSA().isEnable()) {
+			if (MessagingDependencyInjectionProxy.getInstance().coreConfig().getRemoteConfiguration().getBuffer().getLatestSA().isEnable()) {
 				try {
 					MessagingUtilImpl.getInstance().sendLatestReachableSA(user);
 				} catch (Exception e) {
@@ -2065,9 +2143,9 @@ public void run() {
 	}
 
 	@Override
-	public void updateFederateDetails(String federateId, boolean archive, boolean shareAlerts, boolean federatedGroupMapping, boolean automaticGroupMapping, String notes, int maxHops) {
+	public void updateFederateDetails(String federateId, boolean archive, boolean shareAlerts, boolean federatedGroupMapping, boolean automaticGroupMapping, boolean fallbackWhenNoGroupMappings, String notes, int maxHops) {
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		List<Federate> federates = fedConfig.getFederate();
 
@@ -2077,12 +2155,13 @@ public void updateFederateDetails(String federateId, boolean archive, boolean sh
 				f.setShareAlerts(shareAlerts);
 				f.setFederatedGroupMapping(federatedGroupMapping);
 				f.setAutomaticGroupMapping(automaticGroupMapping);
+				f.setFallbackWhenNoGroupMappings(fallbackWhenNoGroupMappings);
 				f.setNotes(notes);
 				f.setMaxHops(maxHops);
 				break;
 			}
 		}
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 		
 		// dynamically update maxHops to active connections
 		SubscriptionStore.getInstanceFederatedSubscriptionManager().getFederateSubscriptions().forEach(sub -> {
@@ -2108,7 +2187,7 @@ public void updateFederateDetails(String federateId, boolean archive, boolean sh
 	@Override
 	public void removeFederate(String federateId) {
 
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
 		List<Federate> federates = fedConfig.getFederate();
 
@@ -2119,17 +2198,17 @@ public void removeFederate(String federateId) {
 			}
 		}
 
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 	}
 
 	@Override
 	public List<Federate> getConfiguredFederates() {
-		if (coreConfig.getRemoteConfiguration().getFederation() == null
-				|| coreConfig.getRemoteConfiguration().getFederation().getFederate() == null) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation() == null
+				|| CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederate() == null) {
 			return new ArrayList<>();
 		}
 
-		return coreConfig.getRemoteConfiguration().getFederation().getFederate();
+		return CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederate();
 	}
 	
 	@Override
@@ -2166,6 +2245,8 @@ public void run() {
 							// use the file hash to load the file from db / cache
 							byte[] fileBytes = MessagingDependencyInjectionProxy.getInstance().esyncService().getContentByHash(fileHash, groupVector);
 							
+							
+							
 							if (logger.isDebugEnabled()) {
 								if (fileBytes == null) {
 									logger.debug("null bytes for file " + fileHash);
@@ -2176,18 +2257,22 @@ public void run() {
 								}
 							}
 							
-							BinaryBlob filePayload = BinaryBlob.newBuilder().setData(ByteString.readFrom(new ByteArrayInputStream(fileBytes))).build();
+							if (fileBytes.length > CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getMaxMessageSizeBytes()) {
+								logger.info("File payload size " + fileBytes.length + " exceeds the max size! Not attaching file to " + rol);
+							} else {
+								BinaryBlob filePayload = BinaryBlob.newBuilder().setData(ByteString.readFrom(new ByteArrayInputStream(fileBytes))).build();
 
-							ROL.Builder rolBuilder = rol.toBuilder();
-							
-							rolBuilder.addPayload(filePayload);
-							
-							if (logger.isDebugEnabled()) {
-								logger.debug("Added file payload size " + fileBytes.length + " bytes to rol");
+								ROL.Builder rolBuilder = rol.toBuilder();
+								
+								rolBuilder.addPayload(filePayload);
+								
+								if (logger.isDebugEnabled()) {
+									logger.debug("Added file payload size " + fileBytes.length + " bytes to rol");
+								}
+								
+								finalRol = rolBuilder.build();
 							}
 							
-							finalRol = rolBuilder.build();
-							
 						}
 					} catch (Exception e) {
 						if (logger.isWarnEnabled()) {
@@ -2422,7 +2507,7 @@ public void run() {
 
 	@Override
 	public void reconfigureFederation() {
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 		if (fedConfig.isEnableFederation()) {
 			logger.info("starting federation.");
 			if (fedConfig.getFederationServer().isV2Enabled()) {
@@ -2479,7 +2564,7 @@ public void trackDisconnectEventForFederate(String fedId, String fedName, boolea
 
 	@Override
 	public void updateFederateMissionSettings(String federateUID, boolean missionFederateDefault, List<Mission> federateMissions) {
-		Federation fedConfig = coreConfig.getRemoteConfiguration().getFederation();
+		Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 		
 		List<Federate> federates = fedConfig.getFederate();
 
@@ -2491,6 +2576,6 @@ public void updateFederateMissionSettings(String federateUID, boolean missionFed
 				break;
 			}
 		}
-		coreConfig.setAndSaveFederation(fedConfig);
+		CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
 	}
 }
diff --git a/src/takserver-core/src/main/java/org/apache/http/client/fluent/FederateHttpClientExecutor.java b/src/takserver-core/src/main/java/tak/server/federation/FederateHttpClientExecutor.java
similarity index 52%
rename from src/takserver-core/src/main/java/org/apache/http/client/fluent/FederateHttpClientExecutor.java
rename to src/takserver-core/src/main/java/tak/server/federation/FederateHttpClientExecutor.java
index 3764dee4..e9fbec8e 100644
--- a/src/takserver-core/src/main/java/org/apache/http/client/fluent/FederateHttpClientExecutor.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/FederateHttpClientExecutor.java
@@ -1,37 +1,54 @@
-package org.apache.http.client.fluent;
+package tak.server.federation;
+
+import java.io.IOException;
 
 import javax.net.ssl.SSLContext;
 
-import org.apache.http.client.HttpClient;
-import org.apache.http.config.Registry;
-import org.apache.http.config.RegistryBuilder;
-import org.apache.http.conn.socket.ConnectionSocketFactory;
-import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
-import org.apache.http.conn.socket.PlainConnectionSocketFactory;
-import org.apache.http.conn.ssl.NoopHostnameVerifier;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
-import org.apache.http.ssl.SSLInitializationException;
+//import org.apache.http.client.HttpClient;
+//import org.apache.http.config.Registry;
+//import org.apache.http.config.RegistryBuilder;
+//import org.apache.http.conn.socket.ConnectionSocketFactory;
+//import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
+//import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+//import org.apache.http.conn.ssl.NoopHostnameVerifier;
+//import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+//import org.apache.http.impl.client.HttpClientBuilder;
+//import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+//import org.apache.http.ssl.SSLInitializationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.bbn.marti.config.Configuration;
 import com.bbn.marti.remote.exception.TakException;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.SSLConfig;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import org.apache.hc.client5.http.fluent.Executor;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.HttpClients;
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
+import org.apache.hc.client5.http.socket.ConnectionSocketFactory;
+import org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory;
+import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory;
+import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
+import org.apache.hc.core5.http.config.Registry;
+import org.apache.hc.core5.http.config.RegistryBuilder;
+import org.apache.hc.core5.ssl.SSLInitializationException;
+import org.apache.hc.core5.util.TimeValue;
+
 /*
  * 
- * Extend the fluent-hc Executor class so that we can control the http connection pool and SSL/TLS configuration, getting it in the same way as the federate ssl context
- * 
+ * Extend the fluent-hc Executor class so that we can control the http connection pool and SSL/TLS configuration, getting it in the same way as the federate ssl context.
+ * This class can no longer extends Executor as Executor has no accessible constructor.
  */
-public class FederateHttpClientExecutor extends Executor {
+public class FederateHttpClientExecutor {
 
     private static final Logger logger = LoggerFactory.getLogger(FederateHttpClientExecutor.class);
-
+    
     final static PoolingHttpClientConnectionManager connectionManager;
-    final static HttpClient federateHttpClient;
+    //final static HttpClient federateHttpClient;
+    final static CloseableHttpClient federateHttpClient;
     
     static SSLContext sslContext = null;
     
@@ -44,7 +61,7 @@ public class FederateHttpClientExecutor extends Executor {
             
             try {
 
-                Configuration config = DistributedConfiguration.getInstance().getRemoteConfiguration();
+                Configuration config = CoreConfigFacade.getInstance().getInstance().getRemoteConfiguration();
                 
                 if (logger.isTraceEnabled()) {
                 	logger.trace("federation: " + config.getFederation());
@@ -54,7 +71,7 @@ public class FederateHttpClientExecutor extends Executor {
                     throw new TakException("Federation TLS configuration not found - unable to initialize federate TLS HTTP client");
                 }
 
-                sslContext = SSLConfig.getInstance(DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getTls()).getSSLContext();
+                sslContext = SSLConfig.getInstance(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getTls()).getSSLContext();
                 
                 if (logger.isTraceEnabled()) {
                 	logger.trace("sslContext: " + sslContext);
@@ -82,17 +99,21 @@ public class FederateHttpClientExecutor extends Executor {
         connectionManager = new PoolingHttpClientConnectionManager(sfr);
         connectionManager.setDefaultMaxPerRoute(100);
         connectionManager.setMaxTotal(200);
-        connectionManager.setValidateAfterInactivity(1000);
-        federateHttpClient = HttpClientBuilder.create().setConnectionManager(connectionManager).build();
+        //connectionManager.setValidateAfterInactivity(1000);
+        connectionManager.setValidateAfterInactivity(TimeValue.ofMilliseconds(1000));
+        //federateHttpClient = HttpClientBuilder.create(). (connectionManager).build();
+        federateHttpClient = HttpClients.custom().setConnectionManager(connectionManager).build();
     }
 
     public static Executor newInstance() {
         logger.trace("getting fluent pooling tls http executor: " + federateHttpClient);
 
-        return new Executor(federateHttpClient);
+//        return new Executor(federateHttpClient);
+        return Executor.newInstance(federateHttpClient);
     }
 
-    FederateHttpClientExecutor(HttpClient httpclient) {
-        super(httpclient);
-    }
+//    FederateHttpClientExecutor(CloseableHttpClient httpclient) {
+//        super(httpclient);
+//    }
+    
 }
diff --git a/src/takserver-core/src/main/java/tak/server/federation/FederateSslPreAuthCodec.java b/src/takserver-core/src/main/java/tak/server/federation/FederateSslPreAuthCodec.java
index 7fa0255f..ce86ed06 100644
--- a/src/takserver-core/src/main/java/tak/server/federation/FederateSslPreAuthCodec.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/FederateSslPreAuthCodec.java
@@ -8,6 +8,9 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import com.google.common.base.Strings;
+import com.google.common.collect.Lists;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -31,14 +34,13 @@
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.RemoteUtil;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.util.MessageConversionUtil;
 import com.bbn.marti.util.concurrent.executor.OrderedExecutor;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
 import com.bbn.marti.util.concurrent.future.AsyncFutures;
-import com.google.common.base.Strings;
-import com.google.common.collect.Lists;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 /**
  *
@@ -51,7 +53,7 @@ public class FederateSslPreAuthCodec extends AbstractAuthCodec implements ByteCo
 
     private final static DistributedFederationManager fedManager = DistributedFederationManager.getInstance();
     
-    private final static Federation config = DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation();
+    private final static Federation config = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
     
     public final static ByteCodecFactory codecFactory = new ByteCodecFactory() {
     	
@@ -132,10 +134,9 @@ public void handleOnConnect(ConnectionInfo connectionInfo) {
 		    X509Certificate cert = connectionInfo.getCert();
 		    String principalDN = cert.getSubjectX500Principal().getName();
 		    String issuerDN = cert.getIssuerX500Principal().getName();
-		    javax.security.cert.X509Certificate caCert = null;
 
 		    String caCertFingerprint = "";
-		    if(connectionInfo.getCaCert() != null){
+		    if (connectionInfo.getCaCert() != null){
 		        caCertFingerprint = RemoteUtil.getInstance().getCertSHA256Fingerprint(connectionInfo.getCaCert());
 		    }
 		    //logger.warn("Cert name: " + cn.substring(3, cn.indexOf(',')) + "; issuer name: " + issuer.substring(3, issuer.indexOf(',')));
diff --git a/src/takserver-core/src/main/java/tak/server/federation/FederateSubscription.java b/src/takserver-core/src/main/java/tak/server/federation/FederateSubscription.java
index 8b3a9f2e..c2ab4d6f 100644
--- a/src/takserver-core/src/main/java/tak/server/federation/FederateSubscription.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/FederateSubscription.java
@@ -10,18 +10,10 @@
 
 import javax.naming.NamingException;
 
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.HttpVersion;
-import org.apache.http.client.ClientProtocolException;
-import org.apache.http.client.ResponseHandler;
-import org.apache.http.client.fluent.Executor;
-import org.apache.http.client.fluent.FederateHttpClientExecutor;
-import org.apache.http.client.fluent.Request;
-import org.apache.http.entity.ContentType;
-import org.apache.http.entity.mime.HttpMultipartMode;
-import org.apache.http.entity.mime.MultipartEntityBuilder;
-import org.apache.http.entity.mime.content.ByteArrayBody;
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import com.google.common.base.Strings;
+import com.google.common.io.ByteStreams;
+
 import org.dom4j.Attribute;
 import org.dom4j.DocumentHelper;
 import org.dom4j.Element;
@@ -35,12 +27,23 @@
 import com.bbn.marti.nio.channel.connections.TcpChannelHandler;
 import com.bbn.marti.nio.protocol.Protocol;
 import com.bbn.marti.remote.exception.TakException;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.RepositoryService;
 import com.bbn.marti.service.Resources;
 import com.bbn.marti.service.Subscription;
-import com.google.common.base.Strings;
-import com.google.common.io.ByteStreams;
+
+import org.apache.hc.client5.http.fluent.Executor;
+import org.apache.hc.client5.http.fluent.Request;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.core5.http.ClassicHttpResponse;
+import org.apache.hc.core5.http.ContentType;
+import org.apache.hc.core5.http.HttpEntity;
+import org.apache.hc.core5.http.HttpVersion;
+import org.apache.hc.client5.http.ClientProtocolException;
+import org.apache.hc.client5.http.entity.mime.ByteArrayBody;
+import org.apache.hc.client5.http.entity.mime.MultipartEntityBuilder;
+import org.apache.hc.client5.http.entity.mime.HttpMultipartMode;
+import org.apache.hc.core5.http.io.HttpClientResponseHandler;
+
 
 import tak.server.cluster.ClusterManager;
 import tak.server.cot.CotEventContainer;
@@ -183,7 +186,7 @@ protected void sendMissionPackage(final CotEventContainer toSend) {
                     throw new TakException("invalid mission package announce CoT message - empty hash or filename");
                 }
 
-                final int port = DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHttpsPort();
+                final int port = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHttpsPort();
 
                 String missionPackageUrl = "";
 
@@ -204,11 +207,13 @@ protected void sendMissionPackage(final CotEventContainer toSend) {
                     }
 
                     missionPackageUrl = federateHttpConnectionPool.execute(
-                            Request.Get(fedGetMissionPackageUrl).useExpectContinue().version(HttpVersion.HTTP_1_1))
-                            .handleResponse(new ResponseHandler<String>() { @Override public String handleResponse(HttpResponse response) throws ClientProtocolException, IOException {
+                            Request.get(fedGetMissionPackageUrl).useExpectContinue().version(HttpVersion.HTTP_1_1))
+                            .handleResponse(new HttpClientResponseHandler<String>() { @Override public String handleResponse(ClassicHttpResponse response) throws ClientProtocolException, IOException {
 
-                                int code = response.getStatusLine().getStatusCode();
-                                String reason = response.getStatusLine().getReasonPhrase();
+                                //int code = response.getStatusLine().getStatusCode();
+                                int code = response.getCode();
+                                //String reason = response.getStatusLine().getReasonPhrase();
+                                String reason = response.getReasonPhrase();
                                 String body = new String(ByteStreams.toByteArray(response.getEntity().getContent()));
 
                                 if (logger.isDebugEnabled()) {
@@ -245,17 +250,19 @@ protected void sendMissionPackage(final CotEventContainer toSend) {
 
                                     MultipartEntityBuilder builder = MultipartEntityBuilder.create();
                                     builder.setContentType(ContentType.MULTIPART_FORM_DATA);
-                                    builder.setMode(HttpMultipartMode.BROWSER_COMPATIBLE);
+                                    builder.setMode(HttpMultipartMode.LEGACY);
                                     builder.addPart("assetfile", bodyPart); // use the same part name that android uses - "assetfile"
                                     HttpEntity entity = builder.build();
 
                                     // now post the mission package to the federate, as a multi-part mime file
-                                    String result = federateHttpConnectionPool.execute(Request.Post(fedPostMissionPackageUrl)
+                                    String result = federateHttpConnectionPool.execute(Request.post(fedPostMissionPackageUrl)
                                             .useExpectContinue()
                                             .version(HttpVersion.HTTP_1_1)
-                                            .body(entity)).handleResponse(new ResponseHandler<String>() { @Override public String handleResponse(HttpResponse response) throws ClientProtocolException, IOException {
-                                        int code = response.getStatusLine().getStatusCode();
-                                        String reason = response.getStatusLine().getReasonPhrase();
+                                            .body(entity)).handleResponse(new HttpClientResponseHandler<String>() { @Override public String handleResponse(ClassicHttpResponse response) throws ClientProtocolException, IOException {
+                                        //int code = response.getStatusLine().getStatusCode();
+                                        int code = response.getCode();
+                                        //String reason = response.getStatusLine().getReasonPhrase();
+                                        String reason = response.getReasonPhrase();
                                         String body = new String(ByteStreams.toByteArray(response.getEntity().getContent()));
 
                                         if (logger.isDebugEnabled()) {
@@ -318,7 +325,7 @@ else if (code == 200) {
     }
     
     protected Configuration getConfiguration() {
-    	return DistributedConfiguration.getInstance().getRemoteConfiguration();
+    	return CoreConfigFacade.getInstance().getRemoteConfiguration();
     }
     
     //TODO maintain a local mapping structure for federate to federateId that gets reset when the cache updates so we dont have to loop the list each time
diff --git a/src/takserver-core/src/main/java/tak/server/federation/FederationConfigManager.java b/src/takserver-core/src/main/java/tak/server/federation/FederationConfigManager.java
index f6e478dd..68e766bf 100644
--- a/src/takserver-core/src/main/java/tak/server/federation/FederationConfigManager.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/FederationConfigManager.java
@@ -3,6 +3,7 @@
 import java.io.File;
 import java.rmi.RemoteException;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -15,18 +16,15 @@ public class FederationConfigManager implements FederationConfigInterface {
 
     private static final long serialVersionUID = 2880902388047468469L;
 
-    public FederationConfigManager(CoreConfig coreConfig) throws RemoteException {
-        this.config = coreConfig;
+    public FederationConfigManager() throws RemoteException {
     }
 
-    private final CoreConfig config;
-
     private static final Logger logger = LoggerFactory.getLogger(FederationConfigManager.class);
 
 
     @Override
     public FederationConfigInfo getFederationConfig() throws RemoteException {
-        Federation fedConfig = config.getRemoteConfiguration().getFederation();
+        Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
         if (fedConfig.getFederationServer().getFederationPort().isEmpty()) {
             Federation.FederationServer.FederationPort p = new Federation.FederationServer.FederationPort();
             p.setPort(fedConfig.getFederationServer().getPort());
@@ -65,10 +63,10 @@ public FederationConfigInfo getFederationConfig() throws RemoteException {
 
     @Override
     public void modifyFederationConfig(FederationConfigInfo info) throws RemoteException {
-        Federation fedConfig = config.getRemoteConfiguration().getFederation();
+        Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
         if (logger.isDebugEnabled()) {
-            logger.debug("config ident: " + System.identityHashCode(config));
+            logger.debug("config ident: " + System.identityHashCode(CoreConfigFacade.getInstance()));
         }
 
         fedConfig.setEnableFederation(info.isEnabled());
@@ -108,7 +106,7 @@ public void modifyFederationConfig(FederationConfigInfo info) throws RemoteExcep
         if (logger.isDebugEnabled()) {
             logger.debug("is federation enabled? " + info.isEnabled() + ", " + fedConfig.isEnableFederation());
         }
-        config.setAndSaveFederation(fedConfig);
+        CoreConfigFacade.getInstance().setAndSaveFederation(fedConfig);
         if (logger.isDebugEnabled()) {
             logger.debug("changes saved?");
         }
@@ -116,7 +114,7 @@ public void modifyFederationConfig(FederationConfigInfo info) throws RemoteExcep
 
     @Override
     public boolean verifyFederationTruststore() throws RemoteException {
-        Federation fedConfig = config.getRemoteConfiguration().getFederation();
+        Federation fedConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation();
 
         String fileName = fedConfig.getFederationServer().getTls().getTruststoreFile();
         File truststoreFileObj = new File(fileName);
diff --git a/src/takserver-core/src/main/java/tak/server/federation/FederationServer.java b/src/takserver-core/src/main/java/tak/server/federation/FederationServer.java
index 0a78dff1..2e259371 100644
--- a/src/takserver-core/src/main/java/tak/server/federation/FederationServer.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/FederationServer.java
@@ -9,7 +9,6 @@
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
-import java.math.BigInteger;
 import java.net.InetAddress;
 import java.net.SocketAddress;
 import java.nio.ByteBuffer;
@@ -51,6 +50,33 @@
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import com.google.common.base.Charsets;
+import com.google.common.base.Strings;
+import com.google.common.collect.ComparisonChain;
+import com.google.common.hash.Hashing;
+import com.google.common.primitives.Longs;
+
+import io.grpc.Context;
+import io.grpc.Contexts;
+import io.grpc.Grpc;
+import io.grpc.Metadata;
+import io.grpc.Server;
+import io.grpc.ServerCall;
+import io.grpc.ServerCallHandler;
+import io.grpc.ServerInterceptor;
+import io.grpc.ServerInterceptors;
+import io.grpc.Status;
+import io.grpc.netty.NettyServerBuilder;
+import io.grpc.stub.StreamObserver;
+import io.micrometer.core.instrument.Metrics;
+import io.netty.channel.socket.nio.NioServerSocketChannel;
+import io.netty.util.internal.logging.InternalLoggerFactory;
+import io.netty.util.internal.logging.Slf4JLoggerFactory;
+
 import org.antlr.v4.runtime.ANTLRInputStream;
 import org.antlr.v4.runtime.BailErrorStrategy;
 import org.antlr.v4.runtime.CommonTokenStream;
@@ -67,7 +93,6 @@
 import com.atakmap.Tak.ContactListEntry;
 import com.atakmap.Tak.Empty;
 import com.atakmap.Tak.FederateGroups;
-import com.atakmap.Tak.FederateHops;
 import com.atakmap.Tak.FederatedChannelGrpc;
 import com.atakmap.Tak.FederatedEvent;
 import com.atakmap.Tak.Identity;
@@ -96,54 +121,31 @@
 import com.bbn.marti.remote.groups.Reachability;
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.RemoteUtil;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.FederatedSubscriptionManager;
 import com.bbn.marti.service.Resources;
 import com.bbn.marti.service.SubscriptionManager;
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.sync.federation.FederationROLHandler;
 import com.bbn.marti.util.MessageConversionUtil;
+import com.bbn.marti.util.MessagingDependencyInjectionProxy;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
 import com.bbn.roger.fig.FederationUtils;
 import com.bbn.roger.fig.model.FigServerConfig;
-import com.fasterxml.jackson.core.JsonParseException;
-import com.fasterxml.jackson.databind.JsonMappingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
-import com.google.common.base.Charsets;
-import com.google.common.base.Strings;
-import com.google.common.collect.ComparisonChain;
-import com.google.common.hash.Hashing;
-import com.google.common.primitives.Longs;
 
-import io.grpc.Context;
-import io.grpc.Contexts;
-import io.grpc.Grpc;
-import io.grpc.Metadata;
-import io.grpc.Server;
-import io.grpc.ServerCall;
-import io.grpc.ServerCallHandler;
-import io.grpc.ServerInterceptor;
-import io.grpc.ServerInterceptors;
-import io.grpc.Status;
-import io.grpc.netty.NettyServerBuilder;
-import io.grpc.stub.StreamObserver;
-import io.micrometer.core.instrument.Metrics;
-import io.netty.channel.socket.nio.NioServerSocketChannel;
-import io.netty.util.internal.logging.InternalLoggerFactory;
-import io.netty.util.internal.logging.Slf4JLoggerFactory;
 import mil.af.rl.rol.FederationProcessor;
-import mil.af.rl.rol.MissionRolVisitor;
 import mil.af.rl.rol.Resource;
 import mil.af.rl.rol.ResourceOperationParameterEvaluator;
 import mil.af.rl.rol.RolLexer;
 import mil.af.rl.rol.RolParser;
 import mil.af.rl.rol.value.Parameters;
 import mil.af.rl.rol.value.ResourceDetails;
+
 import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 import tak.server.federation.message.AddressableEntity;
 import tak.server.federation.message.Message;
+import tak.server.federation.rol.MissionRolVisitor;
 import tak.server.messaging.Messenger;
 
 
@@ -209,7 +211,7 @@ public class FederationServer {
 	private MissionDisruptionManager mdm;
 
 	private Configuration coreConfig() {
-		return DistributedConfiguration.getInstance().getRemoteConfiguration();
+		return CoreConfigFacade.getInstance().getRemoteConfiguration();
 	}
 
 	private Federation fedConfig() {
@@ -260,8 +262,8 @@ private void init() {
 						String fedTruststore = fedTls.getTruststoreFile();
 
 						if (fedTruststore != null && fedTruststore.equals("certs/files/truststore-root.jks")) {
-							fedTls.setTruststoreFile(DistributedConfiguration.DEFAULT_TRUSTSTORE);
-							DistributedConfiguration.getInstance().saveChanges();
+							fedTls.setTruststoreFile(CoreConfigFacade.DEFAULT_TRUSTSTORE);
+							CoreConfigFacade.getInstance().saveChanges();
 						}
 					}
 				}
@@ -712,16 +714,64 @@ public void clientROLStream(Subscription subscription, StreamObserver<ROL> clien
 
 				ConnectionInfo connection = new ConnectionInfo();
 				connection.setConnectionId(getCurrentSessionId());
+				
+				final String sessionId = getCurrentSessionId();
+				
+				if (logger.isDebugEnabled()) {
+					logger.debug("FederationServer sessionId: " + sessionId);
+				}
+
+				com.bbn.marti.config.Federation.Federate federate = federationManager.getFederate(serverFederateMap.get(sessionId));
+				
+				if (federate == null) {
+					if (logger.isDebugEnabled()) {
+						logger.debug("can't send federation changes - null federate");
+						return;
+					}
+				}
+				
+				if (Strings.isNullOrEmpty(federate.getId())) {
+					if (logger.isDebugEnabled()) {
+						logger.debug("can't send federation changes - empty federate id");
+						return;
+					}
+				}
+
+				ConnectionInfo connectionInfo = new ConnectionInfo();
+				FigServerFederateSubscription fedSubscription = null;
 
+				try {
+					connectionInfo.setConnectionId(sessionId);
+					fedSubscription = (FigServerFederateSubscription) federatedSubscriptionManager.getFederateSubscription(connectionInfo);
+				} catch (Exception e) {
+					if (logger.isDebugEnabled()) {
+						logger.debug("exception getting subscription", e);
+					}
+				}
+				
+				Set<String> outGroups = null;
+				if (federate.isFederatedGroupMapping()) {
+					NavigableSet<Group> groups = groupManager.getGroups(fedSubscription.getUser());
+					outGroups = GroupFederationUtil.getInstance().filterFedOutboundGroups(federate.getOutboundGroup(), groups, federate.getId());
+				}
+
+				final Set<String> fOutGroups = outGroups;
+				
 				try {
 					// send out data feeds to federate
-					if (DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
-						List<ROL> feedMessages = mdm.getDataFeedEventsForFederatedDataFeedOnly();
+					if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
+						List<ROL> feedMessages = mdm.getDataFeedEventsForFederatedDataFeedOnly(federate);
 						
 						AtomicLong delayMs = new AtomicLong(100L);										
 						for (final ROL feedMessage : feedMessages) {
 							Resources.scheduledClusterStateExecutor.schedule(() -> {
 								try {
+									ROL modifiedFeedMessage = feedMessage;
+									if (federate.isFederatedGroupMapping() && fOutGroups != null && fOutGroups.size() > 0) {
+										ROL.Builder changeBuilder = modifiedFeedMessage.toBuilder();
+										changeBuilder.addAllFederateGroups(fOutGroups);
+										modifiedFeedMessage = changeBuilder.build();
+									}
 									rolStreamHolder.send(feedMessage);
 								} catch (Exception e) {
 									logger.error("exception federating data feed", e);
@@ -738,49 +788,16 @@ public void clientROLStream(Subscription subscription, StreamObserver<ROL> clien
 				if (fedConfig().isEnableMissionFederationDisruptionTolerance()) {
 
 					try {
-
 						if (logger.isDebugEnabled()) {
 							logger.debug("mission federation disruption tolerance enabled");
 						}
 						
-						final String sessionId = getCurrentSessionId();
-						
-						if (logger.isDebugEnabled()) {
-							logger.debug("FederationServer sessionId: " + sessionId);
-						}
-
-						com.bbn.marti.config.Federation.Federate federate = federationManager.getFederate(serverFederateMap.get(sessionId));
-						
-						if (federate == null) {
-							if (logger.isDebugEnabled()) {
-								logger.debug("can't send federation changes - null federate");
-								return;
-							}
-						}
-						
-						if (Strings.isNullOrEmpty(federate.getId())) {
-							if (logger.isDebugEnabled()) {
-								logger.debug("can't send federation changes - empty federate id");
-								return;
-							}
-						}
+						final FigServerFederateSubscription sub = fedSubscription;
 
 						Resources.fedReconnectThreadPool.schedule(() -> {
 
 							try {
-
-								ConnectionInfo connectionInfo = new ConnectionInfo();
-								FigServerFederateSubscription fedSubscription = null;
-
-								try {
-									connectionInfo.setConnectionId(sessionId);
-									fedSubscription = (FigServerFederateSubscription) federatedSubscriptionManager.getFederateSubscription(connectionInfo);
-								} catch (Exception e) {
-									if (logger.isDebugEnabled()) {
-										logger.debug("exception getting subscription", e);
-									}
-								}
-								List<ROL> missionChanges = mdm.getMissionChangesAndTrackConnectEvent(federate, federate.getName(), fedSubscription);
+								List<ROL> missionChanges = mdm.getMissionChangesAndTrackConnectEvent(federate, federate.getName(), sub);
 
 								if (logger.isTraceEnabled()) {
 									logger.trace("mission disruption changes to send: " + missionChanges);
@@ -788,14 +805,6 @@ public void clientROLStream(Subscription subscription, StreamObserver<ROL> clien
 
 								final AtomicInteger changeCount = new AtomicInteger(0);
 
-								Set<String> outGroups = null;
-								if (federate.isFederatedGroupMapping()) {
-									NavigableSet<Group> groups = groupManager.getGroups(fedSubscription.getUser());
-									outGroups = GroupFederationUtil.getInstance().filterFedOutboundGroups(federate.getOutboundGroup(), groups, federate.getId());
-								}
-
-								final Set<String> fOutGroups = outGroups;
-
 								final List<ROL> changeMessages = new CopyOnWriteArrayList<>();
 
 								missionChanges.forEach((change) -> {
@@ -803,7 +812,7 @@ public void clientROLStream(Subscription subscription, StreamObserver<ROL> clien
 									if (federate.isFederatedGroupMapping() && fOutGroups != null && fOutGroups.size() > 0) {
 										ROL.Builder changeBuilder = change.toBuilder();
 										changeBuilder.addAllFederateGroups(fOutGroups);
-										changeMessages.add(changeBuilder.build());
+										change = changeBuilder.build();
 									}
 
 									changeMessages.add(change);
@@ -836,7 +845,8 @@ public void clientROLStream(Subscription subscription, StreamObserver<ROL> clien
 								logger.warn("error sending mission disruption changes to federate client", e);
 							}
 
-						}, DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds(), TimeUnit.SECONDS);
+						}, CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds(),
+								TimeUnit.SECONDS);
 					} catch (Exception e) {
 						logger.warn("exception getting or sending federation changes", e);
 					}
@@ -852,6 +862,21 @@ public void clientROLStream(Subscription subscription, StreamObserver<ROL> clien
 		 */
 		@Override
 		public StreamObserver<ROL> serverROLStream(StreamObserver<Subscription> responseObserver) {
+			String sessionId = getCurrentSessionId();
+            
+        	Subscription subscription = Subscription.newBuilder()
+        			.setFilter("")
+        			.setIdentity(
+        					Identity.newBuilder()
+        						.setType(Identity.ConnectionType.FEDERATION_TAK_SERVER)
+        						.setServerId(MessagingDependencyInjectionProxy.getInstance().serverInfo().getServerId())
+        						.setName(sessionId)
+        						.setUid(sessionId)
+        						.build())
+        			.build();
+        	
+        	responseObserver.onNext(subscription);
+        	
 			return new StreamObserver<ROL>() {
 				
 				{
@@ -1040,7 +1065,8 @@ public StreamObserver<FederatedEvent> serverEventStream(StreamObserver<Subscript
                         
         	Subscription subscription = Subscription.newBuilder()
         			.setFilter("")
-        			.setIdentity(Identity.newBuilder().setType(Identity.ConnectionType.FEDERATION_TAK_SERVER).setServerId(DistributedConfiguration.getInstance().getRemoteConfiguration().getNetwork().getServerId()).setName(sessionId).setUid(sessionId).build())
+        			.setIdentity(Identity.newBuilder().setType(Identity.ConnectionType.FEDERATION_TAK_SERVER).setServerId(
+							CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getServerId()).setName(sessionId).setUid(sessionId).build())
         			.build();
         	
         	responseObserver.onNext(subscription);
@@ -1092,8 +1118,10 @@ public StreamObserver<FederatedEvent> serverEventStream(StreamObserver<Subscript
 							federate = new Federate();
 							federate.setId(fingerprint);
 							federate.setName(certName);
-							federate.setFederatedGroupMapping(DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isFederatedGroupMapping());
-							federate.setAutomaticGroupMapping(DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAutomaticGroupMapping());
+							federate.setFederatedGroupMapping(
+									CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isFederatedGroupMapping());
+							federate.setAutomaticGroupMapping(
+									CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAutomaticGroupMapping());
 
 							if (caCert != null) {
 								for (FederateCA ca : fedConfig().getFederateCA()) {
@@ -1382,6 +1410,21 @@ public void onCompleted() {
 		}
 
 		public StreamObserver<FederateGroups> clientFederateGroupsStream(StreamObserver<Subscription> responseObserver) {
+			String sessionId = getCurrentSessionId();
+            
+        	Subscription subscription = Subscription.newBuilder()
+        			.setFilter("")
+        			.setIdentity(
+        					Identity.newBuilder()
+        						.setType(Identity.ConnectionType.FEDERATION_TAK_SERVER)
+        						.setServerId( MessagingDependencyInjectionProxy.getInstance().serverInfo().getServerId())
+        						.setName(sessionId)
+        						.setUid(sessionId)
+        						.build())
+        			.build();
+        	
+        	responseObserver.onNext(subscription);
+        	
 			return new StreamObserver<FederateGroups>() {
 				@Override
 				public void onNext(FederateGroups value) {
@@ -1548,10 +1591,12 @@ public void process(ROL clientROL) {
 								groups = groupFederationUtil.addFederateGroupMapping(federationManager.getInboundGroupMap(federate.getId()),
 										clientROL.getFederateGroupsList());
 							}
-						}
-
-						// fall back if no matches on the mapping
-						if (groups == null || groups.isEmpty()) {
+							
+							if ((groups == null || groups.isEmpty()) && federate.isFallbackWhenNoGroupMappings()) {
+								NavigableSet<Group> allGroups = groupManager.getGroups(sub.getUser());
+								groups = groupFederationUtil.filterGroupDirection(Direction.IN, allGroups);
+							}
+						} else {
 							NavigableSet<Group> allGroups = groupManager.getGroups(sub.getUser());
 							groups = groupFederationUtil.filterGroupDirection(Direction.IN, allGroups);
 						}
@@ -1625,10 +1670,12 @@ public void process(ROL rol) {
 							groups = groupFederationUtil.addFederateGroupMapping(federationManager.getInboundGroupMap(federate.getId()),
 									rol.getFederateGroupsList());
 						}
-					}
-
-					// fall back if no matches on the mapping
-					if (groups == null || groups.isEmpty()) {
+						
+						if ((groups == null || groups.isEmpty()) && federate.isFallbackWhenNoGroupMappings()) {
+							NavigableSet<Group> allGroups = groupManager.getGroups(sub.getUser());
+							groups = groupFederationUtil.filterGroupDirection(Direction.IN, allGroups);
+						}
+					} else {
 						NavigableSet<Group> allGroups = groupManager.getGroups(sub.getUser());
 						groups = groupFederationUtil.filterGroupDirection(Direction.IN, allGroups);
 					}
@@ -1743,7 +1790,7 @@ private static String getCN(String dn) {
 			LdapName ldapName = new LdapName(dn);
 
 			for(Rdn rdn : ldapName.getRdns()) {
-				if(rdn.getType().equalsIgnoreCase("CN")) {
+				if (rdn.getType().equalsIgnoreCase("CN")) {
 
 					return rdn.getValue().toString();
 				}
@@ -1878,7 +1925,7 @@ private void handleRead(FederatedEvent fedEvent, String sessionId, FederateSubsc
 		        	}
 		        }
 
-				if (DistributedConfiguration.getInstance().getRemoteConfiguration().getSubmission().isIgnoreStaleMessages()) {
+				if (CoreConfigFacade.getInstance().getRemoteConfiguration().getSubmission().isIgnoreStaleMessages()) {
 					if (MessageConversionUtil.isStale(cot)) {
 						if (logger.isDebugEnabled()) {
 							logger.debug("ignoring stale FIG federated message: " + cot);
@@ -1895,7 +1942,7 @@ private void handleRead(FederatedEvent fedEvent, String sessionId, FederateSubsc
 				// for mission filtering						
 				String feedUuid = (String) cot.getContextValue(Constants.DATA_FEED_UUID_KEY);
 				if (!Strings.isNullOrEmpty(feedUuid)) {
-					if (!DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation())
+					if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation())
 						return;
 					DataFeedFilter.getInstance().filterFederatedDataFeed(cot);
 				}
@@ -1912,12 +1959,16 @@ private void handleRead(FederatedEvent fedEvent, String sessionId, FederateSubsc
 							groups = groupFederationUtil.addFederateGroupMapping(federationManager.getInboundGroupMap(user.getId()),
 									fedEvent.getFederateGroupsList());
 						}
-					}
-                    // fall back if no matches on the mapping
-					if (groups == null || groups.isEmpty()) {
+						
+						if ((groups == null || groups.isEmpty()) && federationManager.getFederate(serverFederateMap.get(getCurrentSessionId())).isFallbackWhenNoGroupMappings()) {
+							NavigableSet<Group> allGroups = groupManager.getGroups(federateSubscription.getUser());
+							groups = groupFederationUtil.filterGroupDirection(Direction.IN, allGroups);
+						}
+					} else {
 						NavigableSet<Group> allGroups = groupManager.getGroups(federateSubscription.getUser());
 						groups = groupFederationUtil.filterGroupDirection(Direction.IN, allGroups);
 					}
+					
 					if (groups != null) {
 						if (logger.isTraceEnabled()) {
 							logger.trace("marking groups in FIG federated message: " + groups);
@@ -1957,7 +2008,7 @@ private void handleRead(FederatedEvent fedEvent, String sessionId, FederateSubsc
 
 				// store for latestSA
 				ConcurrentHashMap<String, RemoteContactWithSA> remoteContacts = federatedSubscriptionManager.getRemoteContactsMapByChannelHandler(handler);
-				if(remoteContacts != null && remoteContacts.containsKey(cot.getUid())) {
+				if (remoteContacts != null && remoteContacts.containsKey(cot.getUid())) {
 					remoteContacts.get(cot.getUid()).setLastSA(cot);
 				}
 			} catch (Exception e) {
@@ -1983,10 +2034,10 @@ private void handleRead(FederatedEvent fedEvent, String sessionId, FederateSubsc
 
 			try {
 				ContactListEntry contact = fedEvent.getContact();
-				if(contact.getOperation() == CRUD.DELETE) {
+				if (contact.getOperation() == CRUD.DELETE) {
 					CotEventContainer e = ProtoBufHelper.getInstance().protoBuf2delContact(contact);
 					Collection<com.bbn.marti.service.Subscription> reachable = groupFederationUtil.getReachableSubscriptions(federateSubscription);
-					if(reachable.contains(federateSubscription)) {
+					if (reachable.contains(federateSubscription)) {
 						logger.warn("reachable contained self!");
 						reachable.remove(federateSubscription);
 					}
@@ -2086,7 +2137,7 @@ private void removeInactiveClientStreams() {
 		}
 		for (Map.Entry<String, GuardedStreamHolder<FederatedEvent>> clientStreamEntry : clientStreamMap.entrySet()) {
 
-			if(!clientStreamEntry.getValue().isClientHealthy(config.getClientTimeoutTime())) {
+			if (!clientStreamEntry.getValue().isClientHealthy(config.getClientTimeoutTime())) {
 				if (logger.isDebugEnabled()) {
 					logger.debug("Detected FederatedEvent client stream {} inactivity", clientStreamEntry.getValue().getFederateIdentity());
 				}
@@ -2098,7 +2149,7 @@ private void removeInactiveClientStreams() {
 
 		for (Map.Entry<String, GuardedStreamHolder<ROL>> rolStreamEntry : clientROLStreamMap.entrySet()) {
 
-			if(!rolStreamEntry.getValue().isClientHealthy(config.getClientTimeoutTime())) {
+			if (!rolStreamEntry.getValue().isClientHealthy(config.getClientTimeoutTime())) {
 				if (logger.isDebugEnabled()) {
 					logger.debug("Detected ROL client stream {} inactivity", rolStreamEntry.getValue().getFederateIdentity());
 				}
diff --git a/src/takserver-core/src/main/java/tak/server/federation/FigFederateSubscription.java b/src/takserver-core/src/main/java/tak/server/federation/FigFederateSubscription.java
index 67a0a14f..213530f3 100644
--- a/src/takserver-core/src/main/java/tak/server/federation/FigFederateSubscription.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/FigFederateSubscription.java
@@ -7,6 +7,13 @@
 import java.util.NavigableSet;
 import java.util.Set;
 
+import com.google.common.collect.ComparisonChain;
+
+import io.grpc.ClientCall;
+import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
+import io.micrometer.core.instrument.Metrics;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -22,13 +29,8 @@
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.groups.Reachability;
 import com.bbn.marti.remote.groups.User;
-import com.bbn.marti.service.DistributedConfiguration;
-import com.google.common.collect.ComparisonChain;
 
-import io.grpc.ClientCall;
-import io.grpc.Metadata;
-import io.grpc.MethodDescriptor;
-import io.micrometer.core.instrument.Metrics;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cluster.ClusterManager;
 import tak.server.cot.CotEventContainer;
@@ -201,7 +203,7 @@ private synchronized void sendMessageProtected(FederatedEvent e) {
 
     @Override
     public void submitLocalContact(FederatedEvent e, long hitTime) {
-        if(localContactUid.contains(e.getContact().getUid())) {
+        if (localContactUid.contains(e.getContact().getUid())) {
         	if (logger.isDebugEnabled()) {
         		logger.debug("skipping sending contact: " + e.getContact().getCallsign() + ":" + e.getContact().getOperation());
         	}
@@ -242,7 +244,7 @@ public void submit(final CotEventContainer toSend, long hitTime) {
             return;
         }
         
-        if (toSend.getContextValue(Constants.DATA_FEED_KEY) != null && !DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
+        if (toSend.getContextValue(Constants.DATA_FEED_KEY) != null && !CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("data feed federation disabled");
 			}
diff --git a/src/takserver-core/src/main/java/tak/server/federation/FigServerFederateSubscription.java b/src/takserver-core/src/main/java/tak/server/federation/FigServerFederateSubscription.java
index f83f6f0d..2e5a35cd 100644
--- a/src/takserver-core/src/main/java/tak/server/federation/FigServerFederateSubscription.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/FigServerFederateSubscription.java
@@ -4,13 +4,14 @@
 import java.util.NavigableSet;
 import java.util.Set;
 
+import io.micrometer.core.instrument.Metrics;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import com.atakmap.Tak.FederateGroups;
 import com.atakmap.Tak.FederatedEvent;
 import com.atakmap.Tak.ROL;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import tak.server.Constants;
-import tak.server.cot.CotEventContainer;
 
 import com.bbn.marti.config.DataFeed;
 import com.bbn.marti.config.Federation.Federate;
@@ -18,11 +19,11 @@
 import com.bbn.marti.nio.channel.base.AbstractBroadcastingChannelHandler;
 import com.bbn.marti.remote.groups.Direction;
 import com.bbn.marti.remote.groups.Group;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.SubscriptionStore;
 
-import io.grpc.stub.StreamObserver;
-import io.micrometer.core.instrument.Metrics;
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import tak.server.Constants;
+import tak.server.cot.CotEventContainer;
 
 import static java.util.Objects.requireNonNull;
 
@@ -112,7 +113,7 @@ public void submit(final CotEventContainer toSend, long hitTime) {
 			return;
 		}
 		
-		if (toSend.getContextValue(Constants.DATA_FEED_KEY) != null && !DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
+		if (toSend.getContextValue(Constants.DATA_FEED_KEY) != null && !CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("data feed federation disabled");
 			}
diff --git a/src/takserver-core/src/main/java/tak/server/federation/MissionDisruptionManager.java b/src/takserver-core/src/main/java/tak/server/federation/MissionDisruptionManager.java
index df99cbfb..4626fc2e 100644
--- a/src/takserver-core/src/main/java/tak/server/federation/MissionDisruptionManager.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/MissionDisruptionManager.java
@@ -3,7 +3,6 @@
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.NavigableSet;
@@ -12,7 +11,10 @@
 import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.stream.Collectors;
 
-import javax.persistence.Tuple;
+import jakarta.persistence.Tuple;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.google.common.base.Strings;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -25,10 +27,8 @@
 import com.bbn.marti.remote.groups.Direction;
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.groups.GroupManager;
-import com.bbn.marti.remote.sync.MissionChangeType;
 import com.bbn.marti.remote.sync.MissionContent;
 import com.bbn.marti.remote.util.RemoteUtil;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.sync.EnterpriseSyncService;
 import com.bbn.marti.sync.federation.MissionActionROLConverter;
 import com.bbn.marti.sync.model.Mission;
@@ -36,11 +36,12 @@
 import com.bbn.marti.sync.model.MissionFeed;
 import com.bbn.marti.sync.service.MissionService;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.google.common.base.Strings;
 
 import mil.af.rl.rol.value.DataFeedMetadata;
 import mil.af.rl.rol.value.MissionMetadata;
+import tak.server.Constants;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 /*
  */
@@ -68,7 +69,7 @@ public List<ROL> getMissionChangesAndTrackConnectEvent(Federate federate, String
 		
 		List<ROL> rols = new CopyOnWriteArrayList<>();
 		
-		if (!DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()) return rols;
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()) return rols;
 
 		try {
 			
@@ -119,7 +120,7 @@ public List<ROL> getMissionChangesAndTrackConnectEvent(Federate federate, String
 			
 			fedManager.trackConnectEventForFederate(federate.getId(), fedName, false);
 
-			long recencySecs = DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getMissionFederationDisruptionToleranceRecencySeconds();
+			long recencySecs = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getMissionFederationDisruptionToleranceRecencySeconds();
 			long maxRecencyMillis;
 			if (recencySecs == -1) {
 			    maxRecencyMillis = lastEventTime.getTime();
@@ -162,11 +163,11 @@ public List<ROL> getMissionChangesAndTrackConnectEvent(Federate federate, String
 			// get enterprise sync changes as ROL
 			List<String> fileUids = new ArrayList<>();
 			
-			if (DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isFederateOnlyPublicMissions()) {
+			if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isFederateOnlyPublicMissions()) {
 				fileUids.addAll(MessagingDependencyInjectionProxy.getInstance().fedEventRepo().getMissionResourceHashesForToolForTimeInterval("public", new Date(bestRecencyMillis), now));
 				// only federating public, but make an exception for cops if vbm is enabled
-				if (DistributedConfiguration.getInstance().getRemoteConfiguration().getVbm().isEnabled()) {
-					String tool = DistributedConfiguration.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool();
+				if (CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled()) {
+					String tool = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool();
 					fileUids.addAll(MessagingDependencyInjectionProxy.getInstance().fedEventRepo().getMissionResourceHashesForToolForTimeInterval(tool, new Date(bestRecencyMillis), now));
 				}
 			} else {
@@ -203,7 +204,7 @@ public List<ROL> getMissionChangesAndTrackConnectEvent(Federate federate, String
 			});
 
 			Map<String, Long> missionRecencySeconds = new HashMap<String, Long>();
-			Federation.MissionDisruptionTolerance mdt = DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getMissionDisruptionTolerance();
+			Federation.MissionDisruptionTolerance mdt = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getMissionDisruptionTolerance();
 			if (mdt != null) {
 			    for (Federation.MissionDisruptionTolerance.Mission missionInterval : mdt.getMission()) {
 			        missionRecencySeconds.put(missionInterval.getName(), missionInterval.getRecencySeconds());
@@ -212,11 +213,11 @@ public List<ROL> getMissionChangesAndTrackConnectEvent(Federate federate, String
 			
 			List<Mission> fedMissions = new ArrayList<>();
 			
-			if (DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isFederateOnlyPublicMissions()) {
+			if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isFederateOnlyPublicMissions()) {
 				fedMissions.addAll(missionService.getAllMissions(true, true, "public", outboundGroups));
 				// only federating public, but make an exception for cops if vbm is enabled
-				if (DistributedConfiguration.getInstance().getRemoteConfiguration().getVbm().isEnabled()) {
-					String tool = DistributedConfiguration.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool();
+				if (CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled()) {
+					String tool = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool();
 					fedMissions.addAll(missionService.getAllMissions(true, true, tool, outboundGroups));
 				}
 			} else {
@@ -319,10 +320,10 @@ public List<ROL> getMissionChangesAndTrackConnectEvent(Federate federate, String
 
 						break;
 					case CREATE_DATA_FEED: {
-						if (DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
+						if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
 							MissionFeed createdMissionFeed = missionService.getMissionFeed(change.getMissionFeedUid());
 							if (createdMissionFeed != null) {
-								DataFeed dataFeed = DistributedConfiguration.getInstance()
+								DataFeed dataFeed = CoreConfigFacade.getInstance()
 										.getRemoteConfiguration()
 				    					.getNetwork()
 				    					.getDatafeed()
@@ -357,11 +358,11 @@ public List<ROL> getMissionChangesAndTrackConnectEvent(Federate federate, String
 						break;
 					}
 					case DELETE_DATA_FEED: {
-						if (DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
+						if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
 							MissionFeed deleteMissionFeed = missionService.getMissionFeed(change.getMissionFeedUid());
 							
 							if (deleteMissionFeed != null) {
-								DataFeed dataFeed = DistributedConfiguration.getInstance()
+								DataFeed dataFeed = CoreConfigFacade.getInstance()
 										.getRemoteConfiguration()
 				    					.getNetwork()
 				    					.getDatafeed()
@@ -411,14 +412,32 @@ public List<ROL> getMissionChangesAndTrackConnectEvent(Federate federate, String
 		return rols;
 	}
 	
-	public List<ROL> getDataFeedEventsForFederatedDataFeedOnly() {
-		List<ROL> rols = new CopyOnWriteArrayList<>();
+	public List<ROL> getDataFeedEventsForFederatedDataFeedOnly(Federate federate) {
+		NavigableSet<String> outboundGroups = new ConcurrentSkipListSet<>(federate.getOutboundGroup()
+				.stream()
+				.map(og -> groupManager.getGroup(og, Direction.OUT))
+				.map(og -> og.getName())
+				.collect(Collectors.toSet()));
 		
-		DistributedConfiguration.getInstance()
+		List<ROL> rols = new CopyOnWriteArrayList<>();
+
+		CoreConfigFacade.getInstance()
 				.getRemoteConfiguration()
 				.getNetwork()
 				.getDatafeed()
 				.stream()
+				.filter(datafeed -> {
+					List<String> filterGroups = new ArrayList<>(datafeed.getFiltergroup());
+					if (datafeed.isAnongroup())
+						filterGroups.add(Constants.ANON_GROUP);
+					
+					for (String group: filterGroups) {
+						if (outboundGroups.contains(group))
+							return true;
+					}
+					
+					return false;
+				})
 				.forEach(dataFeed -> {
 					try {
 						
diff --git a/src/takserver-core/src/main/java/tak/server/federation/ProtoBufHelper.java b/src/takserver-core/src/main/java/tak/server/federation/ProtoBufHelper.java
index 0e1400a5..0210693d 100644
--- a/src/takserver-core/src/main/java/tak/server/federation/ProtoBufHelper.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/ProtoBufHelper.java
@@ -169,13 +169,13 @@ public GeoEvent cot2protoBuf(CotEventContainer cot) {
 				}
 
 				List<String> callsignList = (List<String>) cot.getContextValue("explicitBrokeringCallsign");
-				if(callsignList != null) {
+				if (callsignList != null) {
 					for(String s : callsignList) {
 						geoBuilder.addPtpCallsigns(s);
 					}
 				}
 				List<String> uidList = (List<String>) cot.getContextValue("explicitBrokeringUid");
-				if(uidList != null) {
+				if (uidList != null) {
 					for(String s : uidList) {
 						geoBuilder.addPtpUids(s);
 					}
@@ -221,7 +221,7 @@ public CotEventContainer proto2cot(GeoEvent geo) {
 		.addAttribute("hae", Double.toString(geo.getHae()))
 		.addAttribute("ce", Double.toString(geo.getCe()))
 		.addAttribute("le", Double.toString(geo.getLe()));
-		if(!Strings.isNullOrEmpty(geo.getOther())) {
+		if (!Strings.isNullOrEmpty(geo.getOther())) {
 			try {
 				Document otherDoc = DocumentHelper.parseText(geo.getOther());
 				Element detailE = otherDoc.getRootElement();
@@ -233,7 +233,7 @@ public CotEventContainer proto2cot(GeoEvent geo) {
 				detailE.addElement("precisionlocation")
 				.addAttribute("geopointsrc", geo.getPloc())
 				.addAttribute("altsrc", geo.getPalt());
-				if(geo.hasBinary() && geo.getBinary().getType() == BINARY_TYPES.IMAGE &&
+				if (geo.hasBinary() && geo.getBinary().getType() == BINARY_TYPES.IMAGE &&
 						detailE.element("image") != null) {
 					detailE.element("image").setText(
 							Base64.encodeBase64String(geo.getBinary().getData().toByteArray()));
@@ -248,7 +248,7 @@ public CotEventContainer proto2cot(GeoEvent geo) {
 
 		CotEventContainer rval = new CotEventContainer(event);
 
-		if(geo.getPtpCallsignsCount() > 0) {
+		if (geo.getPtpCallsignsCount() > 0) {
 			List<String> l = new LinkedList<String>();
 			for(int i = 0; i < geo.getPtpCallsignsCount(); ++i) {
 				l.add(geo.getPtpCallsigns(i));
@@ -256,7 +256,7 @@ public CotEventContainer proto2cot(GeoEvent geo) {
 			rval.setContextValue("explicitBrokeringCallsign", l);
 		}
 
-		if(geo.getPtpUidsCount() > 0) {
+		if (geo.getPtpUidsCount() > 0) {
 			List<String> l = new LinkedList<String>();
 			for(int i = 0; i < geo.getPtpUidsCount(); ++i) {
 				l.add(geo.getPtpUids(i));
diff --git a/src/takserver-core/src/main/java/tak/server/federation/TakFigClient.java b/src/takserver-core/src/main/java/tak/server/federation/TakFigClient.java
index 0147dd56..db212c54 100644
--- a/src/takserver-core/src/main/java/tak/server/federation/TakFigClient.java
+++ b/src/takserver-core/src/main/java/tak/server/federation/TakFigClient.java
@@ -41,6 +41,27 @@
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.TrustManagerFactory;
 
+import com.bbn.marti.config.Configuration;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.base.Strings;
+import com.google.common.collect.ComparisonChain;
+import com.google.protobuf.ByteString;
+
+import io.grpc.ClientCall;
+import io.grpc.ManagedChannel;
+import io.grpc.Metadata;
+import io.grpc.Status;
+import io.grpc.StatusRuntimeException;
+import io.grpc.netty.GrpcSslContexts;
+import io.grpc.netty.NegotiationType;
+import io.grpc.netty.NettyChannelBuilder;
+import io.grpc.stub.StreamObserver;
+import io.micrometer.core.instrument.Metrics;
+import io.netty.channel.socket.nio.NioSocketChannel;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+
 import org.antlr.v4.runtime.ANTLRInputStream;
 import org.antlr.v4.runtime.BailErrorStrategy;
 import org.antlr.v4.runtime.CommonTokenStream;
@@ -55,7 +76,6 @@
 import com.atakmap.Tak.ClientHealth;
 import com.atakmap.Tak.ContactListEntry;
 import com.atakmap.Tak.FederateGroups;
-import com.atakmap.Tak.FederateHops;
 import com.atakmap.Tak.FederatedChannelGrpc;
 import com.atakmap.Tak.FederatedChannelGrpc.FederatedChannelBlockingStub;
 import com.atakmap.Tak.FederatedChannelGrpc.FederatedChannelStub;
@@ -93,7 +113,6 @@
 import com.bbn.marti.remote.groups.Reachability;
 import com.bbn.marti.remote.groups.User;
 import com.bbn.marti.remote.util.RemoteUtil;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.bbn.marti.service.FederatedSubscriptionManager;
 import com.bbn.marti.service.RepositoryService;
 import com.bbn.marti.service.Resources;
@@ -102,42 +121,27 @@
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.sync.federation.FederationROLHandler;
 import com.bbn.marti.util.MessageConversionUtil;
+import com.bbn.marti.util.MessagingDependencyInjectionProxy;
 import com.bbn.marti.util.VersionBean;
 import com.bbn.marti.util.concurrent.future.AsyncCallback;
 import com.bbn.marti.util.concurrent.future.AsyncFuture;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.bbn.roger.fig.FederationUtils;
 import com.bbn.roger.fig.FigProtocolNegotiator;
 import com.bbn.roger.fig.Propagator;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.base.Strings;
-import com.google.common.collect.ComparisonChain;
-import com.google.protobuf.ByteString;
 
-import io.grpc.ClientCall;
-import io.grpc.ManagedChannel;
-import io.grpc.Metadata;
-import io.grpc.Status;
-import io.grpc.StatusRuntimeException;
-import io.grpc.netty.GrpcSslContexts;
-import io.grpc.netty.NegotiationType;
-import io.grpc.netty.NettyChannelBuilder;
-import io.grpc.stub.StreamObserver;
-import io.micrometer.core.instrument.Metrics;
-import io.netty.channel.socket.nio.NioSocketChannel;
-import io.netty.handler.ssl.SslContext;
-import io.netty.handler.ssl.SslContextBuilder;
-import io.netty.handler.ssl.SslProvider;
 import mil.af.rl.rol.FederationProcessor;
-import mil.af.rl.rol.MissionRolVisitor;
 import mil.af.rl.rol.Resource;
 import mil.af.rl.rol.ResourceOperationParameterEvaluator;
 import mil.af.rl.rol.RolLexer;
 import mil.af.rl.rol.RolParser;
 import mil.af.rl.rol.value.Parameters;
 import mil.af.rl.rol.value.ResourceDetails;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cot.CotEventContainer;
+import tak.server.federation.rol.MissionRolVisitor;
 import tak.server.messaging.Messenger;
 
 /*
@@ -166,7 +170,7 @@ public String toString() {
 		builder.append(", federateSubscription=");
 		builder.append(federateSubscription);
 		builder.append(", config=");
-		builder.append(DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation());
+		builder.append(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation());
 		builder.append(", serverLastHealth=");
 		builder.append(serverLastHealth);
 		builder.append("]");
@@ -226,8 +230,6 @@ public String getClientName() {
 	@Autowired
 	private SubscriptionManager subscriptionManager;
 
-	private DistributedConfiguration coreConfig  = DistributedConfiguration.getInstance();
-
 	@Autowired
 	private GroupFederationUtil groupFederationUtil;
 
@@ -270,7 +272,7 @@ public void start(FederationOutgoing outgoing, ConnectionStatus status) {
 
 		this.outgoingName = outgoing.getDisplayName();
 		this.status = status;
-		Tls figTls = coreConfig.getRemoteConfiguration().getFederation().getFederationServer().getTls();
+		Tls figTls = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getTls();
 
 		// use the client name from the outgoing configuration
 		fedName = outgoing.getDisplayName();
@@ -524,7 +526,7 @@ private void init() {
 				.setIdentity(Identity.newBuilder()
 						.setName(fedName)
 						.setUid(clientUid)
-						.setServerId(DistributedConfiguration.getInstance().getRemoteConfiguration().getNetwork().getServerId())
+						.setServerId(CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getServerId())
 						.setType(Identity.ConnectionType.FEDERATION_TAK_CLIENT)
 						.build()).setVersion(TakServerVersion.newBuilder() // TAK Server 4.3 and higher declares the federation version here. The server uses this information to tailor the federation interaction.
 								.setMajor(versionBean.getVersionInfo().getMajor())
@@ -576,7 +578,7 @@ public void onNext(FederatedEvent fedEvent) {
 				        	}
 				        }
 
-						if (DistributedConfiguration.getInstance().getRemoteConfiguration().getSubmission().isIgnoreStaleMessages()) {
+						if (CoreConfigFacade.getInstance().getRemoteConfiguration().getSubmission().isIgnoreStaleMessages()) {
 							if (MessageConversionUtil.isStale(cot)) {
 								if (logger.isDebugEnabled()) {
 									logger.debug("ignoring stale federated message: " + cot);
@@ -593,7 +595,7 @@ public void onNext(FederatedEvent fedEvent) {
 						// for mission filtering						
 						String feedUuid = (String) cot.getContextValue(Constants.DATA_FEED_UUID_KEY);
 						if (!Strings.isNullOrEmpty(feedUuid)) {
-							if (!DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation())
+							if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation())
 								return;
 							DataFeedFilter.getInstance().filterFederatedDataFeed(cot);
 						}
@@ -611,10 +613,11 @@ public void onNext(FederatedEvent fedEvent) {
 									groups = groupFederationUtil.addFederateGroupMapping(fedManager.getInboundGroupMap(user.getId()),
 											fedEvent.getFederateGroupsList());
 								}
-							}
-
-							// fall back and use the federate subscription
-							if (groups == null || groups.isEmpty()) { // fall back and use the federate subscription
+								
+								if ((groups == null || groups.isEmpty()) && getFederate().isFallbackWhenNoGroupMappings()) {
+									groups = getGroupsForActiveSubscription();
+								}
+							} else  {
 								groups = getGroupsForActiveSubscription();
 							}
 
@@ -656,7 +659,7 @@ public void onNext(FederatedEvent fedEvent) {
 
 						// store for latestSA
 						ConcurrentHashMap<String, RemoteContactWithSA> remoteContacts = federatedSubscriptionManager.getRemoteContactsMapByChannelHandler(figDummyChannelHandler);
-						if(remoteContacts != null && remoteContacts.containsKey(cot.getUid())) {
+						if (remoteContacts != null && remoteContacts.containsKey(cot.getUid())) {
 							remoteContacts.get(cot.getUid()).setLastSA(cot);
 						}
 					} catch (Exception e) {
@@ -683,10 +686,10 @@ public void onNext(FederatedEvent fedEvent) {
 
 					try {
 						ContactListEntry contact = fedEvent.getContact();
-						if(contact.getOperation() == CRUD.DELETE) {
+						if (contact.getOperation() == CRUD.DELETE) {
 							CotEventContainer e = ProtoBufHelper.getInstance().protoBuf2delContact(contact);
 							Collection<com.bbn.marti.service.Subscription> reachable = groupFederationUtil.getReachableSubscriptions(federateSubscription);
-							if(reachable.contains(federateSubscription)) {
+							if (reachable.contains(federateSubscription)) {
 								logger.warn("reachable contained self!");
 								reachable.remove(federateSubscription);
 							}
@@ -740,7 +743,7 @@ public void onCompleted() {
 		final AtomicBoolean initROLStream = new AtomicBoolean(false);
 		
 		// send health check messages according to the configuration
-		if (DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds() > 0) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds() > 0) {
 			Resources.repeaterPool.scheduleWithFixedDelay(new Runnable() {
 				@Override
 				public void run() {
@@ -779,6 +782,8 @@ public void onNext(ServerHealth value) {
 										.setFilter(Strings.isNullOrEmpty(outgoing.getFilter()) ? "" : outgoing.getFilter())
 										.setIdentity(Identity.newBuilder()
 												.setName(fedName)
+												.setServerId(MessagingDependencyInjectionProxy.getInstance().serverInfo().getServerId())
+												.setType(Identity.ConnectionType.FEDERATION_TAK_CLIENT)
 												.setUid(clientUid)
 												.build()).build(), new StreamObserver<ROL>() {
 
@@ -852,17 +857,55 @@ public void onCompleted() {
 									logger.debug("opened client ROL stream");
 								}
 								
+								if (federateId == null) {
+									if (logger.isDebugEnabled()) {
+										logger.debug("can't send mission changes - federate id not set");
+										return;
+									}
+								}
+
+								Federate federate = fedManager().getFederate(federateId);
+
+								if (federate == null) {
+									if (logger.isDebugEnabled()) {
+										logger.debug("can't send mission changes - federate " + federateId + " not found");
+										return;
+									}
+								}
+
+								if (Strings.isNullOrEmpty(federate.getId())) {
+									if (logger.isDebugEnabled()) {
+										logger.debug("can't send federation changes - empty federate id");
+										return;
+									}
+								}
+								
+								
+								Set<String> outGroups = null;
+								if (federate.isFederatedGroupMapping()) {
+									NavigableSet<Group> groups = groupManager.getGroups(federateSubscription.getUser());
+									outGroups = GroupFederationUtil.getInstance().filterFedOutboundGroups(federate.getOutboundGroup(), groups, federate.getId());
+								}
+								
+								final Set<String> fOutGroups = outGroups;
+
 								try {
 									// send out data feeds to federate
-									if (DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
-										List<ROL> feedMessages = mdm.getDataFeedEventsForFederatedDataFeedOnly();
+									if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
+										List<ROL> feedMessages = mdm.getDataFeedEventsForFederatedDataFeedOnly(federate);
 										
-										AtomicLong delayMs = new AtomicLong(100L);										
+										AtomicLong delayMs = new AtomicLong(100L);		
+																				
 										for (final ROL feedMessage : feedMessages) {
 											Resources.scheduledClusterStateExecutor.schedule(() -> {
 												try {
-													rolCall.sendMessage(feedMessage);
-													rolHolder.send(feedMessage);
+													ROL modifiedFeedMessage = feedMessage;
+													if (federate.isFederatedGroupMapping() && fOutGroups != null && fOutGroups.size() > 0) {
+														ROL.Builder changeBuilder = modifiedFeedMessage.toBuilder();
+														changeBuilder.addAllFederateGroups(fOutGroups);
+														modifiedFeedMessage = changeBuilder.build();
+													}
+													rolHolder.send(modifiedFeedMessage);
 												} catch (Exception e) {
 													logger.error("exception federating data feed", e);
 												}
@@ -873,7 +916,7 @@ public void onCompleted() {
 									logger.error("exception federating data feeds", e);
 								}
 
-								if (DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isEnableMissionFederationDisruptionTolerance()) {
+								if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isEnableMissionFederationDisruptionTolerance()) {
 
 									try {
 
@@ -889,29 +932,6 @@ public void onCompleted() {
 											}
 										}
 
-										if (federateId == null) {
-											if (logger.isDebugEnabled()) {
-												logger.debug("can't send mission changes - federate id not set");
-												return;
-											}
-										}
-
-										Federate federate = fedManager().getFederate(federateId);
-
-										if (federate == null) {
-											if (logger.isDebugEnabled()) {
-												logger.debug("can't send mission changes - federate " + federateId + " not found");
-												return;
-											}
-										}
-
-										if (Strings.isNullOrEmpty(federate.getId())) {
-											if (logger.isDebugEnabled()) {
-												logger.debug("can't send federation changes - empty federate id");
-												return;
-											}
-										}
-
 										List<ROL> missionChanges = mdm.getMissionChangesAndTrackConnectEvent(federate, federate.getName(), federateSubscription);
 
 										if (logger.isTraceEnabled()) {
@@ -919,14 +939,6 @@ public void onCompleted() {
 										}
 
 										final AtomicInteger changeCount = new AtomicInteger(0);
-
-										Set<String> outGroups = null;
-										if (federate.isFederatedGroupMapping()) {
-											NavigableSet<Group> groups = groupManager.getGroups(federateSubscription.getUser());
-											outGroups = GroupFederationUtil.getInstance().filterFedOutboundGroups(federate.getOutboundGroup(), groups, federate.getId());
-										}
-
-										final Set<String> fOutGroups = outGroups;
 										
 										final List<ROL> changeMessages = new CopyOnWriteArrayList<>();
 
@@ -935,9 +947,9 @@ public void onCompleted() {
 											if (federate.isFederatedGroupMapping() && fOutGroups != null && fOutGroups.size() > 0) {
 												ROL.Builder changeBuilder = change.toBuilder();
 												changeBuilder.addAllFederateGroups(fOutGroups);
-												changeMessages.add(changeBuilder.build());
+												change = changeBuilder.build();
 											}
-
+											
 											changeMessages.add(change);
 											changeCount.incrementAndGet();
 										});
@@ -982,8 +994,8 @@ public void onCompleted() {
 						}
 					});
 				}
-			}, DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds(),
-					DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds(), TimeUnit.SECONDS);
+			}, CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds(),
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds(), TimeUnit.SECONDS);
 
 			// send health check messages according to the configuration
 			Resources.repeaterPool.scheduleWithFixedDelay(new Runnable() {
@@ -994,8 +1006,8 @@ public void run() {
 						throw new PeriodicUpdateCancellationException("cancelling updates - not running");
 					}
 				}
-			}, DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds(),
-					DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds(), TimeUnit.SECONDS);
+			}, CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds(),
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getHealthCheckIntervalSeconds(), TimeUnit.SECONDS);
 		} else {
 			logger.warn("FIG health check disabled in config (health check interval seconds < 1)");
 		}
@@ -1051,6 +1063,7 @@ public void shutdown() throws InterruptedException {
 	 */
 	private ManagedChannel openFigConnection(final String host, final int port, SslContext sslContext) throws IOException {
 		FederationOutgoing outgoing = fedManager().getOutgoingConnection(outgoingName);
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 		return NettyChannelBuilder.forAddress(host, port)
 				.negotiationType(NegotiationType.TLS)
 				.sslContext(sslContext)
@@ -1124,10 +1137,10 @@ public X509Certificate[] propogate(X509Certificate[] certChain) {
 								federate = new Federate();
 								federate.setId(fingerprint);
 								federate.setName(certName);
-								federate.setFederatedGroupMapping(DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isFederatedGroupMapping());
-								federate.setAutomaticGroupMapping(DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAutomaticGroupMapping());
+								federate.setFederatedGroupMapping(config.getFederation().isFederatedGroupMapping());
+								federate.setAutomaticGroupMapping(config.getFederation().isAutomaticGroupMapping());
 							
-								for (Federation.FederateCA ca : DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().getFederateCA()) {
+								for (Federation.FederateCA ca : config.getFederation().getFederateCA()) {
 			                        if (ca.getFingerprint().compareTo(caFingerprint) == 0) {
 			                            for (String groupname : ca.getInboundGroup()) {
 			                                federate.getInboundGroup().add(groupname);
@@ -1176,7 +1189,7 @@ public X509Certificate[] propogate(X509Certificate[] certChain) {
 								}
 
 								if (!dupeFederates.isEmpty()) {
-									if (!DistributedConfiguration.getInstance().getRemoteConfiguration().getFederation().isAllowDuplicate()) {
+									if (!config.getFederation().isAllowDuplicate()) {
 										for (FederationOutgoing outgoing : outgoings) {
 											fedManager().disableOutgoing(outgoing);
 										}
@@ -1345,6 +1358,8 @@ private void serverFederateGroups() {
 				.setFilter(Strings.isNullOrEmpty(fedManager().getOutgoingConnection(outgoingName).getFilter()) ? "" : fedManager().getOutgoingConnection(outgoingName).getFilter())
 				.setIdentity(Identity.newBuilder()
 						.setName(getClientName())
+						.setServerId(MessagingDependencyInjectionProxy.getInstance().serverInfo().getServerId())
+						.setType(Identity.ConnectionType.FEDERATION_TAK_CLIENT)
 						.setUid(clientUid)
 						.build()).build(), new StreamObserver<FederateGroups>() {
 
@@ -1432,8 +1447,6 @@ public void process(ROL rol) {
 
 			switch (op.toLowerCase()) {
 			case "announce":
-				logger.info("processing 'announce package' ROL command from client.");
-
 				if (logger.isDebugEnabled()) {
 					logger.debug("package details: "  + dt);
 				}
@@ -1454,10 +1467,12 @@ public void process(ROL rol) {
 							groups = groupFederationUtil.addFederateGroupMapping(fedManager.getInboundGroupMap(getFederate().getId()),
 									rol.getFederateGroupsList());
 						}
-					}
-
-					// fall back if no matches on the mapping
-					if (groups == null || groups.isEmpty()) {
+						
+						if ((groups == null || groups.isEmpty()) && getFederate().isFallbackWhenNoGroupMappings()) {
+							NavigableSet<Group> allGroups = groupManager.getGroups(federateSubscription.getUser());
+							groups = groupFederationUtil.filterGroupDirection(Direction.IN, allGroups);
+						}
+					} else {
 						NavigableSet<Group> allGroups = groupManager.getGroups(federateSubscription.getUser());
 						groups = groupFederationUtil.filterGroupDirection(Direction.IN, allGroups);
 					}
@@ -1475,8 +1490,6 @@ public void process(ROL rol) {
 				}
 			break;
 			case "request":
-				logger.info("received 'request package' ROL command from server.");
-
 				if (Strings.isNullOrEmpty(dt.getSha256())) {
 					logger.warn("'request package' ROL from server contains no resource hash - ignoring.");
 					return;
@@ -1510,23 +1523,27 @@ public void process(ROL rol) {
 		}
 
 		private void dispersePackage(ResourceDetails details, byte[] bytes) throws IOException {
+			
+			if (bytes.length > CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFederationServer().getMaxMessageSizeBytes()) {
+				logger.info("File payload size " + bytes.length + " in dispersePackage exceeds the max size! Not sending " + details);
+			} else {
+				String detailsJson = new ObjectMapper().writeValueAsString(details);
 
-			String detailsJson = new ObjectMapper().writeValueAsString(details);
-
-			Builder rol = ROL.newBuilder().setProgram("disperse package\n" + detailsJson + ";");
+				Builder rol = ROL.newBuilder().setProgram("disperse package\n" + detailsJson + ";");
 
-			if (logger.isDebugEnabled()) {
-				logger.debug("bytes to disperse: " + bytes.length);
-			}
+				if (logger.isDebugEnabled()) {
+					logger.debug("bytes to disperse: " + bytes.length);
+				}
 
-			BinaryBlob file = BinaryBlob.newBuilder().setData(ByteString.readFrom(new ByteArrayInputStream(bytes))).build();
+				BinaryBlob file = BinaryBlob.newBuilder().setData(ByteString.readFrom(new ByteArrayInputStream(bytes))).build();
 
-			rol.addPayload(file);
+				rol.addPayload(file);
 
-			if (logger.isDebugEnabled()) {
-				logger.debug("dispersing package to server");
+				if (logger.isDebugEnabled()) {
+					logger.debug("dispersing package to server");
+				}
+				rolHolder.send(rol.build());
 			}
-			rolHolder.send(rol.build());
 		};
 	}
 
@@ -1552,10 +1569,12 @@ public void process(ROL rol) {
 						groups = groupFederationUtil.addFederateGroupMapping(fedManager.getInboundGroupMap(getFederate().getId()),
 								rol.getFederateGroupsList());
 					}
-				}
-
-				// fall back if no matches on the mapping
-				if (groups == null || groups.isEmpty()) {
+					
+					if ((groups == null || groups.isEmpty()) && getFederate().isFallbackWhenNoGroupMappings()) {
+						NavigableSet<Group> allGroups = TakFigClient.this.getGroupsForActiveSubscription();
+						groups = groupFederationUtil.filterGroupDirection(Direction.IN, allGroups);
+					}
+				} else {
 					NavigableSet<Group> allGroups = TakFigClient.this.getGroupsForActiveSubscription();
 					groups = groupFederationUtil.filterGroupDirection(Direction.IN, allGroups);
 				}
diff --git a/src/takserver-core/src/main/java/tak/server/grid/CoreConfigProxyFactoryForAPI.java b/src/takserver-core/src/main/java/tak/server/grid/CoreConfigProxyFactoryForAPI.java
index cb2e0842..3fc82297 100644
--- a/src/takserver-core/src/main/java/tak/server/grid/CoreConfigProxyFactoryForAPI.java
+++ b/src/takserver-core/src/main/java/tak/server/grid/CoreConfigProxyFactoryForAPI.java
@@ -6,10 +6,9 @@
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import com.bbn.cluster.ClusterGroupDefinition;
 import com.bbn.marti.remote.CoreConfig;
 
-import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 public class CoreConfigProxyFactoryForAPI implements FactoryBean<CoreConfig> {
 
@@ -25,7 +24,7 @@ public CoreConfig getObject() throws Exception {
 			logger.debug("get " + getObjectType().getSimpleName() + " from ignite");
 		}
 				
-		return ignite.services(ClusterGroupDefinition.getMessagingClusterDeploymentGroup(ignite)).serviceProxy(Constants.DISTRIBUTED_CONFIGURATION, CoreConfig.class, false);
+		return CoreConfigFacade.getInstance();
 	}
 
 	@Override
diff --git a/src/takserver-core/src/main/java/tak/server/grid/CoreConfigProxyFactoryForMessaging.java b/src/takserver-core/src/main/java/tak/server/grid/CoreConfigProxyFactoryForMessaging.java
index e3640e7e..3bdae636 100644
--- a/src/takserver-core/src/main/java/tak/server/grid/CoreConfigProxyFactoryForMessaging.java
+++ b/src/takserver-core/src/main/java/tak/server/grid/CoreConfigProxyFactoryForMessaging.java
@@ -6,10 +6,9 @@
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import com.bbn.cluster.ClusterGroupDefinition;
 import com.bbn.marti.remote.CoreConfig;
 
-import tak.server.Constants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 
 public class CoreConfigProxyFactoryForMessaging implements FactoryBean<CoreConfig> {
 
@@ -25,7 +24,7 @@ public CoreConfig getObject() throws Exception {
             logger.debug("get " + getObjectType().getSimpleName() + " from ignite");
         }
 
-		CoreConfig coreConfig = ignite.services(ClusterGroupDefinition.getMessagingLocalClusterDeploymentGroup(ignite)).serviceProxy(Constants.DISTRIBUTED_CONFIGURATION, CoreConfig.class, false);
+		CoreConfig coreConfig = CoreConfigFacade.getInstance();
 		if (logger.isDebugEnabled()) {
             logger.debug("CoreConfig proxy is: " + coreConfig);
         }
diff --git a/src/takserver-core/src/main/java/tak/server/messaging/DistributedCotMessenger.java b/src/takserver-core/src/main/java/tak/server/messaging/DistributedCotMessenger.java
index 636eb501..e1d80cf5 100644
--- a/src/takserver-core/src/main/java/tak/server/messaging/DistributedCotMessenger.java
+++ b/src/takserver-core/src/main/java/tak/server/messaging/DistributedCotMessenger.java
@@ -1,16 +1,13 @@
 package tak.server.messaging;
 
 
-import atakmap.commoncommo.protobuf.v1.MessageOuterClass.Message;
-
-import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.config.Configuration;
 import com.bbn.marti.remote.ServerInfo;
 import com.bbn.marti.service.PluginStore;
 import com.bbn.marti.service.SubmissionService;
 import com.bbn.marti.service.SubscriptionStore;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
 
-import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableSet;
 
 import org.apache.ignite.Ignite;
@@ -19,6 +16,7 @@
 import org.slf4j.LoggerFactory;
 
 import tak.server.CommonConstants;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.cot.CotEventContainer;
 
@@ -27,16 +25,16 @@ public class DistributedCotMessenger implements Messenger<CotEventContainer> {
 	private boolean isPlugins = false;
 	private boolean isCluster = false;
 
-	public DistributedCotMessenger(Ignite ignite, SubscriptionStore subscriptionStore, ServerInfo serverInfo, MessageConverter messageConverter, SubmissionService submissionService, CoreConfig config) {
+	public DistributedCotMessenger(Ignite ignite, SubscriptionStore subscriptionStore, ServerInfo serverInfo, MessageConverter messageConverter, SubmissionService submissionService) {
 		this.ignite = ignite;
 		this.subscriptionStore = subscriptionStore;
 		this.serverInfo = serverInfo;
 		this.messageConverter = messageConverter;
 		this.submissionService = submissionService;
-		this.config = config;
-		
-		this.isCluster = config.getRemoteConfiguration().getCluster() != null && config.getRemoteConfiguration().getCluster().isEnabled();
-		this.isPlugins = config.getRemoteConfiguration().getPlugins().isUsePluginMessageQueue();
+
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+		this.isCluster = config.getCluster() != null && config.getCluster().isEnabled();
+		this.isPlugins = config.getPlugins().isUsePluginMessageQueue();
 	}
 	
 	private final Ignite ignite;
@@ -51,9 +49,6 @@ public DistributedCotMessenger(Ignite ignite, SubscriptionStore subscriptionStor
 	
 	private final SubmissionService submissionService;
 	
-	@SuppressWarnings("unused")
-	private final CoreConfig config;
-	
 	private static final Logger logger = LoggerFactory.getLogger(DistributedCotMessenger.class);
 
 	@Override
diff --git a/src/takserver-core/src/main/java/tak/server/messaging/DistributedCotMessengerForApi.java b/src/takserver-core/src/main/java/tak/server/messaging/DistributedCotMessengerForApi.java
index 9c734211..cf8bb456 100644
--- a/src/takserver-core/src/main/java/tak/server/messaging/DistributedCotMessengerForApi.java
+++ b/src/takserver-core/src/main/java/tak/server/messaging/DistributedCotMessengerForApi.java
@@ -1,11 +1,11 @@
 package tak.server.messaging;
 
+import com.bbn.marti.config.Configuration;
 import org.apache.ignite.Ignite;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.bbn.marti.nio.channel.ChannelHandler;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.ServerInfo;
 import com.bbn.marti.remote.groups.ConnectionInfo;
 import com.bbn.marti.service.Subscription;
@@ -15,18 +15,21 @@
 import tak.server.CommonConstants;
 import tak.server.Constants;
 import tak.server.cluster.ClusterManager;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.cot.CotEventContainer;
 
 public class DistributedCotMessengerForApi implements Messenger<CotEventContainer> {
 
-	public DistributedCotMessengerForApi(Ignite ignite, SubscriptionStore subscriptionStore, ServerInfo serverInfo, MessageConverter messageConverter, CoreConfig config) {
+	public DistributedCotMessengerForApi(Ignite ignite, SubscriptionStore subscriptionStore, ServerInfo serverInfo, MessageConverter messageConverter) {
 		this.ignite = ignite;
 		this.subscriptionStore = subscriptionStore;
 		this.serverInfo = serverInfo;
 		this.messageConverter = messageConverter;
-		
-		this.isCluster = config.getRemoteConfiguration().getCluster() != null && config.getRemoteConfiguration().getCluster().isEnabled();
-		this.isPlugins = config.getRemoteConfiguration().getPlugins().isUsePluginMessageQueue();
+
+		Configuration config = CoreConfigFacade.getInstance().getRemoteConfiguration();
+
+		this.isCluster = config.getCluster() != null && config.getCluster().isEnabled();
+		this.isPlugins = config.getPlugins().isUsePluginMessageQueue();
 	}
 
 	private final Ignite ignite;
diff --git a/src/takserver-core/src/main/java/tak/server/messaging/DistributedPluginDataFeedApi.java b/src/takserver-core/src/main/java/tak/server/messaging/DistributedPluginDataFeedApi.java
index 16e07cc7..8f7884f4 100644
--- a/src/takserver-core/src/main/java/tak/server/messaging/DistributedPluginDataFeedApi.java
+++ b/src/takserver-core/src/main/java/tak/server/messaging/DistributedPluginDataFeedApi.java
@@ -1,413 +1,441 @@
 package tak.server.messaging;
 
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.List;
-import java.util.Set;
-
-import org.apache.ignite.services.ServiceContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import com.bbn.marti.config.AuthType;
 import com.bbn.marti.config.DataFeed;
 import com.bbn.marti.network.PluginDataFeedJdbc;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.remote.exception.TakException;
+import com.bbn.marti.remote.groups.ConnectionModifyResult;
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.remote.service.InputManager;
 import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.sync.repository.DataFeedRepository;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
-
+import org.apache.ignite.services.ServiceContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import tak.server.Constants;
 import tak.server.cache.DatafeedCacheHelper;
-import tak.server.feeds.DataFeedDTO;
 import tak.server.feeds.DataFeed.DataFeedType;
+import tak.server.feeds.DataFeedDTO;
 import tak.server.ignite.MessagingIgniteBroker;
 import tak.server.plugins.PluginDataFeed;
 import tak.server.plugins.PluginDataFeedApi;
 import tak.server.plugins.PredicateDataFeed;
 
+import java.util.*;
+
 public class DistributedPluginDataFeedApi implements PluginDataFeedApi, org.apache.ignite.services.Service {
 
-	private static final long serialVersionUID = 2276211741137405196L;
-
-	private static final Logger logger = LoggerFactory.getLogger(DistributedPluginDataFeedApi.class);
-
-	public DistributedPluginDataFeedApi() {
-	}
-
-	private DataFeedRepository dataFeedRepository() {
-		return MessagingDependencyInjectionProxy.getInstance().dataFeedRepository();
-	}
-
-	private PluginDataFeedJdbc pluginDataFeedJdbc() {
-		return MessagingDependencyInjectionProxy.getInstance().pluginDataFeedJdbc();
-	}
-
-	private DatafeedCacheHelper pluginDatafeedCacheHelper() {
-		return MessagingDependencyInjectionProxy.getInstance().pluginDatafeedCacheHelper();
-	}
-
-	private GroupManager groupManager() {
-		return MessagingDependencyInjectionProxy.getInstance().groupManager();
-	}
-
-	private RemoteUtil remoteUtil() {
-		return MessagingDependencyInjectionProxy.getInstance().remoteUtil();
-	}
-
-	@Override
-	public PluginDataFeed create(String uuid, String name, List<String> tags, boolean archive, boolean sync, List<String> groupNames, boolean federated, boolean binaryPayloadWebsocketOnly) {
-
-		try {
-
-			logger.info("Calling create() method in DistributedPluginDataFeedApi, uuid: {}, name: {}, tags: {}, archive: {}, sync: {}, groupNames: {}, federated: {}, binaryPayloadWebsocketOnly: {}", uuid, name, tags, archive, sync, groupNames, federated, binaryPayloadWebsocketOnly);
-
-			DatafeedCacheHelper pluginDatafeedCacheHelper = pluginDatafeedCacheHelper();
-			GroupManager groupManager = groupManager();
-			RemoteUtil remoteUtil = remoteUtil();
-			DataFeedRepository dataFeedRepository = dataFeedRepository();
-
-			if (groupNames.isEmpty()) {
-				groupNames.add(Constants.ANON_GROUP);
-			}
-
-			Set<Group> groups = groupManager.findGroups(groupNames);
-			String groupVector = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
-
-			Long dataFeedId;
-			if (dataFeedRepository.getDataFeedByGroup(name, groupVector).size() > 0) {
-
-				logger.info("Updating datafeed uuid {}", uuid);
-
-				try {
-					// Updating dataFeed in metrics for UI
-					DataFeed dataFeed = new DataFeed();
-					dataFeed.setName(name);
-					dataFeed.setType("Plugin");
-					dataFeed.setUuid(uuid);
-					for (String tag: tags) {
-						dataFeed.getTag().add(tag);
-					}
-					dataFeed.setAuth(AuthType.ANONYMOUS);
-					dataFeed.setPort(0);
-					dataFeed.setProtocol("Plugin");
-					dataFeed.setAuthRequired(false);
-					dataFeed.setGroup("");
-					dataFeed.setIface("");
-					dataFeed.setArchive(archive);
-					dataFeed.setAnongroup(false);
-					dataFeed.setArchiveOnly(false);
-					dataFeed.setCoreVersion(0);
-					dataFeed.setCoreVersion2TlsVersions("");
-					dataFeed.setSync(sync);
-					dataFeed.getFiltergroup().addAll(groupNames);
-					dataFeed.setFederated(federated);
-					dataFeed.setBinaryPayloadWebsocketOnly(binaryPayloadWebsocketOnly);
-
-					MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
-							.modifyInput(name, dataFeed), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
-
-				} catch (Exception e) {
-					logger.warn("Exception updating plugin data feed for UI", e.getMessage());
-				}
-
-				dataFeedId = dataFeedRepository.updateDataFeedWithGroupVector(uuid, name, DataFeedType.Plugin.ordinal(),
-						AuthType.ANONYMOUS.toString(), 0, false, "Plugin",
-						"", "", archive, false, false ,0, "", sync, 3600, groupVector, federated, binaryPayloadWebsocketOnly, null, null, null, null);
-
-				logger.info("Updated datafeed uuid {}, row id", uuid, dataFeedId);
-
-				try {
-					dataFeedRepository.removeAllDataFeedTagsById(dataFeedId);
-					logger.info("Removed old tags for datafeed row id  {}", dataFeedId);
-				}catch(Exception e) {
-					logger.warn("Exception when removing all tags for datafeed row id {}. Reason: {}", dataFeedId, e.getMessage());
-				}
-
-				if (tags.size() > 0) {
-					dataFeedRepository.addDataFeedTags(dataFeedId, tags);
-					logger.info("Added new tags for datafeed row id  {}", dataFeedId);
-				}
-
-				try {
-					dataFeedRepository.removeAllDataFeedFilterGroupsById(dataFeedId);
-					logger.info("Removed old filter groups for datafeed row id  {}", dataFeedId);
-				}catch(Exception e) {
-					logger.warn("Exception when removing all filter groups for datafeed row id {}. Reason: {}", dataFeedId, e.getMessage());
-				}
-
-				if (groupNames.size() > 0) {
-					dataFeedRepository.addDataFeedFilterGroups(dataFeedId, groupNames);
-				}
-
-				// update cache
-				PluginDataFeed re = new PluginDataFeed(uuid, name, tags, archive, sync, groupNames, federated, binaryPayloadWebsocketOnly);
-				List<PluginDataFeed> pluginDataFeeds = new ArrayList<PluginDataFeed>();
-				pluginDataFeeds.add(re);
-				pluginDatafeedCacheHelper.cachePluginDatafeed(uuid, pluginDataFeeds);
-
-				pluginDatafeedCacheHelper.invalidate(DatafeedCacheHelper.ALL_PLUGIN_DATAFEED_KEY);
-
-				return re;
-
-			} else {
-
-				logger.info("Adding datafeed uuid {}", uuid);
-
-				try {
-					// Add dataFeed to metrics for UI
-					DataFeed dataFeed = new DataFeed();
-					dataFeed.setName(name);
-					dataFeed.setType("Plugin");
-					dataFeed.setUuid(uuid);
-					for (String tag: tags) {
-						dataFeed.getTag().add(tag);
-					}
-					dataFeed.setAuth(AuthType.ANONYMOUS);
-					dataFeed.setPort(0);
-					dataFeed.setProtocol("Plugin");
-					dataFeed.setAuthRequired(false);
-					dataFeed.setGroup("");
-					dataFeed.setIface("");
-					dataFeed.setArchive(archive);
-					dataFeed.setAnongroup(false);
-					dataFeed.setArchiveOnly(false);
-					dataFeed.setCoreVersion(0);
-					dataFeed.setCoreVersion2TlsVersions("");
-					dataFeed.setSync(sync);
-					dataFeed.getFiltergroup().addAll(groupNames);
-					dataFeed.setFederated(federated);
-					dataFeed.setBinaryPayloadWebsocketOnly(binaryPayloadWebsocketOnly);
-
-					MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
-							.createDataFeed(dataFeed), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
-
-				} catch (Exception e) {
-					logger.warn("Exception adding plugin data feed for UI", e.getMessage());
-				}
-
-				dataFeedId = dataFeedRepository.addDataFeed(uuid, name, DataFeedType.Plugin.ordinal(),
-						AuthType.ANONYMOUS.toString(), 0, false, "Plugin",
-						"", "", archive, false, false ,0, "", sync, 3600, groupVector, federated, binaryPayloadWebsocketOnly, null, null, null, null);
-
-				logger.info("Added datafeed uuid {}, row id", uuid, dataFeedId);
-
-				try {
-					dataFeedRepository.removeAllDataFeedTagsById(dataFeedId);
-					logger.info("Removed old tags for datafeed row id  {}", dataFeedId);
-				}catch(Exception e) {
-					logger.warn("Exception when removing all tags for datafeed row id {}. Reason: {}", dataFeedId, e.getMessage());
-				}
-
-				if (tags.size() > 0) {
-					dataFeedRepository.addDataFeedTags(dataFeedId, tags);
-					logger.info("Added new tags for datafeed row id  {}", dataFeedId);
-				}
-
-				try {
-					dataFeedRepository.removeAllDataFeedFilterGroupsById(dataFeedId);
-					logger.info("Removed old filter groups for datafeed row id  {}", dataFeedId);
-				}catch(Exception e) {
-					logger.warn("Exception when removing all filter groups for datafeed row id {}. Reason: {}", dataFeedId, e.getMessage());
-				}
-
-				if (groupNames.size() > 0) {
-					dataFeedRepository.addDataFeedFilterGroups(dataFeedId, groupNames);
-				}
-
-				// update cache
-				PluginDataFeed re = new PluginDataFeed(uuid, name, tags, archive, sync, groupNames, federated, binaryPayloadWebsocketOnly);
-				List<PluginDataFeed> pluginDataFeeds = new ArrayList<PluginDataFeed>();
-				pluginDataFeeds.add(re);
-				pluginDatafeedCacheHelper.cachePluginDatafeed(uuid, pluginDataFeeds);
-
-				pluginDatafeedCacheHelper.invalidate(DatafeedCacheHelper.ALL_PLUGIN_DATAFEED_KEY);
-
-				return re;
-			}
-
-		} catch (TakException e) {
-			if (logger.isDebugEnabled()) {
-				logger.error("TakException in create", e);
-			}
-			throw e;
-		} catch (Exception e) {
-			logger.error("exception in create", e);
-			throw e;
-		}
-	}
-	
-	@Override
-	public PluginDataFeed create(String uuid, String name, List<String> tags, boolean archive, boolean sync, List<String> groupNames, boolean federated) {
-		
-		return create(uuid, name, tags, archive, sync, groupNames, federated, false);
-
-	}
-	
-	@Override
-	public PluginDataFeed create(String uuid, String name, List<String> tags, boolean archive, boolean sync, List<String> groupNames) {
-		
-		return create(uuid, name, tags, archive, sync, groupNames, true);
-	
-	}
-
-	@Override
-	public PluginDataFeed create(String uuid, String name, List<String> tags, boolean archive, boolean sync) {
-
-		return create(uuid, name, tags, archive, sync, Arrays.asList(Constants.ANON_GROUP), true);
-
-	}
-
-	@Override
-	public PluginDataFeed create(String uuid, String name, List<String> tags) {
-
-		return create(uuid, name, tags, true, false);
-
-	}	
-	
-	@Override
-	public void delete(String uuid, List<String> groupNames) {
-
-		try {
-			DatafeedCacheHelper pluginDatafeedCacheHelper = pluginDatafeedCacheHelper();
-			GroupManager groupManager = groupManager();
-			RemoteUtil remoteUtil = remoteUtil();
-
-			logger.info("Calling delete method in DistributedPluginDataFeedApi, uuid: {}, groupNames: {}", uuid, groupNames);
-
-			DataFeedRepository dataFeedRepository = dataFeedRepository();
-			Set<Group> groups = groupManager.findGroups(groupNames);
-			String groupVector = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
-
-
-			List<DataFeedDTO> dataFeedDaos = dataFeedRepository.getDataFeedByUUID(uuid);
-
-			if (dataFeedDaos.size() == 0) {
-				logger.warn("There is no datafeed with uuid {} to delete", uuid);
-				return;
-			}
-
-			if (dataFeedDaos.size() > 1) {
-				logger.warn("There are {} datafeeds with uuid {}", dataFeedDaos.size(), uuid);
-				return;
-			}
-
-
-			try {
-				MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((InputManager) service).deleteDataFeed(dataFeedDaos.get(0).getName()),
-						Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
-
-			} catch (Exception e) {
-				logger.error("Exception deleting data feed from config file.", e);
-			}
-
-			for (DataFeedDTO dataFeedDao : dataFeedDaos) {
-
-				logger.info("Removing all tags for datafeed row id {}", dataFeedDao.getId());
-				try {
-					dataFeedRepository.removeAllDataFeedTagsById(dataFeedDao.getId());
-					logger.info("Removed all tags for datafeed row id  {}", dataFeedDao.getId());
-				} catch (Exception e) {
-					logger.warn("Exception when removing all tags for datafeed row id {}. Reason: {}", dataFeedDao.getId(), e.getMessage());
-				}
-
-				try {
-					dataFeedRepository.removeAllDataFeedFilterGroupsById(dataFeedDao.getId());
-					logger.info("Removed all filter groups for datafeed row id  {}", dataFeedDao.getId());
-				} catch (Exception e) {
-					logger.warn("Exception when removing all filter groups for datafeed row id {}. Reason: {}", dataFeedDao.getId(), e.getMessage());
-				}
-
-				logger.info("Deleting datafeed row id {}", dataFeedDao.getId());
-				dataFeedRepository.deleteDataFeedById(dataFeedDao.getId(), groupVector);
-				logger.info("Deleted datafeed row id {}", dataFeedDao.getId());
-			}
-
-			// update cache
-			pluginDatafeedCacheHelper.cachePluginDatafeed(uuid, new ArrayList<PluginDataFeed>());
-
-			pluginDatafeedCacheHelper.invalidate(DatafeedCacheHelper.ALL_PLUGIN_DATAFEED_KEY);
-
-		} catch (TakException e) {
-			if (logger.isDebugEnabled()) {
-				logger.error("TakException in delete", e);
-			}
-			throw e;
-		} catch (Exception e) {
-			logger.error("exception in delete", e);
-			throw e;
-		}
-	}
+    private static final long serialVersionUID = 2276211741137405196L;
+
+    private static final Logger logger = LoggerFactory.getLogger(DistributedPluginDataFeedApi.class);
+
+    public DistributedPluginDataFeedApi() {
+    }
+
+    private DataFeedRepository dataFeedRepository() {
+        return MessagingDependencyInjectionProxy.getInstance().dataFeedRepository();
+    }
+
+    private PluginDataFeedJdbc pluginDataFeedJdbc() {
+        return MessagingDependencyInjectionProxy.getInstance().pluginDataFeedJdbc();
+    }
+
+    private DatafeedCacheHelper pluginDatafeedCacheHelper() {
+        return MessagingDependencyInjectionProxy.getInstance().pluginDatafeedCacheHelper();
+    }
+
+    private GroupManager groupManager() {
+        return MessagingDependencyInjectionProxy.getInstance().groupManager();
+    }
+
+    private RemoteUtil remoteUtil() {
+        return MessagingDependencyInjectionProxy.getInstance().remoteUtil();
+    }
+
+    @Override
+    public PluginDataFeed create(String uuid, String name, List<String> tags, boolean archive, boolean sync, List<String> groupNames, boolean federated, boolean binaryPayloadWebsocketOnly) {
+
+        try {
+
+            logger.info("Calling create() method in DistributedPluginDataFeedApi, uuid: {}, name: {}, tags: {}, archive: {}, sync: {}, groupNames: {}, federated: {}, binaryPayloadWebsocketOnly: {}", uuid, name, tags, archive, sync, groupNames, federated, binaryPayloadWebsocketOnly);
+
+            DatafeedCacheHelper pluginDatafeedCacheHelper = pluginDatafeedCacheHelper();
+            GroupManager groupManager = groupManager();
+            RemoteUtil remoteUtil = remoteUtil();
+            DataFeedRepository dataFeedRepository = dataFeedRepository();
+
+            if (groupNames.isEmpty()) {
+                groupNames.add(Constants.ANON_GROUP);
+            }
+
+            Set<Group> groups = groupManager.findGroups(groupNames);
+            String groupVector = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
+
+            Long dataFeedId;
+            if (dataFeedRepository.getDataFeedByGroup(name, groupVector).size() > 0) {
+
+                logger.info("Updating datafeed uuid {}", uuid);
+
+                try {
+                    // Updating dataFeed in metrics for UI
+                    DataFeed dataFeed = new DataFeed();
+                    dataFeed.setName(name);
+                    dataFeed.setType("Plugin");
+                    dataFeed.setUuid(uuid);
+                    for (String tag : tags) {
+                        dataFeed.getTag().add(tag);
+                    }
+                    dataFeed.setAuth(AuthType.ANONYMOUS);
+                    dataFeed.setPort(0);
+                    dataFeed.setProtocol("Plugin");
+                    dataFeed.setAuthRequired(false);
+                    dataFeed.setGroup("");
+                    dataFeed.setIface("");
+                    dataFeed.setArchive(archive);
+                    dataFeed.setAnongroup(false);
+                    dataFeed.setArchiveOnly(false);
+                    dataFeed.setCoreVersion(0);
+                    dataFeed.setCoreVersion2TlsVersions("");
+                    dataFeed.setSync(sync);
+                    dataFeed.getFiltergroup().addAll(groupNames);
+                    dataFeed.setFederated(federated);
+                    dataFeed.setBinaryPayloadWebsocketOnly(binaryPayloadWebsocketOnly);
+
+                    // If changes are saved during activation of the change the nodes can hit a situation where
+                    // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+                    // the update which can lead to state consistency issues
+                    if (CoreConfigFacade.getInstance().isCluster()) {
+                        ConnectionModifyResult updateResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                            .modifyInput(name, dataFeed, false), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+
+                        if (updateResult.getHttpStatusCode() == ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
+                            updateResult = CoreConfigFacade.getInstance().updateInputGroupsNoSave(name, dataFeed.getFiltergroup().toArray(new String[dataFeed.getFiltergroup().size()]));
+                            if (updateResult.getHttpStatusCode() == ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
+                                CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
+                            }
+                        }
+                    } else {
+                        MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                            .modifyInput(name, dataFeed, true), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                    }
+
+                } catch (Exception e) {
+                    logger.warn("Exception updating plugin data feed for UI", e.getMessage());
+                }
+
+                dataFeedId = dataFeedRepository.updateDataFeedWithGroupVector(uuid, name, DataFeedType.Plugin.ordinal(),
+                    AuthType.ANONYMOUS.toString(), 0, false, "Plugin",
+                    "", "", archive, false, false, 0, "", sync, 3600, groupVector, federated, binaryPayloadWebsocketOnly, null, null, null, null);
+
+                logger.info("Updated datafeed uuid {}, row id", uuid, dataFeedId);
+
+                try {
+                    dataFeedRepository.removeAllDataFeedTagsById(dataFeedId);
+                    logger.info("Removed old tags for datafeed row id  {}", dataFeedId);
+                } catch (Exception e) {
+                    logger.warn("Exception when removing all tags for datafeed row id {}. Reason: {}", dataFeedId, e.getMessage());
+                }
+
+                if (tags.size() > 0) {
+                    dataFeedRepository.addDataFeedTags(dataFeedId, tags.toArray(String[]::new));
+                    logger.info("Added new tags for datafeed row id  {}", dataFeedId);
+                }
+
+                try {
+                    dataFeedRepository.removeAllDataFeedFilterGroupsById(dataFeedId);
+                    logger.info("Removed old filter groups for datafeed row id  {}", dataFeedId);
+                } catch (Exception e) {
+                    logger.warn("Exception when removing all filter groups for datafeed row id {}. Reason: {}", dataFeedId, e.getMessage());
+                }
+
+                if (groupNames.size() > 0) {
+                    dataFeedRepository.addDataFeedFilterGroups(dataFeedId, groupNames.toArray(String[]::new));
+                }
+
+                // update cache
+                PluginDataFeed re = new PluginDataFeed(uuid, name, tags, archive, sync, groupNames, federated, binaryPayloadWebsocketOnly);
+                List<PluginDataFeed> pluginDataFeeds = new ArrayList<PluginDataFeed>();
+                pluginDataFeeds.add(re);
+                pluginDatafeedCacheHelper.cachePluginDatafeed(uuid, pluginDataFeeds);
+
+                pluginDatafeedCacheHelper.invalidate(DatafeedCacheHelper.ALL_PLUGIN_DATAFEED_KEY);
+
+                return re;
+
+            } else {
+
+                logger.info("Adding datafeed uuid {}", uuid);
+
+                try {
+                    // Add dataFeed to metrics for UI
+                    DataFeed dataFeed = new DataFeed();
+                    dataFeed.setName(name);
+                    dataFeed.setType("Plugin");
+                    dataFeed.setUuid(uuid);
+                    for (String tag : tags) {
+                        dataFeed.getTag().add(tag);
+                    }
+                    dataFeed.setAuth(AuthType.ANONYMOUS);
+                    dataFeed.setPort(0);
+                    dataFeed.setProtocol("Plugin");
+                    dataFeed.setAuthRequired(false);
+                    dataFeed.setGroup("");
+                    dataFeed.setIface("");
+                    dataFeed.setArchive(archive);
+                    dataFeed.setAnongroup(false);
+                    dataFeed.setArchiveOnly(false);
+                    dataFeed.setCoreVersion(0);
+                    dataFeed.setCoreVersion2TlsVersions("");
+                    dataFeed.setSync(sync);
+                    dataFeed.getFiltergroup().addAll(groupNames);
+                    dataFeed.setFederated(federated);
+                    dataFeed.setBinaryPayloadWebsocketOnly(binaryPayloadWebsocketOnly);
+
+                    // If changes are saved during activation of the change the nodes can hit a situation where
+                    // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+                    // the update which can lead to state consistency issues
+                    if (CoreConfigFacade.getInstance().isCluster()) {
+                        MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                            .createDataFeed(dataFeed, false), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                        CoreConfigFacade.getInstance().addInputAndSave(dataFeed);
+                    } else {
+                        MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                            .createDataFeed(dataFeed, true), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                    }
+
+                } catch (Exception e) {
+                    logger.warn("Exception adding plugin data feed for UI", e.getMessage());
+                }
+
+                dataFeedId = dataFeedRepository.addDataFeed(uuid, name, DataFeedType.Plugin.ordinal(),
+                    AuthType.ANONYMOUS.toString(), 0, false, "Plugin",
+                    "", "", archive, false, false, 0, "", sync, 3600, groupVector, federated, binaryPayloadWebsocketOnly, null, null, null, null);
+
+                logger.info("Added datafeed uuid {}, row id", uuid, dataFeedId);
+
+                try {
+                    dataFeedRepository.removeAllDataFeedTagsById(dataFeedId);
+                    logger.info("Removed old tags for datafeed row id  {}", dataFeedId);
+                } catch (Exception e) {
+                    logger.warn("Exception when removing all tags for datafeed row id {}. Reason: {}", dataFeedId, e.getMessage());
+                }
+
+                if (tags.size() > 0) {
+                    dataFeedRepository.addDataFeedTags(dataFeedId, tags.toArray(String[]::new));
+                    logger.info("Added new tags for datafeed row id  {}", dataFeedId);
+                }
+
+                try {
+                    dataFeedRepository.removeAllDataFeedFilterGroupsById(dataFeedId);
+                    logger.info("Removed old filter groups for datafeed row id  {}", dataFeedId);
+                } catch (Exception e) {
+                    logger.warn("Exception when removing all filter groups for datafeed row id {}. Reason: {}", dataFeedId, e.getMessage());
+                }
+
+                if (groupNames.size() > 0) {
+                    dataFeedRepository.addDataFeedFilterGroups(dataFeedId, groupNames.toArray(String[]::new));
+                }
+
+                // update cache
+                PluginDataFeed re = new PluginDataFeed(uuid, name, tags, archive, sync, groupNames, federated, binaryPayloadWebsocketOnly);
+                List<PluginDataFeed> pluginDataFeeds = new ArrayList<PluginDataFeed>();
+                pluginDataFeeds.add(re);
+                pluginDatafeedCacheHelper.cachePluginDatafeed(uuid, pluginDataFeeds);
+
+                pluginDatafeedCacheHelper.invalidate(DatafeedCacheHelper.ALL_PLUGIN_DATAFEED_KEY);
+
+                return re;
+            }
+
+        } catch (TakException e) {
+            if (logger.isDebugEnabled()) {
+                logger.error("TakException in create", e);
+            }
+            throw e;
+        } catch (Exception e) {
+            logger.error("exception in create", e);
+            throw e;
+        }
+    }
+
+    @Override
+    public PluginDataFeed create(String uuid, String name, List<String> tags, boolean archive, boolean sync, List<String> groupNames, boolean federated) {
+
+        return create(uuid, name, tags, archive, sync, groupNames, federated, false);
+
+    }
+
+    @Override
+    public PluginDataFeed create(String uuid, String name, List<String> tags, boolean archive, boolean sync, List<String> groupNames) {
+
+        return create(uuid, name, tags, archive, sync, groupNames, true);
+
+    }
+
+    @Override
+    public PluginDataFeed create(String uuid, String name, List<String> tags, boolean archive, boolean sync) {
+
+        return create(uuid, name, tags, archive, sync, Arrays.asList(Constants.ANON_GROUP), true);
+
+    }
+
+    @Override
+    public PluginDataFeed create(String uuid, String name, List<String> tags) {
+
+        return create(uuid, name, tags, true, false);
+
+    }
+
+    @Override
+    public void delete(String uuid, List<String> groupNames) {
+
+        try {
+            DatafeedCacheHelper pluginDatafeedCacheHelper = pluginDatafeedCacheHelper();
+            GroupManager groupManager = groupManager();
+            RemoteUtil remoteUtil = remoteUtil();
+
+            logger.info("Calling delete method in DistributedPluginDataFeedApi, uuid: {}, groupNames: {}", uuid, groupNames);
+
+            DataFeedRepository dataFeedRepository = dataFeedRepository();
+            Set<Group> groups = groupManager.findGroups(groupNames);
+            String groupVector = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
+
+
+            List<DataFeedDTO> dataFeedDaos = dataFeedRepository.getDataFeedByUUID(uuid);
+
+            if (dataFeedDaos.size() == 0) {
+                logger.warn("There is no datafeed with uuid {} to delete", uuid);
+                return;
+            }
+
+            if (dataFeedDaos.size() > 1) {
+                logger.warn("There are {} datafeeds with uuid {}", dataFeedDaos.size(), uuid);
+                return;
+            }
+
+
+            try {
+                // If changes are saved during activation of the change the nodes can hit a situation where
+                // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+                // the update which can lead to state consistency issues
+                if (CoreConfigFacade.getInstance().isCluster()) {
+                    MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((InputManager) service).deleteDataFeed(dataFeedDaos.get(0).getName(), false),
+                        Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                } else {
+                    MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((InputManager) service).deleteDataFeed(dataFeedDaos.get(0).getName(), true),
+                        Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                }
+
+            } catch (Exception e) {
+                logger.error("Exception deleting data feed from config file.", e);
+            }
+
+            for (DataFeedDTO dataFeedDao : dataFeedDaos) {
 
-	@Override
-	public Collection<PluginDataFeed> getAllPluginDataFeeds() {
+                logger.info("Removing all tags for datafeed row id {}", dataFeedDao.getId());
+                try {
+                    dataFeedRepository.removeAllDataFeedTagsById(dataFeedDao.getId());
+                    logger.info("Removed all tags for datafeed row id  {}", dataFeedDao.getId());
+                } catch (Exception e) {
+                    logger.warn("Exception when removing all tags for datafeed row id {}. Reason: {}", dataFeedDao.getId(), e.getMessage());
+                }
 
-		try {
+                try {
+                    dataFeedRepository.removeAllDataFeedFilterGroupsById(dataFeedDao.getId());
+                    logger.info("Removed all filter groups for datafeed row id  {}", dataFeedDao.getId());
+                } catch (Exception e) {
+                    logger.warn("Exception when removing all filter groups for datafeed row id {}. Reason: {}", dataFeedDao.getId(), e.getMessage());
+                }
 
-			DatafeedCacheHelper pluginDatafeedCacheHelper = pluginDatafeedCacheHelper();
+                logger.info("Deleting datafeed row id {}", dataFeedDao.getId());
+                dataFeedRepository.deleteDataFeedById(dataFeedDao.getId(), groupVector);
+                logger.info("Deleted datafeed row id {}", dataFeedDao.getId());
+            }
 
-			List<PluginDataFeed> allPluginDatafeeds = pluginDatafeedCacheHelper.getAllPluginDatafeeds();
+            // update cache
+            pluginDatafeedCacheHelper.cachePluginDatafeed(uuid, new ArrayList<PluginDataFeed>());
 
-			if (allPluginDatafeeds == null) { // not in cache
+            pluginDatafeedCacheHelper.invalidate(DatafeedCacheHelper.ALL_PLUGIN_DATAFEED_KEY);
 
-				if (logger.isDebugEnabled()) {
-					logger.debug("Result not in cache");
-				}
+        } catch (TakException e) {
+            if (logger.isDebugEnabled()) {
+                logger.error("TakException in delete", e);
+            }
+            throw e;
+        } catch (Exception e) {
+            logger.error("exception in delete", e);
+            throw e;
+        }
+    }
 
-				allPluginDatafeeds = pluginDataFeedJdbc().getPluginDataFeeds();
+    @Override
+    public Collection<PluginDataFeed> getAllPluginDataFeeds() {
 
-				// cache the result
-				pluginDatafeedCacheHelper.cacheAllPluginDatafeeds(allPluginDatafeeds);
-			} else {
+        try {
 
-				if (logger.isDebugEnabled()) {
-					logger.debug("Get result from cache");
-				}
-			}
-
-			return allPluginDatafeeds;
-
-		} catch (TakException e) {
-			if (logger.isDebugEnabled()) {
-				logger.error("TakException in getAllPluginDataFeeds", e);
-			}
-			throw e;
-		} catch (Exception e) {
-			logger.error("exception in getAllPluginDataFeeds", e);
-			throw e;
-		}
-	}
+            DatafeedCacheHelper pluginDatafeedCacheHelper = pluginDatafeedCacheHelper();
 
+            List<PluginDataFeed> allPluginDatafeeds = pluginDatafeedCacheHelper.getAllPluginDatafeeds();
 
-	@Override
-	public void cancel(ServiceContext ctx) {
-		if (logger.isDebugEnabled()) {
-			logger.debug(getClass().getSimpleName() + " service cancelled");
-		}
-	}
-
-	@Override
-	public void init(ServiceContext ctx) throws Exception {
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("init method " + getClass().getSimpleName());
-		}
-	}
-
-	@Override
-	public void execute(ServiceContext ctx) throws Exception {
-		if (logger.isDebugEnabled()) {
-			logger.debug("execute method " + getClass().getSimpleName());
-		}
-	}
-
-	@Override
-	public PredicateDataFeed createPredicateFeed(String uuid, String name, List<String> tags) {
-		return new PredicateDataFeed();
-	}
+            if (allPluginDatafeeds == null) { // not in cache
+
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Result not in cache");
+                }
+
+                allPluginDatafeeds = pluginDataFeedJdbc().getPluginDataFeeds();
+
+                // cache the result
+                pluginDatafeedCacheHelper.cacheAllPluginDatafeeds(allPluginDatafeeds);
+            } else {
+
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Get result from cache");
+                }
+            }
+
+            return allPluginDatafeeds;
+
+        } catch (TakException e) {
+            if (logger.isDebugEnabled()) {
+                logger.error("TakException in getAllPluginDataFeeds", e);
+            }
+            throw e;
+        } catch (Exception e) {
+            logger.error("exception in getAllPluginDataFeeds", e);
+            throw e;
+        }
+    }
+
+
+    @Override
+    public void cancel(ServiceContext ctx) {
+        if (logger.isDebugEnabled()) {
+            logger.debug(getClass().getSimpleName() + " service cancelled");
+        }
+    }
+
+    @Override
+    public void init(ServiceContext ctx) throws Exception {
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("init method " + getClass().getSimpleName());
+        }
+    }
+
+    @Override
+    public void execute(ServiceContext ctx) throws Exception {
+        if (logger.isDebugEnabled()) {
+            logger.debug("execute method " + getClass().getSimpleName());
+        }
+    }
+
+    @Override
+    public PredicateDataFeed createPredicateFeed(String uuid, String name, List<String> tags) {
+        return new PredicateDataFeed();
+    }
 
 }
diff --git a/src/takserver-core/src/main/java/tak/server/profile/DistributedServerInfo.java b/src/takserver-core/src/main/java/tak/server/profile/DistributedServerInfo.java
index 31334905..91e08dba 100644
--- a/src/takserver-core/src/main/java/tak/server/profile/DistributedServerInfo.java
+++ b/src/takserver-core/src/main/java/tak/server/profile/DistributedServerInfo.java
@@ -8,14 +8,12 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.bbn.cluster.ClusterGroupDefinition;
 import com.bbn.marti.config.Cluster;
 import com.bbn.marti.config.Configuration;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.ServerInfo;
-import com.bbn.marti.service.DistributedConfiguration;
 import com.google.common.base.Strings;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import tak.server.Constants;
 import tak.server.ignite.IgniteHolder;
 
@@ -34,18 +32,14 @@ public final class DistributedServerInfo implements ServerInfo, Service {
 
 	private boolean isCluster = false;
 
-	public DistributedServerInfo(Ignite ignite, CoreConfig config) {
+	public DistributedServerInfo(Ignite ignite) {
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("DistributedServerInfo contructor " + System.identityHashCode(this));
 		}
 
-		this.config = DistributedConfiguration.getInstance();
 	}
 
-	private CoreConfig config;
-
-
 	@Override
 	public void cancel(ServiceContext ctx) {
 		if (logger.isDebugEnabled()) {
@@ -74,7 +68,7 @@ public String getServerId() {
 				if (serverId == null) {
 					try {
 
-						Configuration conf = config.getRemoteConfiguration();
+						Configuration conf = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
 						String id = conf.getNetwork().getServerId();
 
@@ -112,8 +106,8 @@ private String generateServerId() {
 		String id = UUID.randomUUID().toString().replace("-", "");
 
 		try {
-			config.getRemoteConfiguration().getNetwork().setServerId(id);
-			config.saveChangesAndUpdateCache();
+			CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().setServerId(id);
+			CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
 
 		} catch (Exception e) {
 			logger.warn("execption saving server ID to configuration", e);
@@ -138,19 +132,19 @@ public String getTakMessageTopic() {
 
 	@Override
 	public boolean isCluster() {
-		Cluster cluster = config.getRemoteConfiguration().getCluster();
+		Cluster cluster = CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster();
 		return cluster == null ? false : cluster.isEnabled(); 
 	}
 
 	@Override
 	public String getNatsURL() {
-		Cluster cluster = config.getRemoteConfiguration().getCluster();
+		Cluster cluster = CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster();
 		return cluster == null ? "" : cluster.getNatsURL(); 
 	}
 
 	@Override
 	public String getNatsClusterId() {
-		Cluster cluster = config.getRemoteConfiguration().getCluster();
-		return cluster == null ? "" : cluster.getNatsClusterID(); 
+		Cluster cluster = CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster();
+		return cluster == null ? "" : cluster.getNatsClusterID();
 	}
 }
diff --git a/src/takserver-core/src/main/java/tak/server/qos/MessageBaseStrategy.java b/src/takserver-core/src/main/java/tak/server/qos/MessageBaseStrategy.java
index a5adbeea..cd3cb1b5 100644
--- a/src/takserver-core/src/main/java/tak/server/qos/MessageBaseStrategy.java
+++ b/src/takserver-core/src/main/java/tak/server/qos/MessageBaseStrategy.java
@@ -27,9 +27,6 @@
 //import com.google.common.cache.CacheBuilder;
 
 public abstract class MessageBaseStrategy<T> implements MessageStrategy<T> {
-	
-	@Autowired
-	protected CoreConfig config;
 
 	private Cache<String, Long> cache;
 
@@ -80,7 +77,7 @@ protected Cache<String, Long> cache(boolean refresh) {
 
 	@Override
 	public String toString() {
-		return "MessageBaseStrategy [config=" + config + ", cache=" + cache + ", maxCacheSize=" + maxCacheSize + "]";
+		return "MessageBaseStrategy [cache=" + cache + ", maxCacheSize=" + maxCacheSize + "]";
 	}
 	
 	@EventListener
diff --git a/src/takserver-core/src/main/java/tak/server/qos/MessageDOSStrategy.java b/src/takserver-core/src/main/java/tak/server/qos/MessageDOSStrategy.java
index 9ffed0ad..03365d67 100644
--- a/src/takserver-core/src/main/java/tak/server/qos/MessageDOSStrategy.java
+++ b/src/takserver-core/src/main/java/tak/server/qos/MessageDOSStrategy.java
@@ -5,6 +5,8 @@
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicInteger;
 
+import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.log4j.Logger;
 import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.context.event.EventListener;
@@ -34,7 +36,9 @@ public class MessageDOSStrategy extends MessageBaseStrategy<CotEventContainer> {
 	private void init() {
 		currentRateLimit = Metrics.gauge(Constants.METRIC_DOS_ACTIVE_RATE_LIMIT, new AtomicInteger(-1)); // default to no rate limit
 		currentThreshold = Metrics.gauge(Constants.METRIC_DOS_ACTIVE_RATE_LIMIT_THRESHOLD, new AtomicInteger(-1)); // default to no rate limit threshold
-		
+
+		CoreConfig config = CoreConfigFacade.getInstance();
+
 		maxRate = config.getRemoteConfiguration().getFilter().getQos().getDosRateLimiter().getIntervalSeconds();
 		
 		// should be small enough for reads that we dont need a limit
diff --git a/src/takserver-core/src/main/java/tak/server/qos/MessageDeliveryStrategy.java b/src/takserver-core/src/main/java/tak/server/qos/MessageDeliveryStrategy.java
index 61d9aedb..1ad44c74 100644
--- a/src/takserver-core/src/main/java/tak/server/qos/MessageDeliveryStrategy.java
+++ b/src/takserver-core/src/main/java/tak/server/qos/MessageDeliveryStrategy.java
@@ -8,6 +8,8 @@
 import java.util.concurrent.RejectedExecutionException;
 import java.util.concurrent.atomic.AtomicInteger;
 
+import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.event.ContextRefreshedEvent;
@@ -47,6 +49,8 @@ private void init() {
 		currentThreshold = Metrics.gauge(Constants.METRIC_WRITE_ACTIVE_RATE_LIMIT_THRESHOLD, new AtomicInteger(-1)); // default to no rate limit threshold
 
 		// TODO make this adaptive based on memory size
+		CoreConfig config = CoreConfigFacade.getInstance();
+
 		maxCacheSize = config.getRemoteConfiguration().getBuffer().getQueue().getMessageTimestampCacheSizeItems();
 		
 		if (config.getRemoteConfiguration().getFilter() == null) {
@@ -94,7 +98,7 @@ private void refreshQosDelivery() {
 		
 		// populate rate limit table
 		// this table is used for rapid lookup of rate limits when client counts change
-		for (RateLimitRule rule : config.getRemoteConfiguration().getFilter().getQos().getDeliveryRateLimiter().getRateLimitRule()) {
+		for (RateLimitRule rule : CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter().getQos().getDeliveryRateLimiter().getRateLimitRule()) {
 			rateLimits.put(rule.getClientThresholdCount(), rule.getReportingRateLimitSeconds());
 			rateThresholds.add(rule.getClientThresholdCount());
 			
@@ -180,7 +184,7 @@ public boolean isAllowed(String messageType, String messageId, String clientId)
 
 	@Override
 	public String toString() {
-		return "MessageDeliveryStrategy [config=" + config + ", cache=" + cache() + ", maxCacheSize=" + maxCacheSize + "]";
+		return "MessageDeliveryStrategy [cache=" + cache() + ", maxCacheSize=" + maxCacheSize + "]";
 	}
 
 	@Override
diff --git a/src/takserver-core/src/main/java/tak/server/qos/MessageReadStrategy.java b/src/takserver-core/src/main/java/tak/server/qos/MessageReadStrategy.java
index 0e7fae83..3e9d6a6d 100644
--- a/src/takserver-core/src/main/java/tak/server/qos/MessageReadStrategy.java
+++ b/src/takserver-core/src/main/java/tak/server/qos/MessageReadStrategy.java
@@ -7,6 +7,7 @@
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicInteger;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.log4j.Logger;
 import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.context.event.EventListener;
@@ -36,7 +37,7 @@ private void init() {
 		
 		// populate rate limit table
 		// this table is used for rapid lookup of rate limits when client counts change
-		for (RateLimitRule rule : config.getRemoteConfiguration().getFilter().getQos().getReadRateLimiter().getRateLimitRule()) {
+		for (RateLimitRule rule : CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter().getQos().getReadRateLimiter().getRateLimitRule()) {
 			rateLimits.put(rule.getClientThresholdCount(), rule.getReportingRateLimitSeconds());
 			rateThresholds.add(rule.getClientThresholdCount());
 			
@@ -48,7 +49,7 @@ private void init() {
 		// sort rate threshold in descending order, because we will use the first rate that matches client count
 		rateThresholds.sort(Collections.reverseOrder());
 		
-		enabled.set(config.getRemoteConfiguration().getFilter().getQos().getReadRateLimiter().isEnabled());
+		enabled.set(CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter().getQos().getReadRateLimiter().isEnabled());
         
         isInit.set(true);
 	}
@@ -60,7 +61,7 @@ private void refreshQosRead() {
 		
 		// populate rate limit table
 		// this table is used for rapid lookup of rate limits when client counts change
-		for (RateLimitRule rule : config.getRemoteConfiguration().getFilter().getQos().getReadRateLimiter().getRateLimitRule()) {
+		for (RateLimitRule rule : CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter().getQos().getReadRateLimiter().getRateLimitRule()) {
 			rateLimits.put(rule.getClientThresholdCount(), rule.getReportingRateLimitSeconds());
 			rateThresholds.add(rule.getClientThresholdCount());
 			
diff --git a/src/takserver-core/src/main/resources/app-context.xml b/src/takserver-core/src/main/resources/app-context.xml
deleted file mode 100644
index 147f80d9..00000000
--- a/src/takserver-core/src/main/resources/app-context.xml
+++ /dev/null
@@ -1,86 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-    <beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:context="http://www.springframework.org/schema/context"
-	xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:p="http://www.springframework.org/schema/p"
-	xmlns:c="http://www.springframework.org/schema/c"
-	xmlns:tx="http://www.springframework.org/schema/tx"
-    xmlns:jpa="http://www.springframework.org/schema/data/jpa"
-    xmlns:task="http://www.springframework.org/schema/task"
-    xmlns:cache="http://www.springframework.org/schema/cache"
-    xmlns:websocket="http://www.springframework.org/schema/websocket"
-    xmlns:aop="http://www.springframework.org/schema/aop"
-	xsi:schemaLocation="
-        http://www.springframework.org/schema/beans     
-        http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-4.0.xsd
-        http://www.springframework.org/schema/mvc
-        http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
-        http://www.springframework.org/schema/tx
-        http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
-        http://www.springframework.org/schema/data/jpa
-        http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
-        http://www.springframework.org/schema/task
-        http://www.springframework.org/schema/task/spring-task-4.0.xsd
-        http://www.springframework.org/schema/cache
-        http://www.springframework.org/schema/cache/spring-cache.xsd
-        http://www.springframework.org/schema/websocket
-        http://www.springframework.org/schema/websocket/spring-websocket.xsd
-        http://www.springframework.org/schema/aop
-        http://www.springframework.org/schema/aop/spring-aop.xsd">
-         
-  <!-- dataSource is autoconfigured by spring, from application.properties -->
-  <!-- Entity Manager Factory, including hibernate configuration. Expects container-managed connection pool to be configured in Tomcat -->
-  <!-- See https://docs.jboss.org/hibernate/orm/current/javadocs/org/hibernate/dialect/package-summary.html for postgres dialects if postgres version is updated -->
- <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" lazy-init="true">
-    <property name="dataSource" ref="dataSource"/>
-    <property name="persistenceUnitName" value="martiPersistenceUnit"/>
-    <property name="persistenceProviderClass" value="org.hibernate.jpa.HibernatePersistenceProvider"/>
-    <property name="jpaPropertyMap">
-      <map>                               
-       <entry key="hibernate.connection.driver_class" value="org.postgresql.Driver"/>
-        <entry key="hibernate.hbm2ddl.auto" value=""/>
-        <entry key="hibernate.cache.use_query_cache" value="false"/>
-        <entry key="hibernate.cache.use_second_level_cache" value="false"/>
-        <entry key="hibernate.dialect" value="org.hibernate.spatial.dialect.postgis.PostgisPG95Dialect"/>
-        <entry key="javax.persistence.sharedCache.mode" value="ENABLE_SELECTIVE" />
-        <entry key="hibernate.enable_lazy_load_no_trans" value="true" />
-      </map>
-    </property>
-    <property name="jpaDialect">
-      <bean class="org.springframework.orm.jpa.vendor.HibernateJpaDialect" />
-	</property>
-    <property name="jpaVendorAdapter">
-      <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter" />
-    </property>
-    <property name="packagesToScan" value="com.bbn.marti.model.kml, com.bbn.marti.sync.model, com.bbn.tak.tls, com.bbn.marti.device.profile.model,
-              com.bbn.marti.maplayer.model, com.bbn.user.registration.model, com.bbn.marti.video, tak.server.feeds"/>
-  </bean>
- 
-  <bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor"/>
-  
-  <tx:annotation-driven transaction-manager="transactionManager"/>
-  
-  <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
-    <property name="entityManagerFactory" ref="entityManagerFactory"/>
-  </bean>
-  
-  <jpa:repositories base-package="com.bbn.marti.dao.kml, com.bbn.marti.sync.repository, com.bbn.tak.tls.repository, com.bbn.marti.device.profile.repository,
-com.bbn.marti.maplayer.repository, com.bbn.user.registration.repository, com.bbn.marti.video, tak.server.feeds" />
-  
-   <!-- Object/	ML Marshaller/Unmarshaller for Iconsets -->
-   <bean id="jaxb2Marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller" scope="prototype" >
-        <property name="classesToBeBound">
-            <list>
-                <value>com.bbn.marti.model.kml.Iconset</value>
-                <value>com.bbn.marti.model.kml.Icon</value>
-                <value>com.bbn.marti.sync.model.MissionChanges</value>
-                <value>com.bbn.marti.sync.model.MissionChange</value>
-                <value>com.bbn.marti.sync.model.MissionLayer</value>
-                <value>com.bbn.marti.sync.model.UidDetails</value>
-                <value>com.bbn.marti.sync.model.Resource</value>
-            </list>
-        </property>
-    </bean>
-</beans>
diff --git a/src/takserver-core/src/main/resources/application.properties b/src/takserver-core/src/main/resources/application.properties
index 7850a0db..c3001791 100644
--- a/src/takserver-core/src/main/resources/application.properties
+++ b/src/takserver-core/src/main/resources/application.properties
@@ -3,6 +3,10 @@ logging.level.com.zaxxer.hikari.pool.HikariPool=OFF
 spring.main.allow-bean-definition-overriding=true
 spring.jpa.properties.hibernate.enable_lazy_load_no_trans=true
 
+spring.autoconfigure.exclude= \
+  org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration, \
+  org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration
+
 # prepend this value to old servlets and APIs for backwards compatibility
 takserver.compat.context-path=/Marti
 
@@ -27,3 +31,5 @@ spring.mvc.threadContextInheritable=true
 
 spring.jackson.mapper.accept-case-insensitive-enums=true
 spring.jackson.deserialization.accept-single-value-as-array=true 
+
+#logging.level.org.springframework.security=DEBUG
\ No newline at end of file
diff --git a/src/takserver-core/src/main/resources/logback-spring.xml b/src/takserver-core/src/main/resources/logback-spring.xml
index 994ad1eb..22ec1970 100644
--- a/src/takserver-core/src/main/resources/logback-spring.xml
+++ b/src/takserver-core/src/main/resources/logback-spring.xml
@@ -1,19 +1,28 @@
 <configuration scan="true" scanPeriod="30 seconds">
     <include resource="org/springframework/boot/logging/logback/defaults.xml" />
     <contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator" />
-    
+
+    <springProperty name="JSON_FORMAT_ENABLED" source="logging.json.enabled" defaultValue="false" />
+    <springProperty name="AUDIT_ENABLED" source="logging.audit.enabled" defaultValue="false" />
+    <springProperty name="PRETTY_PRINT" source="logging.pretty.enabled" defaultValue="false" />
+
+    <if condition='${AUDIT_ENABLED}'>
+        <then><property name="JSON_LAYOUT" value="com.bbn.marti.remote.AuditLogJsonLayout" /></then>
+        <else><property name="JSON_LAYOUT" value="ch.qos.logback.contrib.json.classic.JsonLayout" /></else>
+    </if>
+
     <springProfile name="!duplicatelogs">
     	<turboFilter class="ch.qos.logback.classic.turbo.DuplicateMessageFilter">
         	<AllowedRepetitions>1</AllowedRepetitions>
     	</turboFilter>
     </springProfile>
-    
-    <springProfile name="api">
+
+    <springProfile name="config">
         <appender name="application_log" class="ch.qos.logback.core.rolling.RollingFileAppender">
-            <file>logs/takserver-api.log</file>
+            <file>logs/takserver-config.log</file>
             <filter class="com.bbn.marti.logging.AuditLogMarkerExcludingRootLoggerThresholdFilter" />
             <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-                <fileNamePattern>logs/takserver-api.%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+                <fileNamePattern>logs/takserver-config.%d{yyyy-MM-dd}.log.gz</fileNamePattern>
                 <maxHistory>90</maxHistory>
             </rollingPolicy>
             <encoder>
@@ -21,6 +30,34 @@
             </encoder>
         </appender>
     </springProfile>
+
+    <springProfile name="api">
+        <appender name="application_log" class="ch.qos.logback.core.rolling.RollingFileAppender">
+            <file>logs/takserver-api.log</file>
+            <filter class="com.bbn.marti.logging.AuditLogMarkerExcludingRootLoggerThresholdFilter" />
+            <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+                <fileNamePattern>logs/takserver-api.%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+                <maxHistory>90</maxHistory>
+            </rollingPolicy>
+            <if condition="${JSON_FORMAT_ENABLED}">
+                <then>
+                    <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
+                        <layout class="${JSON_LAYOUT}">
+                            <jsonFormatter class="ch.qos.logback.contrib.jackson.JacksonJsonFormatter">
+                                <prettyPrint>${PRETTY_PRINT}</prettyPrint>
+                            </jsonFormatter>
+                            <timestampFormat>yyyy-MM-dd'T'HH:mm:ss.SSS'Z'</timestampFormat>
+                        </layout>
+                    </encoder>
+                </then>
+                <else>
+                    <encoder>
+                        <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %level %logger{36} - %msg%n</pattern>
+                    </encoder>
+                </else>
+            </if>
+        </appender>
+    </springProfile>
     <springProfile name="messaging">
         <appender name="application_log" class="ch.qos.logback.core.rolling.RollingFileAppender">
             <file>logs/takserver-messaging.log</file>
@@ -29,9 +66,23 @@
                 <fileNamePattern>logs/takserver-messaging.%d{yyyy-MM-dd}.log.gz</fileNamePattern>
                 <maxHistory>90</maxHistory>
             </rollingPolicy>
-            <encoder>
-                <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %level %logger{36} - %msg%n</pattern>
-            </encoder>
+            <if condition="${JSON_FORMAT_ENABLED}">
+                <then>
+                    <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
+                        <layout class="${JSON_LAYOUT}">
+                            <jsonFormatter class="ch.qos.logback.contrib.jackson.JacksonJsonFormatter">
+                                <prettyPrint>${PRETTY_PRINT}</prettyPrint>
+                            </jsonFormatter>
+                            <timestampFormat>yyyy-MM-dd'T'HH:mm:ss.SSS'Z'</timestampFormat>
+                        </layout>
+                    </encoder>
+                </then>
+                <else>
+                    <encoder>
+                        <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %level %logger{36} - %msg%n</pattern>
+                    </encoder>
+                </else>
+            </if>
         </appender>
     </springProfile>
     <springProfile name="monolith">
@@ -42,9 +93,23 @@
                 <fileNamePattern>logs/takserver.%d{yyyy-MM-dd}.log.gz</fileNamePattern>
                 <maxHistory>90</maxHistory>
             </rollingPolicy>
-            <encoder>
-                <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %level %logger{36} - %msg%n</pattern>
-            </encoder>
+            <if condition="${JSON_FORMAT_ENABLED}">
+                <then>
+                    <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
+                        <layout class="${JSON_LAYOUT}">
+                            <jsonFormatter class="ch.qos.logback.contrib.jackson.JacksonJsonFormatter">
+                                <prettyPrint>${PRETTY_PRINT}</prettyPrint>
+                            </jsonFormatter>
+                            <timestampFormat>yyyy-MM-dd'T'HH:mm:ss.SSS'Z'</timestampFormat>
+                        </layout>
+                    </encoder>
+                </then>
+                <else>
+                    <encoder>
+                        <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %level %logger{36} - %msg%n</pattern>
+                    </encoder>
+                </else>
+            </if>
         </appender>
     </springProfile>
     <!-- TAK Server database access / change audit log. The default level is "off" - only audit log markers will appear in this log -->
@@ -57,10 +122,25 @@
             <fileNamePattern>logs/takserver-db-audit.%d{yyyy-MM-dd-HH}.log.gz</fileNamePattern>
             <maxHistory>90</maxHistory>
         </rollingPolicy>
-        <encoder>
-            <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} %msg%n</pattern>
-        </encoder>
+        <if condition="${JSON_FORMAT_ENABLED}">
+            <then>
+                <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
+                    <layout class="${JSON_LAYOUT}">
+                        <jsonFormatter class="ch.qos.logback.contrib.jackson.JacksonJsonFormatter">
+                            <prettyPrint>${PRETTY_PRINT}</prettyPrint>
+                        </jsonFormatter>
+                        <timestampFormat>yyyy-MM-dd'T'HH:mm:ss.SSS'Z'</timestampFormat>
+                    </layout>
+                </encoder>
+            </then>
+            <else>
+                <encoder>
+                    <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %level %logger{36} - %msg%n</pattern>
+                </encoder>
+            </else>
+        </if>
     </appender>
+
     <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
         <encoder>
             <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %level %logger{36} - %msg%n</pattern>
@@ -83,7 +163,7 @@
     </logger>
     <logger name="org.hibernate.engine.jdbc.spi.SqlExceptionHelper" level="OFF"/>
     <logger name="org.springframework.web.socket.config.WebSocketMessageBrokerStats" level="OFF"/>
-    <logger name="tak.server.ServerConfiguration" level="WARN"/>
+    <logger name="tak.server.ServerConfiguration" level="INFO"/>
     <logger name="org.springframework" level="WARN"/>
     <logger name="org.apache" level="WARN"/>
     <logger name="org.hibernate" level="WARN"/>
diff --git a/src/takserver-core/src/main/resources/security-context.xml b/src/takserver-core/src/main/resources/security-context.xml
index e09a827d..ed87791e 100644
--- a/src/takserver-core/src/main/resources/security-context.xml
+++ b/src/takserver-core/src/main/resources/security-context.xml
@@ -12,7 +12,6 @@
     xmlns:websocket="http://www.springframework.org/schema/websocket"
     xmlns:util="http://www.springframework.org/schema/util"
     xmlns:aop="http://www.springframework.org/schema/aop"
-	xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
     xsi:schemaLocation="
         http://www.springframework.org/schema/beans     
         http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
@@ -27,28 +26,27 @@
         http://www.springframework.org/schema/util
         http://www.springframework.org/schema/util/spring-util-4.0.xsd
         http://www.springframework.org/schema/aop
-        http://www.springframework.org/schema/aop/spring-aop.xsd
-	    http://www.springframework.org/schema/security/oauth2
-        https://www.springframework.org/schema/security/spring-security-oauth2.xsd">
+        http://www.springframework.org/schema/aop/spring-aop.xsd">
         
         
 
         <!-- Enabled annotation-defined aspects -->           
   	    <aop:aspectj-autoproxy />
-        
-        <bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
+
+	<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
 		<sec:filter-chain-map request-matcher="ant">
-		  <sec:filter-chain pattern="/**" filters="
+			<sec:filter-chain pattern="/**" filters="
 				X509AuthenticationFilter,
 				BasicAuthenticationFilter,
 				BasicAuthenticationExceptionTranslationFilter,
-				takOauth2ProviderFilter,
-				takClientCredentialsTokenEndpointFilter,
 				martiPreAuthenticationFilter,
 				AnonymousAuthenticationFilter,
+				oAuth2TokenEndpointFilter,
+				oAuth2BearerTokenAuthenticationFilter,
 				FilterSecurityInterceptor" />
-		  </sec:filter-chain-map>
-		</bean>
+		</sec:filter-chain-map>
+	</bean>
+
 
         <!-- Add additional entries to this list to require both X509 and BASIC auth for all the specified subpaths (not the query string) -->
         <!-- NB: be careful about specifying very short strings here that could match a lot of paths -->
@@ -76,7 +74,8 @@
 			
 			  <!-- plugin data API -->
 			  <sec:intercept-url pattern="/Marti/api/plugins/*/submit" access="ROLE_ANONYMOUS"/>
-			
+			  <sec:intercept-url pattern="/Marti/api/plugins/*/submit/result" access="ROLE_ANONYMOUS"/>
+
 			  <!-- require admin access for user manager -->
 	  	      <sec:intercept-url pattern="/users/**" access="ROLE_ADMIN" />
 	  	      
@@ -199,11 +198,6 @@
               <sec:intercept-url pattern="/Marti/api/sync/**" access="ROLE_ANONYMOUS" />
               <sec:intercept-url pattern="/Marti/api/cot/**" access="ROLE_ANONYMOUS" />
 			  <sec:intercept-url pattern="/Marti/api/cops/**" access="ROLE_ANONYMOUS" />
-			  <sec:intercept-url pattern="/Marti/api/classification/**" method="GET" access="ROLE_ANONYMOUS" />
-              <sec:intercept-url pattern="/Marti/api/classification/**" method="PUT" access="ROLE_ADMIN" />
-              <sec:intercept-url pattern="/Marti/api/classification/**" method="POST" access="ROLE_ADMIN" />
-              <sec:intercept-url pattern="/Marti/api/classification/**" method="DELETE" access="ROLE_ADMIN" />
-              <sec:intercept-url pattern="/Marti/api/caveat/**" access="ROLE_ADMIN" />
 
               <!--  properties API -->
               <sec:intercept-url pattern="/Marti/api/properties/**" access="ROLE_ANONYMOUS" />
@@ -312,7 +306,7 @@
               <sec:intercept-url pattern="/Marti/api/cop/**" access="ROLE_ANONYMOUS"/>
               <sec:intercept-url pattern="/webtak/**" access="ROLE_WEBTAK"/>
               <sec:intercept-url pattern="/webtak-plugins/**" access="ROLE_WEBTAK"/>
-              <sec:intercept-url pattern="/takproto/**" access="ROLE_WEBTAK" />
+              <sec:intercept-url pattern="/takproto/**" access="ROLE_ANONYMOUS" />
               <sec:intercept-url pattern="/Marti/GeoCache/**" access="ROLE_ANONYMOUS"/>
               <sec:intercept-url pattern="/Marti/async/chat" access="ROLE_ANONYMOUS"/>
        
@@ -333,9 +327,9 @@
 			  <!--  Map Layer Admin tool -->
 			  <sec:intercept-url pattern="/Marti/mla/**" access="ROLE_ADMIN"/>
 
-			  <sec:intercept-url pattern="/oauth/token" access="ROLE_NO_CLIENT_CERT" />
-			  <sec:intercept-url pattern="/oauth/authorize"  access="ROLE_NO_CLIENT_CERT" />
-			  <sec:intercept-url pattern="/oauth/check_token"  access="ROLE_ANONYMOUS" />
+			  <sec:intercept-url pattern="/oauth2/token" access="ROLE_NO_CLIENT_CERT" />
+			  <sec:intercept-url pattern="/oauth2/authorize"  access="ROLE_NO_CLIENT_CERT" />
+			  <sec:intercept-url pattern="/oauth2/check_token"  access="ROLE_ANONYMOUS" />
 
 			  <!-- disallow direct access to login page - needs to pass through a Spring MVC view resolver -->
 				<sec:intercept-url pattern="/login/**" access="ROLE_NO_CLIENT_CERT"/>
@@ -347,8 +341,8 @@
 			  <sec:intercept-url pattern="/schedule/**" access="ROLE_ADMIN"/>
 			  
 			  <sec:intercept-url pattern="/user-management/**" access="ROLE_ADMIN"/>
-			  <sec:intercept-url pattern="/classification/**" access="ROLE_ADMIN"/>
-              <sec:intercept-url pattern="/vbm/**" access="ROLE_ADMIN"/>
+			  <sec:intercept-url pattern="/vbm/api/classification" access="ROLE_ANONYMOUS"/>
+			  <sec:intercept-url pattern="/vbm/**" access="ROLE_ADMIN"/>
 
 			   <!-- static content -->
 			  <sec:intercept-url pattern="/Marti/favicon.ico" access="ROLE_NON_ADMIN_UI" />
@@ -400,25 +394,41 @@
 
 	<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter" />
 
-	<bean id="takTokenStore" class="com.bbn.marti.oauth.TAKTokenStore"/>
-	<bean id="takJwtAccessTokenConverter" class="com.bbn.marti.oauth.TAKJwtAccessTokenConverter"/>
-	<bean id="takClientDetailsService" class="com.bbn.marti.oauth.TAKClientDetailsService"/>
-	<bean id="takTokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
-		<property name="tokenStore" ref="takTokenStore" />
-		<property name="tokenEnhancer" ref="takJwtAccessTokenConverter"/>
-		<property name="clientDetailsService" ref="takClientDetailsService"/>
-		<property name="supportRefreshToken" value="true" />
+	<bean id="passwordGrantAuthenticationConverter" class="com.bbn.marti.oauth.PasswordGrantAuthenticationConverter" />
+	<bean id="inMemoryOAuth2AuthorizationService" class="org.springframework.security.oauth2.server.authorization.InMemoryOAuth2AuthorizationService" />
+	<bean id="nimbusJwtEncoder" class="org.springframework.security.oauth2.jwt.NimbusJwtEncoder">
+		<constructor-arg ref="jwkSource" />
+	</bean>
+
+	<bean id="jwtGenerator" class="org.springframework.security.oauth2.server.authorization.token.JwtGenerator" >
+		<constructor-arg ref="nimbusJwtEncoder" />
+	</bean>
+
+	<bean id="passwordGrantAuthenticationProvider" class="com.bbn.marti.oauth.PasswordGrantAuthenticationProvider" >
+		<constructor-arg ref="inMemoryOAuth2AuthorizationService" />
+		<constructor-arg ref="jwtGenerator" />
+		<property name="authenticationProvider" ref="martiAuthenticationProvider" />
 	</bean>
-	<bean id ="takClientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter" >
-		<property name="authenticationManager" ref="martiOauthAuthenticationManager"/>
+
+	<sec:authentication-manager id="passwordGrantAuthenticationManager">
+		<sec:authentication-provider ref="passwordGrantAuthenticationProvider" />
+	</sec:authentication-manager>
+
+	<bean id="passwordGrantAuthenticationSuccessHandler" class="com.bbn.marti.oauth.PasswordGrantAuthenticationSuccessHandler" />
+	<bean id="bearerTokenAuthenticationFailureHandler" class="com.bbn.marti.oauth.BearerTokenAuthenticationFailureHandler" />
+
+	<bean id="oAuth2TokenEndpointFilter" class="org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter" >
+		<constructor-arg ref="passwordGrantAuthenticationManager" />
+		<property name="authenticationConverter" ref="passwordGrantAuthenticationConverter" />
+		<property name="authenticationSuccessHandler" ref="passwordGrantAuthenticationSuccessHandler" />
+	</bean>
+
+	<bean id="accessTokenResolver" class="com.bbn.marti.oauth.AccessTokenResolver" />
+	<bean id="oAuth2BearerTokenAuthenticationFilter" class="org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter" >
+		<constructor-arg ref="martiAuthenticationManager" />
+		<property name="bearerTokenResolver" ref="accessTokenResolver" />
+		<property name="authenticationFailureHandler" ref="bearerTokenAuthenticationFailureHandler" />
 	</bean>
-	<oauth:resource-server id="takOauth2ProviderFilter" token-services-ref="takTokenServices" stateless="false" authentication-manager-ref="martiOauthAuthenticationManager"/>
-	<oauth:authorization-server token-services-ref="takTokenServices"  client-details-service-ref="takClientDetailsService" check-token-enabled="true">
-		<oauth:authorization-code />
-		<oauth:refresh-token />
-		<oauth:client-credentials />
-		<oauth:password />
-	</oauth:authorization-server>
 
 	<bean id="X509AuthenticationFilter" class="org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter">
 		<property name="authenticationManager" ref="martiAuthenticationManager" />
@@ -461,16 +471,12 @@
 		<property name="roleHierarchy" ref="roleHierarchy" />
 	</bean>
 
-	<sec:authentication-manager id="martiOauthAuthenticationManager">
-		<sec:authentication-provider ref="martiAuthenticationProvider"/>
-	</sec:authentication-manager>
-
 	<sec:authentication-manager id="martiAuthenticationManager">
       <sec:authentication-provider ref="PreAuthenticatedAuthenticationProvider" />
       <sec:authentication-provider ref="martiAuthenticationProvider"/>
       <sec:authentication-provider ref="BasicAuthenticationProvider" />
     </sec:authentication-manager>
-  
+
     <!-- Custom spring security authentication provider that uses Marti auth layer to authenticate. -->
     <bean id="martiAuthenticationProvider" class="com.bbn.marti.util.spring.TakAuthenticationProvider" />
     
diff --git a/src/takserver-core/src/main/webapp/Marti/EnterpriseSync.jsp b/src/takserver-core/src/main/webapp/Marti/EnterpriseSync.jsp
index 9bb5aa3c..7776e9de 100644
--- a/src/takserver-core/src/main/webapp/Marti/EnterpriseSync.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/EnterpriseSync.jsp
@@ -1,9 +1,10 @@
 <%@ page language="java" contentType="text/html; charset=UTF-8"
          pageEncoding="UTF-8"%>
 <%@ page import="java.util.*" %>
+<%@ page import="com.bbn.marti.remote.config.CoreConfigFacade" %>
 <%@ page import="com.bbn.marti.sync.FileList" %>
 <%@ page import="org.springframework.context.ApplicationContext" %>
-<%@ page import="com.bbn.marti.util.spring.SpringContextBeanForApi" %>
+<%@ page import="com.bbn.marti.remote.util.SpringContextBeanForApi" %>
 <%@ page import="tak.server.Constants" %>
 <%@ page import="javax.naming.NamingException" %>
 <%@ page import="javax.naming.InitialContext" %>
@@ -188,7 +189,7 @@
 
 <hr>
 <%
-	int uploadSizeLimitMB = ((com.bbn.marti.remote.CoreConfig) SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.remote.CoreConfig.class)).getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
+	int uploadSizeLimitMB = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
 %>
 <p><a href="upload.jsp">Upload a file (limit <%=uploadSizeLimitMB%> MB)</a></p>
     <a href="javascript:selectAll()">Select all</a>&nbsp;
diff --git a/src/takserver-core/src/main/webapp/Marti/ExportMission.jsp b/src/takserver-core/src/main/webapp/Marti/ExportMission.jsp
index 285181ff..c4574798 100644
--- a/src/takserver-core/src/main/webapp/Marti/ExportMission.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/ExportMission.jsp
@@ -54,8 +54,7 @@
 <%@page import="java.util.Set"%>
 <%@page import="java.util.HashSet"%>
 <%@ page import="org.owasp.esapi.ESAPI" %>
-
-
+<%@ page import="com.bbn.marti.remote.util.SpringContextBeanForApi" %>
 
 
 <h1>Export Mission to KML</h1>
diff --git a/src/takserver-core/src/main/webapp/Marti/LogManager.jsp b/src/takserver-core/src/main/webapp/Marti/LogManager.jsp
index f83dd8d7..a3fdeb5f 100644
--- a/src/takserver-core/src/main/webapp/Marti/LogManager.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/LogManager.jsp
@@ -1,7 +1,7 @@
 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
 <%@ page import="java.util.*" %>
 <%@ page import="org.springframework.context.ApplicationContext" %>
-<%@ page import="com.bbn.marti.util.spring.SpringContextBeanForApi" %>
+<%@ page import="com.bbn.marti.remote.util.SpringContextBeanForApi" %>
 <%@ page import="com.bbn.marti.logs.Log" %>
 <%@ page import="com.bbn.marti.logs.PersistenceStore" %>
 <%@ page import="org.owasp.esapi.ESAPI" %>
diff --git a/src/takserver-core/src/main/webapp/Marti/MissionEditor.jsp b/src/takserver-core/src/main/webapp/Marti/MissionEditor.jsp
index 15318dfd..a8dca78c 100644
--- a/src/takserver-core/src/main/webapp/Marti/MissionEditor.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/MissionEditor.jsp
@@ -4,7 +4,7 @@
 <%@ page import="java.net.URLEncoder" %>
 <%@ page import="com.bbn.marti.sync.model.MissionRole" %>
 <%@ page import="com.bbn.marti.util.CommonUtil" %>
-<%@ page import="com.bbn.marti.util.spring.SpringContextBeanForApi" %>
+<%@ page import="com.bbn.marti.remote.util.SpringContextBeanForApi" %>
 
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <html>
diff --git a/src/takserver-core/src/main/webapp/Marti/VideoManager.jsp b/src/takserver-core/src/main/webapp/Marti/VideoManager.jsp
index 5f0fb4d0..a8e1681d 100644
--- a/src/takserver-core/src/main/webapp/Marti/VideoManager.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/VideoManager.jsp
@@ -2,7 +2,7 @@
 <%@ page import="java.util.*" %>
 <%@ page import="com.bbn.marti.video.Feed" %>
 <%@ page import="org.springframework.context.ApplicationContext" %>
-<%@ page import="com.bbn.marti.util.spring.SpringContextBeanForApi" %>
+<%@ page import="com.bbn.marti.remote.util.SpringContextBeanForApi" %>
 <%@ page import="com.bbn.marti.video.VideoManagerService" %>
 <%@ page import="com.bbn.marti.video.VideoConnections" %>
 <%@ page import="org.owasp.esapi.ESAPI" %>
diff --git a/src/takserver-core/src/main/webapp/Marti/VideoSend.jsp b/src/takserver-core/src/main/webapp/Marti/VideoSend.jsp
index 18df7ae6..16a9c619 100644
--- a/src/takserver-core/src/main/webapp/Marti/VideoSend.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/VideoSend.jsp
@@ -13,7 +13,7 @@
 <%@ page import="com.bbn.marti.remote.SubscriptionManagerLite" %>
 <%@ page import="com.bbn.marti.remote.RemoteSubscription" %>
 <%@ page import="org.owasp.esapi.ESAPI" %>
-<%@ page import="com.bbn.marti.util.spring.SpringContextBeanForApi" %>
+<%@ page import="com.bbn.marti.remote.util.SpringContextBeanForApi" %>
 <%@ page import="com.bbn.marti.util.CommonUtil" %>
 
 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
@@ -86,7 +86,7 @@
 
 	String[] feedIds = request.getParameter("feedId").split("\\|");
 	for (String feedId : feedIds) {
-		Feed feed = com.bbn.marti.util.spring.SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.video.VideoManagerService.class).getFeed(Integer.parseInt(feedId), groupVector);
+		Feed feed = SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.video.VideoManagerService.class).getFeed(Integer.parseInt(feedId), groupVector);
 %>
 		<tr>
 			<td><%=feed.getType().toString()%></td>
diff --git a/src/takserver-core/src/main/webapp/Marti/VideoUpload.jsp b/src/takserver-core/src/main/webapp/Marti/VideoUpload.jsp
index 5115ce94..39e42178 100644
--- a/src/takserver-core/src/main/webapp/Marti/VideoUpload.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/VideoUpload.jsp
@@ -4,7 +4,7 @@
 <%@ page import="org.owasp.esapi.ESAPI" %>
 <%@ page import="com.bbn.marti.video.Feed" %>
 <%@ page import="com.bbn.marti.util.CommonUtil" %>
-<%@ page import="com.bbn.marti.util.spring.SpringContextBeanForApi" %>
+<%@ page import="com.bbn.marti.remote.util.SpringContextBeanForApi" %>
 
 
 <%
@@ -38,7 +38,7 @@
   if (feedId != null) {
     title = "Edit";
     action = "Save";
-    Feed feed = com.bbn.marti.util.spring.SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.video.VideoManagerService.class).getFeed(Integer.parseInt(feedId), groupVector);
+    Feed feed = SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.video.VideoManagerService.class).getFeed(Integer.parseInt(feedId), groupVector);
     uuid = feed.getUuid();
     active = Boolean.toString(feed.getActive());
     alias = feed.getAlias();
diff --git a/src/takserver-core/src/main/webapp/Marti/databaseAdmin.jsp b/src/takserver-core/src/main/webapp/Marti/databaseAdmin.jsp
index 3e3b66fc..60e5fde1 100644
--- a/src/takserver-core/src/main/webapp/Marti/databaseAdmin.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/databaseAdmin.jsp
@@ -1,7 +1,7 @@
 <%@ page language="java" contentType="text/html; charset=UTF-8"
 	pageEncoding="UTF-8"%>
 <%@ page import="org.springframework.context.ApplicationContext" %>
-<%@ page import="com.bbn.marti.util.spring.SpringContextBeanForApi" %>
+<%@ page import="com.bbn.marti.remote.util.SpringContextBeanForApi" %>
 <%@ page import="com.bbn.marti.CotImageBean" %>
 
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
diff --git a/src/takserver-core/src/main/webapp/Marti/federation/js/app.js b/src/takserver-core/src/main/webapp/Marti/federation/js/app.js
index c1c42854..d55a7c31 100644
--- a/src/takserver-core/src/main/webapp/Marti/federation/js/app.js
+++ b/src/takserver-core/src/main/webapp/Marti/federation/js/app.js
@@ -40,6 +40,10 @@ app.config(['$routeProvider',
 			templateUrl: 'partials/newOutgoingConnection.html',
 			controller: 'OutgoingConnectionCreationCtrl'
 		    }).
+		    when('/modifyOutgoingConnection/:id', {
+			templateUrl: 'partials/modifyOutgoingConnection.html',
+			controller: 'OutgoingConnectionModificationCtrl'
+		    }).
 		    when('/listFederates', {
 			templateUrl: 'partials/federates.html',
 			controller: 'FederatesListCtrl'
diff --git a/src/takserver-core/src/main/webapp/Marti/federation/js/controllers.js b/src/takserver-core/src/main/webapp/Marti/federation/js/controllers.js
index 81c30239..6e8c2e7b 100644
--- a/src/takserver-core/src/main/webapp/Marti/federation/js/controllers.js
+++ b/src/takserver-core/src/main/webapp/Marti/federation/js/controllers.js
@@ -658,6 +658,105 @@ federationManagerControllers.controller('OutgoingConnectionCreationCtrl', ['$sco
     }
 ]);
 
+federationManagerControllers.controller('OutgoingConnectionModificationCtrl', ['$scope',
+    '$location',
+    '$routeParams',
+    'OutgoingConnectionsService',
+    function (
+        $scope,
+        $location,
+        $routeParams,
+        OutgoingConnectionsService
+    ) {
+
+        $scope.originalOutgoingDisplayName = $routeParams.id
+        $scope.allOutgoingConnections = [];
+        $scope.originalOutgoing = {}
+        $scope.modifiedOutgoing = {}
+
+        OutgoingConnectionsService.query(
+            function (apiResponse) {
+                $scope.allOutgoingConnections = apiResponse.data;
+                $scope.showRmiError = false;
+
+                $scope.originalOutgoing = $scope.allOutgoingConnections.find(outgoing => { 
+                    return outgoing.displayName === $scope.originalOutgoingDisplayName
+                })
+
+                $scope.modifiedOutgoing = JSON.parse(JSON.stringify($scope.originalOutgoing))
+            },
+            function () {
+                $scope.showRmiError = true;
+            });
+
+        $scope.cancel = function () {
+            $location.path("/");
+        };
+
+        $scope.saveOutgoingConnection = function (outgoingConnection) {
+            // if outgoing is enabled, warn that current changes will restart connection
+            if ($scope.originalOutgoing.enabled && $scope.modifiedOutgoing.enabled) {
+                if ($scope.originalOutgoing.displayName !== $scope.modifiedOutgoing.displayName ||
+                    $scope.originalOutgoing.address !== $scope.modifiedOutgoing.address ||
+                    $scope.originalOutgoing.port !== $scope.modifiedOutgoing.port ||
+                    $scope.originalOutgoing.protocolVersion !== $scope.modifiedOutgoing.protocolVersion) {
+                    if (confirm('Config changes will restart the connection')) {
+                        // nothing to do
+                    } else {
+                      alert('Save Canceled.');
+                      return;
+                    }
+                }
+            }
+
+            $scope.submitInProgress = true;
+            OutgoingConnectionsService.update({
+                    'original': $scope.originalOutgoing,
+                    'update': $scope.modifiedOutgoing
+                },
+                function (apiResponse) {
+                     $location.path('/');
+                },
+                function (apiResponse) {
+                    $scope.serviceReportedMessages = true;
+                    $scope.messages = apiResponse.data.messages;
+                    alert('An error occurred saving the outgoing connection. Please correct the errors and resubmit.');
+                    $scope.submitInProgress = false;
+                }
+            );
+        }
+
+        $scope.checkMaxRetries = function (outgoingConnection) {
+            if (outgoingConnection.unlimitedRetries == true && outgoingConnection.fallback) {
+                outgoingConnection.maxRetriesFallbackError = true;
+            } else {
+                outgoingConnection.maxRetriesFallbackError = false;
+            }
+        }
+
+        $scope.isDisplayNameUnique = function (outgoingConnection) {
+            if (!outgoingConnection.displayName) {
+                return;
+            }
+            var displayName = outgoingConnection.displayName.toUpperCase();
+            if (displayName != null && displayName.trim() != '') {
+                outgoingConnection.displayNameDuplicate = false;
+
+                for (i in $scope.allOutgoingConnections) {
+                    if (displayName === $scope.allOutgoingConnections[i].displayName.toUpperCase()) {
+                        // ignore duplicate with original self
+                        if (displayName === $scope.originalOutgoing.displayName.toUpperCase())
+                            continue
+
+                        outgoingConnection.displayNameDuplicate = true;
+                        return
+                    }
+                }
+            }
+        }
+    }
+]);
+
 
 federationManagerControllers.controller('FederateContactsListCtrl', ['$scope',
     '$location',
diff --git a/src/takserver-core/src/main/webapp/Marti/federation/js/services.js b/src/takserver-core/src/main/webapp/Marti/federation/js/services.js
index 65c3dd3a..cd053dab 100644
--- a/src/takserver-core/src/main/webapp/Marti/federation/js/services.js
+++ b/src/takserver-core/src/main/webapp/Marti/federation/js/services.js
@@ -25,7 +25,8 @@ services.factory('FederateGroupConfigurationService', function($resource) {
 
 services.factory('OutgoingConnectionsService', function($resource) {
 	  return $resource('/Marti/api/outgoingconnections/:name', {}, {
-		  'query': {method: "GET", isArray: false}
+		  'query': {method: "GET", isArray: false},
+		  'update': {method: "PUT"}
 	  });
 	});
 
diff --git a/src/takserver-core/src/main/webapp/Marti/federation/partials/editFederateDetails.html b/src/takserver-core/src/main/webapp/Marti/federation/partials/editFederateDetails.html
index 65412655..56e86054 100644
--- a/src/takserver-core/src/main/webapp/Marti/federation/partials/editFederateDetails.html
+++ b/src/takserver-core/src/main/webapp/Marti/federation/partials/editFederateDetails.html
@@ -109,6 +109,20 @@ <h3>Federate Details</h3>
   				</span>
 			</td>
 		</tr>
+
+    <tr>
+      <td class="rowHeader"><label for="fallbackWhenNoGroupMappings">*Fallback When No Group Mappings</label></td>
+      <td class="rowValue">
+        <select name="fallbackWhenNoGroupMappings" data-ng-model="federateDetails.fallbackWhenNoGroupMappings" required data-ng-options="boolToStr(item) for item in [true, false]">
+        </select>
+      </td>
+      <td class="error">
+          <span data-ng-show="federateDetailsForm.$submitted || federateDetailsForm.fallbackWhenNoGroupMappings.$touched">
+            <span data-ng-show="federateDetailsForm.fallbackWhenNoGroupMappings.$error.required">The Fallback When No Group Mappings flag must be set.</span>
+          </span>
+      </td>
+    </tr>
+
     <tr>
       <td class="rowHeader"><label for="maxHops">*Max Hops</label></td>
       <td class="rowValue">
diff --git a/src/takserver-core/src/main/webapp/Marti/federation/partials/federates.html b/src/takserver-core/src/main/webapp/Marti/federation/partials/federates.html
index 125fcad3..5cc7d5f9 100644
--- a/src/takserver-core/src/main/webapp/Marti/federation/partials/federates.html
+++ b/src/takserver-core/src/main/webapp/Marti/federation/partials/federates.html
@@ -110,6 +110,7 @@ <h3>Outgoing Connection Configuration</h3>
 	    <td data-ng-bind="og.protocolVersion"></td>
 	    <td data-ng-bind="og.connectionInfoSummary.connectionStatusValue"></td>
 	    <td data-ng-bind="og.connectionInfoSummary.lastError"></td>
+	    <td><a class="nav" href="#!/modifyOutgoingConnection/{{og.displayName | encodeURIComponent}}">Edit</a></td>
 	    <td><a class="nav" data-ng-click="deleteOutgoingConnection(og.displayName)">Delete</a></td>
 	  </tr>
 	</tbody>
diff --git a/src/takserver-core/src/main/webapp/Marti/federation/partials/modifyFederationConfig.html b/src/takserver-core/src/main/webapp/Marti/federation/partials/modifyFederationConfig.html
index 00df232a..63ddd45f 100644
--- a/src/takserver-core/src/main/webapp/Marti/federation/partials/modifyFederationConfig.html
+++ b/src/takserver-core/src/main/webapp/Marti/federation/partials/modifyFederationConfig.html
@@ -126,7 +126,7 @@ <h3>Federation Configuration</h3>
                   </tr>
                   <tr>
                     <td>Enable Mission Federation Disruption Tolerance:</td>
-                    <td><input type="checkbox" data-ng-model="fedConfig.enableMissionFederationDisruptionTolerance" data-ng-disabled="!fedConfig.serverPortEnabled || !fedConfig.enabled"></td>
+                    <td><input type="checkbox" data-ng-model="fedConfig.enableMissionFederationDisruptionTolerance" data-ng-disabled="!fedConfig.serverPortEnabledv2 || !fedConfig.enabled"></td>
                   </tr>
                 </table>
               </td>
diff --git a/src/takserver-core/src/main/webapp/Marti/federation/partials/modifyOutgoingConnection.html b/src/takserver-core/src/main/webapp/Marti/federation/partials/modifyOutgoingConnection.html
new file mode 100644
index 00000000..f31f3065
--- /dev/null
+++ b/src/takserver-core/src/main/webapp/Marti/federation/partials/modifyOutgoingConnection.html
@@ -0,0 +1,192 @@
+<style type="text/css">
+  input.ng-invalid.ng-touched {
+  background-color: #FA787E;
+  }
+  input.ng-valid.ng-touched {
+  background-color: white;
+  }
+  .rowHeader {
+  text-align:right;
+  padding-right:5px;
+  width:200px;
+  vertical-align:top;
+  }
+  .rowValue {
+  width:400px;
+  text-align:right;
+  vertical-align:top;
+  }
+  .rowValue select {
+  width:100%;
+  }
+  .rowValue input {
+  width:400px;
+  }
+  .error {
+  color:red;
+  vertical-align:top;
+  }
+  table {
+  border-collapse: separate;
+  border-spacing:10px
+  }
+  .inlineHelp {
+  font:13px arial, sans-serif;
+  font-style:italic;
+  text-align:right;
+  color:green;
+  }
+</style>
+<div>
+  <h3>Edit Outgoing Connection</h3>
+  <div data-ng-show="serviceReportedMessages">
+    <ul>
+      <li class="error" data-ng-repeat="message in messages">{{message}}</li>
+    </ul>
+  </div>
+  <form name="outgoingConnectionForm" novalidate data-ng-submit="outgoingConnectionForm.$valid && saveOutgoingConnection()">
+    <table>
+      <tr>
+        <td sytle="border-bottom:1px solid black" colspan="2">
+          <table>
+            <tr>
+              <td class="rowHeader"><label for="name">*Display Name</label></td>
+              <td class="rowValue">
+                <input type="text" data-ng-model="modifiedOutgoing.displayName" name="displayName" required  maxlength="30" data-ng-pattern="/^[A-Za-z0-9_\s]+$/" data-ng-change="isDisplayNameUnique(modifiedOutgoing)"/>
+                <br/><span class="inlineHelp">Display name may contain upper and lower case letters, numbers, spaces and underscores up to 30 characters.</span>
+              </td>
+              <td class="error">
+                <span data-ng-show="outgoingConnectionForm.$submitted || outgoingConnectionForm.displayName.$touched">
+                <span data-ng-show="outgoingConnectionForm.displayName.$error.required">Display name is required</span>
+                <span data-ng-show="outgoingConnectionForm.displayName.$error.maxLength">Display Name must be between 1 and 30 characters</span>
+                <span data-ng-show="outgoingConnectionForm.displayName.$error.pattern">The Display Name may contain only upper and lower case letters, numbers, spaces and underscores</span>
+                <span data-ng-show="outgoingConnectionForm.displayNameDuplicate.$error.errorflagvalidation">The Display Name you've provided is already in use.</span>
+                </span>
+              </td>
+            </tr>
+            <tr>
+              <td class="rowHeader"><label for="group">*Address</label></td>
+              <td class="rowValue">
+                <input type="text" data-ng-model="modifiedOutgoing.address" required name="address" data-ng-pattern="/^[\w\d_\-\.]*$/"/>
+                <br/><span class="inlineHelp">Provide a valid hostname or IPv4 address.</span>
+              </td>
+              <td class="error">
+                <span data-ng-show="outgoingConnectionForm.$submitted || outgoingConnectionForm.address.$touched">
+                <span data-ng-show="outgoingConnectionForm.address.$error.required">Address is required. </span>
+                <span data-ng-show="outgoingConnectionForm.address.$error.pattern">Provide a valid hostname or IPv4 address.</span>
+                </span>
+              </td>
+            </tr>
+            <tr>
+              <td class="rowHeader"><label for="port">*Port</label></td>
+              <td class="rowValue">
+                <input type="number" data-ng-model="modifiedOutgoing.port" name="port" required min="1" max="65535" data-ng-pattern="/^[0-9]+$/"/>
+                <br/><span class="inlineHelp">Port must be an integer between 1 and 65535.</span>
+              </td>
+              <td class="error">
+                <span data-ng-show="outgoingConnectionForm.$submitted || outgoingConnectionForm.port.$touched">
+                <span data-ng-show="outgoingConnectionForm.port.$error.required">Port value is required. </span>
+                <span data-ng-show="outgoingConnectionForm.port.$error.min || outgoingConnectionForm.port.$error.max">Port value must be an integer between 1 and 65535. </span>
+                <span data-ng-show="outgoingConnectionForm.port.$error.number">Port value must be an integer. </span>
+                <span data-ng-show="outgoingConnectionForm.port.$error.pattern">Port value may only contain digits. </span>
+                </span>
+              </td>
+            </tr>
+            <tr>
+              <td class="rowHeader"><label for="reconnectInterval">*Reconnect Interval</label></td>
+              <td class="rowValue">
+                <input type="number" data-ng-model="modifiedOutgoing.reconnectInterval" name="reconnectInterval" required min="0" data-ng-pattern="/^[0-9]+$/"/>
+                <br/><span class="inlineHelp">The number of seconds between connection attempts. A value of 0 will disable automatic reconnect.</span>
+              </td>
+              <td class="error">
+                <span data-ng-show="outgoingConnectionForm.$submitted || outgoingConnectionForm.reconnectInterval.$touched">
+                <span data-ng-show="outgoingConnectionForm.reconnectInterval.$error.required">Reconnect Interval value is required. </span>
+                <span data-ng-show="outgoingConnectionForm.reconnectInterval.$error.min">Reconnect Interval must be be a positive integer. </span>
+                <span data-ng-show="outgoingConnectionForm.reconnectInterval.$error.number">Reconnect Interval must be an integer. </span>
+                <span data-ng-show="outgoingConnectionForm.reconnectInterval.$error.pattern">Reconnect Interval may only contain digits. </span>
+                </span>
+              </td>
+            </tr>
+            <tr>
+              <td class="rowHeader">
+                <label for="unlimtedRetries">Max Retries Unlimited</label>
+                <label for="maxRetries">Max Retries</label>
+              </td>
+              <td class="rowValue">
+                <input type="hidden" data-ng-model="modifiedOutgoing.maxRetriesFallbackError" errorflagvalidation name="fallbackHidden"/>
+                <input type="checkbox" data-ng-model="modifiedOutgoing.unlimitedRetries" name="unlimitedRetries" data-ng-change="checkMaxRetries(modifiedOutgoing)"/>
+                <input type="number" required
+                  data-ng-model="modifiedOutgoing.maxRetries"
+                  name="maxRetries"
+                  data-ng-pattern="/^[0-9]*$/"
+                  min="0"
+                  data-ng-change="checkMaxRetries(modifiedOutgoing)"
+                  data-ng-disabled="modifiedOutgoing.unlimitedRetries"/>
+                <br/><span class="inlineHelp">How many times to retry reconnecting before fallback or stopping. Checking</span>
+              </td>
+              <td class="error">
+                <span>
+                <span data-ng-show="outgoingConnectionForm.maxRetries.$error.required && !modifiedOutgoing.unlimitedRetries">Max Retries value is required.</span>
+                <span data-ng-show="outgoingConnectionForm.maxRetries.$error.min">Max Retries must be a non-negative integer</span>
+                <span data-ng-show="outgoingConnectionForm.maxRetries.$error.number">Max Retries must be an integer. </span>
+                <span data-ng-show="outgoingConnectionForm.maxRetries.$error.pattern">Max Retries may only contain digits.</span>
+                <span data-ng-show="outgoingConnectionForm.fallbackHidden.$error.errorflagvalidation">Max Retries must be finite if there is a fallback</span>
+                </span>
+              </td>
+            </tr>
+            <tr>
+              <td class="rowHeader"><label for="enabled">Enabled</label></td>
+              <td class="rowValue">
+                <select name="enabled" data-ng-model="modifiedOutgoing.enabled" required>
+                  <option ng-value="true">True</option>
+                  <option ng-value="false">False</option>
+                </select>
+              </td>
+              <td class="error">
+                <span data-ng-show="outgoingConnectionForm.$submitted || outgoingConnectionForm.enabled.$touched">
+                <span data-ng-show="outgoingConnectionForm.enabled.$error.required">The Enabled flag must be set.</span>
+                </span>
+              </td>
+            </tr>
+            <tr>
+              <td class="rowHeader"><label for="protocolVersion">Protocol Version</label></td>
+              <td class="rowValue">
+                <select name="protocolVersion" data-ng-model="modifiedOutgoing.protocolVersion" required>
+                  <option ng-value="2">2 - 1.3.11 and Later (Federated Data Sync Support)</option>
+                  <option ng-value="1">1 - 1.3.10 and Earlier (Legacy Protocol)</option>
+                </select>
+              </td>
+              <td class="error">
+                <span data-ng-show="outgoingConnectionForm.$submitted || outgoingConnectionForm.protocolVersion.$touched">
+                <span data-ng-show="outgoingConnectionForm.protocolVersion.$error.required">The protocol flag must be set.</span>
+                </span>
+              </td>
+            </tr>
+            <tr>
+              <td class="rowHeader"><label for="fallback">Fallback Connection</label></td>
+              <td class="rowValue">
+                <select name="fallback"
+                  data-ng-model="modifiedOutgoing.fallback"
+                  data-ng-change="removeFallbacks(modifiedOutgoing)"
+                  data-ng-disabled="modifiedOutgoing.fallback === 'create_new_fallback_connection'">
+                  <option value= >No Fallback</option>
+                  <option data-ng-repeat="og in allOutgoingConnections" data-ng-value="og.displayName">{{ og.displayName }}</option>
+                </select>
+              </td>
+            </tr>
+          </table>
+        </td>
+      </tr>
+    </table>
+    <table>
+      <tr>
+        <td style="text-align:right;">*Required</td>
+        <td style="padding:10px;" align="right">
+          <input type="button" data-ng-click="cancel()" value="Cancel" />&nbsp;
+          <input type="submit" value="Save" data-ng-disabled="submitInProgress" />
+        </td>
+        <!-- <td>&nbsp;</td> -->
+      </tr>
+    </table>
+  </form>
+</div>
\ No newline at end of file
diff --git a/src/takserver-core/src/main/webapp/Marti/footer.jsp b/src/takserver-core/src/main/webapp/Marti/footer.jsp
index 753e4ab9..a959ed60 100644
--- a/src/takserver-core/src/main/webapp/Marti/footer.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/footer.jsp
@@ -6,10 +6,10 @@
   <table>
     <tr>
 	<p><center>
-    <%="TAK Server " + ((com.bbn.marti.util.VersionBean) com.bbn.marti.util.spring.SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.util.VersionBean.class)).getVer()%> 
+    <%="TAK Server " + ((com.bbn.marti.util.VersionBean) com.bbn.marti.remote.util.SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.util.VersionBean.class)).getVer()%>
     </center></p> 
     <p><center>
-    <i>Node ID: <%=((com.bbn.marti.util.VersionBean) com.bbn.marti.util.spring.SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.util.VersionBean.class)).getNodeId()%></i> 
+    <i>Node ID: <%=((com.bbn.marti.util.VersionBean) com.bbn.marti.remote.util.SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.util.VersionBean.class)).getNodeId()%></i>
     </center></p> 
     </div>
     </tr>
diff --git a/src/takserver-core/src/main/webapp/Marti/inputs/partials/list.html b/src/takserver-core/src/main/webapp/Marti/inputs/partials/list.html
index 52adea61..f0b9fc57 100644
--- a/src/takserver-core/src/main/webapp/Marti/inputs/partials/list.html
+++ b/src/takserver-core/src/main/webapp/Marti/inputs/partials/list.html
@@ -41,7 +41,7 @@ <h3>Inputs (Server Ports)</h3>
 						<td data-ng-bind="x.input.protocol"></td>
 						<td data-ng-bind="x.input.port"></td>
 						<td data-ng-bind="x.input.coreVersion"></td>
-						<td>{{x.input.protocol === 'tls' ? (x.input.coreVersion == 2
+						<td>{{ (x.input.protocol === 'tls' || x.input.protocol === 'quic') ? (x.input.coreVersion == 2
 							? x.input.coreVersion2TlsVersions : secConfig.tlsVersion) : ''}}</td>
 						<td data-ng-bind="x.input.group"></td>
 						<td data-ng-bind="x.input.iface"></td>
diff --git a/src/takserver-core/src/main/webapp/Marti/inputs/partials/new.html b/src/takserver-core/src/main/webapp/Marti/inputs/partials/new.html
index 420488a2..78432f1d 100644
--- a/src/takserver-core/src/main/webapp/Marti/inputs/partials/new.html
+++ b/src/takserver-core/src/main/webapp/Marti/inputs/partials/new.html
@@ -80,9 +80,10 @@ <h3>Create Input Definition</h3>
       		<option value="tcp">Standard TCP (TCP)</option>
 					<option value="udp">Standard UDP (UDP)</option>
 					<option value="stcp">Streaming TCP (STCP)</option>
-          <option value="tls">Secure Streaming TCP (TLS) CoT or Protobuf</option>
-          <option value="grpc">Secure Streaming with gRPC</option>
+          			<option value="tls">Secure Streaming TCP (TLS) CoT or Protobuf</option>
+          			<option value="grpc">Secure Streaming with gRPC - Protobuf</option>
 					<option value="cottls">Secure Streaming TCP (COTTLS) CoT Only</option>
+					<option value="quic">Secure Streaming with QUIC - CoT or Protobuf</option>
 					<option value="mcast">Multicast (MCAST)</option>
 				</select>
 			</td>
diff --git a/src/takserver-core/src/main/webapp/Marti/login/js/controllers.js b/src/takserver-core/src/main/webapp/Marti/login/js/controllers.js
index e0dc974a..f86f28db 100644
--- a/src/takserver-core/src/main/webapp/Marti/login/js/controllers.js
+++ b/src/takserver-core/src/main/webapp/Marti/login/js/controllers.js
@@ -26,7 +26,7 @@ loginControllers.controller('loginController', ['$scope', '$location', 'loginSer
 
         $scope.onSubmit = async function() {
             var xhr = new XMLHttpRequest();
-            var url = "/oauth/token?grant_type=password" +
+            var url = "/oauth2/token?grant_type=password" +
                 "&username=" + encodeURIComponent(username.value) +
                 "&password=" + encodeURIComponent(password.value);
             xhr.responseType = 'json';
diff --git a/src/takserver-core/src/main/webapp/Marti/menubar.html b/src/takserver-core/src/main/webapp/Marti/menubar.html
index f2f1db08..a678bde0 100644
--- a/src/takserver-core/src/main/webapp/Marti/menubar.html
+++ b/src/takserver-core/src/main/webapp/Marti/menubar.html
@@ -131,7 +131,6 @@
 	<ul class="panel">
 	  <li class='adminOnly'><a href="/Marti/query.jsp"><span>Cot Query</span></a></li>
 	  <li><a href="/Marti/FileManager.html"><span>File Manager</span></a></li>
-	  <li><a href="/Marti/EnterpriseSync.jsp"><span>Enterprise Sync</span></a></li>
 	  <li><a href="/Marti/sendMissionPackage.jsp"><span>Send Mission Package</span></a></li>
 	  <li><a href="/Marti/VideoManager.jsp"><span>Video Feed Manager</span></a></li>
 	  <li><a href="/Marti/MissionManager.html"><span>Mission Manager</span></a></li>
@@ -163,12 +162,10 @@
       <li><a href="/Marti/data_retention/index.html"><span>Data Retention</span></a></li>
       <li><a href="/user-management/index.html"><span>Manage Users</span></a></li> 
 	  <li><a href="/Marti/clientcerts/index.html"><span>Client Certificates</span></a></li>
-	  <li><a href="/Marti/oauth/index.html"><span>Tokens</span></a></li>
 	  <li><a href="/Marti/LogManager.jsp"><span>Device Logs</span></a></li>
 	  <li><a href="/Marti/profiles/index.html"><span>Device Profiles</span></a></li>
-      <li><a href="/Marti/file/index.html"><span>File Config</span></a></li>
-      <li><a href="/Marti/vbm/index.html"><span>VBM Configuration</span></a></li>
-      <li class='last'><a href="/classification/index.html"><span>Classification</span></a></li>
+	  <li><a href="/Marti/file/index.html"><span>File Config</span></a></li>
+	  <li class='last'><a href="/Marti/vbm/index.html"><span>VBM Configuration</span></a></li>
 	</ul>
       </li>
 
diff --git a/src/takserver-core/src/main/webapp/Marti/oauth/css/main.css b/src/takserver-core/src/main/webapp/Marti/oauth/css/main.css
deleted file mode 100644
index 0ea91f25..00000000
--- a/src/takserver-core/src/main/webapp/Marti/oauth/css/main.css
+++ /dev/null
@@ -1,432 +0,0 @@
-
-/* 
-  Allow angular.js to be loaded in body, hiding cloaked elements until 
-  templates compile.  The !important is important given that there may be 
-  other selectors that are more specific or come later and might alter display.  
- */
-[ng\:cloak], [ng-cloak], .ng-cloak {
-  display: none !important;
-}
-
-.content {
-	color: #222;
-    font-family: "Open Sans", Arial, sans;
-    outline: none;
-    width: auto;
-    margin: auto;
-}
-
-img {
-    outline: none;
-}
-
-/* hr {
-    display: block;
-    height: 1px;
-    border: 0;
-    margin: 0.5em 0;
-    padding: 0;
-    clear: both;
-} */
-
-img {
-    vertical-align: middle;
-}
-
-/*
- * Remove default fieldset styles.
- */
-
-fieldset {
-    border: 0;
-    margin: 0;
-    padding: 0;
-}
-
-/*
- * Allow only vertical resizing of textareas.
- */
-
-textarea {
-    resize: vertical;
-}
-
-/* ==========================================================================
-   Chrome Frame prompt
-   ========================================================================== */
-
-.chromeframe {
-    margin: 0.2em 0;
-    background: #ccc;
-    color: #000;
-    padding: 0.2em 0;
-}
-
-/* Structure */
-/* html, body {
-    height: 100%;
-} */
-
-/* Header */
-header {
-	font-size: 36px;
-	color: #666;
-	padding: 15px 0 5px;
-}
-
-dl {
-    margin: 0;
-    min-height: 1px;
-    overflow: hidden;
-    padding: 24px 0 0 0;
-    position: relative;
-}
-
-dt {
-    background: #bcd4b4;
-    border-bottom: 1px solid #989EA4;
-    border-top: 1px solid #717D85;
-    color: #222;
-    font-size: 12px;
-    line-height: 12px;
-    font-weight: 300;
-    margin: 0;
-    padding: 0px 20px 0 0;
-    text-align: right;
-    position: absolute;
-    text-shadow: 0 1px #d4c9af;
-    -moz-text-shadow: 0 1px #d4c9af;
-    -webkit-text-shadow: 0 1px #d4c9af;
-}
-
-dt {
-    bottom: auto;
-    top: 0;
-    width: 290px;
-}
-
-.animated dt {
-    bottom: 0;
-    top: auto;
-}
-
-dd {
-    text-decoration: none;
-    font-weight: 300;
-    font-size: 20px;
-    color: #828e8a;
-    margin: 0;
-    padding: 0 0 5px 15px;
-    white-space: nowrap;
-    background-position: center center;
-    -moz-transition: all .3s ease 0s;
-    -webkit-transition: all .3s ease 0s;
-}
-
-/* dd:hover {
-    background: url("../img/arrows.png") #46514f center right no-repeat;
-} */
-
-dd + dd {
-    border-top: 1px solid #46514f;
-}
-
-
-a.cnt {
-    text-decoration: none;
-    display: block;
-    width: 100%;
-    color: #828e8a;
-
-}
-
-a.cnt:hover {
-    color: #cdd9d7;
-}
-
-/* Right View */
-
-#rightViewContainer {
-    float: left;
-    margin: 0 0px 0 50px;
-}
-
-#inputList {
-    float: left;
-}
-
-/* Form Design */
-
-.formdesign {
-    padding: 0 0 10px 25px;
-    float: right;
-    border-left: dotted 1px #46514f;
-}
-
-.formdesign label {
-    display: block;
-    color: #797979;
-    font-weight: 700;
-    line-height: 1.4em;
-}
-
-.formdesign input, select, textarea {
-    clear: both;
-    float: none;
-    display: block;
-    width: 600px;
-    border: none;
-    border-bottom: solid 1px #828e8a;
-    margin: 10px 0px 8px 0px;
-    padding: 6px 0px;
-    background: none;
-    outline: none;
-    font-size: 24px;
-    line-height: 24px;
-    letter-spacing: -0.03em;
-    height: 48px;
-    color: white;
-    position: relative;
-    z-index: 1;
-}
-
-.formdesign input:invalid {
-    box-shadow: none;
-    outline: none;
-}
-
-.formdesign div {
-    height: 103px;
-}
-
-.formdesign div span {
-    text-align: right;
-    color: #A89999;
-    font-size: 12px;
-
-}
-
-@-webkit-keyframes shake {
-  0%, 100% {
-    -webkit-transform: translateX(0);
-  }
-
-  10%, 30%, 50%, 70%, 90% {
-    -webkit-transform: translateX(-10px);
-  }
-
-  20%, 40%, 60%, 80% {
-    -webkit-transform: translateX(10px);
-  }
-}
-
-.formdesign .ng-invalid.ng-dirty {
-    -webkit-animation-duration: 1s;
-    -webkit-animation-iteration-count: 1;
-    -webkit-transition-timing-function: ease;
-    animation-duration: 1s;
-    animation-iteration-count: 1;
-    transition-timing-function: ease;
-    -webkit-animation-name: shake;
-    animation-name: shake;
-}
-
-.formdesign button, .btn {
-    border-radius: 3px;
-    padding: 10px;
-    display: block;
-    background: #515c5a;
-    color: #cdd9d7;
-    text-decoration: none;
-    float: right;
-    border: none;
-    margin-left: 10px;
-}
-
-.formdesign button.btn-danger, a.btn-danger {
-    background: #bf6e62;
-}
-
-.formdesign button:hover, .btn:hover {
-    -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, .1);
-    -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, .1);
-    box-shadow: inset 0 1px 2px rgba(0, 0, 0, .1);
-    background: rgba(0, 0, 0, .05);
-}
-
-.formdesign button.btn-danger:hover, a.btn-danger:hover {
-    -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, .1);
-    -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, .1);
-    box-shadow: inset 0 1px 2px rgba(0, 0, 0, .1);
-    background: #814d3e;
-}
-
-.formdesign button.btn-left, a.btn-left {
-    float: left;
-    margin-left: 0;
-}
-a.back {
-    text-indent: -9999px;
-    background: url("../img/back.png") no-repeat center center #909795;
-    padding: 10px 5px;
-}
-a.back:hover {
-    background-image: url("../img/back.png");
-    background-repeat: no-repeat;
-    background-position: center center;
-}
-.formdesign button[disabled] {
-    cursor: default;
-    background-image: none;
-    background-color: #2f3534;
-    opacity: 0.65;
-    color: #3f4746;
-    -webkit-box-shadow: none;
-    -moz-box-shadow: none;
-    box-shadow: none;
-}
-
-/* View Contact */
-
-h2, p {
-    color: #cdd9d7;
-/*     padding: 0; */
- }
-
-
-h2 {
-    margin-top: 10px;
-    margin-bottom: 5px;
-    font-size: 26px;
-    font-weight: 300;
-}
-
-p {
-    font-size: 22px;
-    background: no-repeat left center;
-    padding-left: 35px;
-    padding-bottom: 5px;
-}
-
-p.generic_field { }
-    
-p.email {
-    background-image: url("../img/email.png");
-}
-p.phone {
-    background-image: url("../img/phone.png");
-}
-.col1, .col2 {
-    width: 270px;
-    float: left;
-}
-
-.col2 {
-    margin-top: 75px;
-    margin-right: 30px;
-    float: right;
-}
-
-/*END*/
-
-/* ==========================================================================
-Helper classes
-========================================================================== */
-
-/*
- * Image replacement
- */
-
-.ir {
-    background-color: transparent;
-    border: 0;
-    overflow: hidden;
-    /* IE 6/7 fallback */
-    *text-indent: -9999px;
-}
-
-.ir:before {
-    content: "";
-    display: block;
-    width: 0;
-    height: 100%;
-}
-
-/*
- * Hide from both screenreaders and browsers: h5bp.com/u
- */
-
-.hidden {
-    display: none !important;
-    visibility: hidden;
-}
-
-/*
- * Hide only visually, but have it available for screenreaders: h5bp.com/v
- */
-
-.visuallyhidden {
-    border: 0;
-    clip: rect(0 0 0 0);
-    height: 1px;
-    margin: -1px;
-    overflow: hidden;
-    padding: 0;
-    position: absolute;
-    width: 1px;
-}
-
-/*
- * Extends the .visuallyhidden class to allow the element to be focusable
- * when navigated to via the keyboard: h5bp.com/p
- */
-
-.visuallyhidden.focusable:active,
-.visuallyhidden.focusable:focus {
-    clip: auto;
-    height: auto;
-    margin: 0;
-    overflow: visible;
-    position: static;
-    width: auto;
-}
-
-/*
- * Hide visually and from screenreaders, but maintain layout
- */
-
-.invisible {
-    visibility: hidden;
-}
-
-/*
- * Clearfix: contain floats
- *
- * For modern browsers
- * 1. The space content is one way to avoid an Opera bug when the
- *    `contenteditable` attribute is included anywhere else in the document.
- *    Otherwise it causes space to appear at the top and bottom of elements
- *    that receive the `clearfix` class.
- * 2. The use of `table` rather than `block` is only necessary if using
- *    `:before` to contain the top-margins of child elements.
- */
-
-.clearfix:before,
-.clearfix:after {
-    content: " "; /* 1 */
-    display: table; /* 2 */
-}
-
-.clearfix:after {
-    clear: both;
-}
-
-/*
- * For IE 6/7 only
- * Include this rule to trigger hasLayout and contain floats.
- */
-
-.clearfix {
-    *zoom: 1;
-}
-
diff --git a/src/takserver-core/src/main/webapp/Marti/oauth/index.html b/src/takserver-core/src/main/webapp/Marti/oauth/index.html
deleted file mode 100644
index 8d392f72..00000000
--- a/src/takserver-core/src/main/webapp/Marti/oauth/index.html
+++ /dev/null
@@ -1,35 +0,0 @@
-<!DOCTYPE html>
-<html lang="en" data-ng-app="OAuth2Manager">
-<head>
-    <link rel="icon" type="image/x-icon" href="../favicon.ico" />
-    <meta charset="utf-8">
-    <title>OAuth2 Manager</title>
-
-    <!-- <link rel="stylesheet" href="css/main.css">-->
-    <link rel="stylesheet" href="../tablesorter/style.css" type="text/css" media="print, projection, screen" />
-    <link rel="stylesheet" href="../jquery/jquery-ui.css" type="text/css" media="print, projection, screen" />
-    <link rel="stylesheet" href="../css/bootstrap-theme.min.css" />
-    <link rel="stylesheet" href="../css/bootstrap.min.css">
-
-    <script type="text/javascript" src="../jquery/jquery-3.5.0.js"></script>
-    <script type="text/javascript" src="../jquery/jquery-ui.min.js"></script>
-
-    <script type="text/javascript" src="../lib/angular/angular.min.js"></script>
-    <script type="text/javascript" src="../lib/angular/angular-route.min.js"></script>
-    <script type="text/javascript" src="../lib/angular/angular-resource.min.js"></script>
-    <script type="text/javascript" src="../lib/angular/angular-messages.min.js"></script>
-
-    <script src="js/app.js"></script>
-    <script src="js/controllers.js"></script>
-    <script src="js/services.js"></script>
-</head>
-
-<body style="font:18px arial, sans-serif;">
-<div data-ng-include="'../menubar.html'"></div>
-<div class="content" id="rightViewContainer">
-    <div data-ng-view></div>
-</div>
-<div data-ng-include="'../footer.jsp'"></div>
-</body>
-
-</html>
diff --git a/src/takserver-core/src/main/webapp/Marti/oauth/js/app.js b/src/takserver-core/src/main/webapp/Marti/oauth/js/app.js
deleted file mode 100644
index 6a800a50..00000000
--- a/src/takserver-core/src/main/webapp/Marti/oauth/js/app.js
+++ /dev/null
@@ -1,23 +0,0 @@
-'use strict';
-
-var app = angular.module('OAuth2Manager', ['ngRoute', 'ngResource',  'ngMessages', 'OAuth2ManagerControllers', 'OAuth2ManagerServices']);
-
-app.filter('encodeURIComponent', function() {
-    return window.encodeURIComponent;
-});
-
-app.config(['$routeProvider',
-    function($routeProvider) {
-        $routeProvider.
-        when('/', {
-            templateUrl: 'partials/tokens.html',
-            controller: 'TokenListCtrl'
-        }).
-        when('/viewToken/:token', {
-            templateUrl: 'partials/viewToken.html',
-            controller: 'ViewTokenCtrl'
-        }).
-        otherwise({
-            redirectTo: '/'
-        });
-    }]);
\ No newline at end of file
diff --git a/src/takserver-core/src/main/webapp/Marti/oauth/js/controllers.js b/src/takserver-core/src/main/webapp/Marti/oauth/js/controllers.js
deleted file mode 100644
index aef505d6..00000000
--- a/src/takserver-core/src/main/webapp/Marti/oauth/js/controllers.js
+++ /dev/null
@@ -1,88 +0,0 @@
-'use strict';
-
-var oauth2ManagerControllers = angular.module('OAuth2ManagerControllers', []);
-
-oauth2ManagerControllers.controller('TokenListCtrl', ['$scope', '$location', 'TokenServices',
-    function ($scope, $location, TokenServices) {
-
-        $scope.showRmiError = false;
-
-        $scope.getAll = function() {
-            TokenServices.tokens.query(
-                function(apiResponse) {$scope.tokens = apiResponse.data;},
-                function() {$scope.showRmiError = true;});
-        }
-
-        $scope.toggle = function () {
-            angular.forEach($scope.tokens, function(token) { token.selected = !token.selected; });
-        }
-
-        $scope.revokeToken = function(token) {
-            if (confirm('Are you sure you want to revoke the token?')) {
-                TokenServices.tokens.revoke({token:token.token},
-                    function(apiResponse) {$scope.getAll();},
-                    function() {alert('An unexpected error occurred revoking the token.');});
-            }
-        }
-
-        $scope.getSelected = function () {
-            var tokens = '';
-            angular.forEach($scope.tokens, function(token) {
-                if (token.selected) {
-                    tokens += token.token + ',';
-                }
-            });
-            return tokens;
-        }
-
-        $scope.revokeSelected = function () {
-            var tokens = $scope.getSelected();
-            if (tokens.length == 0) {
-                return;
-            }
-
-            if (!confirm("Are you sure you want to revoke the selected tokens?")) {
-                return;
-            }
-
-            TokenServices.revoke.revoke({tokens:tokens},
-                function(apiResponse) {$scope.getAll();},
-                function() {alert('An unexpected error occurred revoking the token.');});
-        }
-
-        $scope.reverse = false;
-
-        $scope.sortBy = function(sortPropertyName) {
-            $scope.reverse = ($scope.sortPropertyName === sortPropertyName) ? !$scope.reverse : false;
-            $scope.sortPropertyName = sortPropertyName;
-        };
-
-        $scope.getAll();
-    }]);
-
-
-oauth2ManagerControllers.controller('ViewTokenCtrl', ['$scope', '$location', 'ViewTokenService', '$routeParams',
-    function ($scope, $location, ViewTokenService, $routeParams) {
-
-        $scope.showRmiError = false;
-
-        $scope.b64DecodeUnicode = function(str) {
-            return decodeURIComponent(Array.prototype.map.call(atob(str), c =>
-                '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)
-            ).join(''));
-        }
-
-        $scope.token = $routeParams.token;
-
-        $scope.parsedToken = JSON.parse(
-            $scope.b64DecodeUnicode(
-                $scope.token.split('.')[1].replace('-', '+').replace('_', '/')
-            )
-        )
-
-        $scope.backToTokens = function() {
-            $location.path("/");
-        };
-    }]);
-
-
diff --git a/src/takserver-core/src/main/webapp/Marti/oauth/js/services.js b/src/takserver-core/src/main/webapp/Marti/oauth/js/services.js
deleted file mode 100644
index 61852b58..00000000
--- a/src/takserver-core/src/main/webapp/Marti/oauth/js/services.js
+++ /dev/null
@@ -1,23 +0,0 @@
-var services = angular.module('OAuth2ManagerServices', [])
-
-    .factory('TokenServices', function($resource) {
-        return {
-            tokens: $resource('/Marti/api/token/:token', {token: '@_token'}, {
-                'query': {method: "GET", isArray: false},
-                'revoke': {method: "DELETE", isArray: false}
-            }),
-
-            revoke: $resource('/Marti/api/token/revoke/:tokens', {tokens: '@_tokens'}, {
-                'revoke': {method: "DELETE", isArray: false}
-            })
-        };
-    })
-
-    .factory('ViewTokenService', function($resource) {
-        return {
-            tokens: $resource('/Marti/api/token/:token', {token: '@_token'}, {
-                'query': {method: "GET", isArray: false},
-                'revoke': {method: "DELETE", isArray: false}
-            })
-        };
-    })
diff --git a/src/takserver-core/src/main/webapp/Marti/oauth/partials/tokens.html b/src/takserver-core/src/main/webapp/Marti/oauth/partials/tokens.html
deleted file mode 100644
index 60b61ab2..00000000
--- a/src/takserver-core/src/main/webapp/Marti/oauth/partials/tokens.html
+++ /dev/null
@@ -1,71 +0,0 @@
-<style>
-    .nav, .pagination, .carousel, .panel-title a { cursor: pointer; color:blue;}
-
-    .nav:after {
-        content: none;
-    }
-
-    .nav:before {
-        content: none;
-    }
-
-    .sortorder:after {
-        content: '\25b2';   // BLACK UP-POINTING TRIANGLE
-    }
-    .sortorder.reverse:after {
-        content: '\25bc';   // BLACK DOWN-POINTING TRIANGLE
-    }
-</style>
-
-<div id="clientCertificatesView">
-    <div id="clientCertificatesListContainer" class="content" class="listContainer" >
-
-        <div data-ng-show="!showRmiError">
-            <h3>Tokens</h3>
-        </div>
-
-        <div data-ng-show="!showRmiError">
-            <a class="nav" data-ng-click="toggle();" href>Select All</a>&nbsp;
-            <a class="nav" data-ng-click="revokeSelected();" href>Revoke Selected</a>&nbsp;
-        </div>
-
-        <div data-ng-show="!showRmiError && tokens.length > 0">
-            <!-- Use the tablesorter class, but actually following all the steps to enable client side sorting (e.g., invoking tablesorter function, including
-            tablesorter js files, etc., results in a conflict with angular -->
-
-            <table id="tokensList" class="tablesorter">
-                <thead>
-                <tr>
-                    <th>Select</th>
-                    <th><a class="nav" data-ng-click="sortBy('clientId')" href>Client ID</a><span class="sortorder" ng-show="sortPropertyName === 'clientId'" ng-class="{reverse: reverse}"></span></th>
-                    <th><a class="nav" data-ng-click="sortBy('username')" href>Username</a><span class="sortorder" ng-show="sortPropertyName === 'username'" ng-class="{reverse: reverse}"></span></th>
-                    <th><a class="nav" data-ng-click="sortBy('expires')" href>Expires</a><span class="sortorder" ng-show="sortPropertyName === 'expires'" ng-class="{reverse: reverse}"></span></th>
-                    <th>&nbsp;</th>
-                </tr>
-                </thead>
-
-                <tbody>
-                <tr data-ng-repeat="token in tokens | orderBy:sortPropertyName:reverse ">
-                    <td align="center"><input type="checkbox" ng-model="token.selected"></td>
-                    <td data-ng-bind="token.clientId"></td>
-                    <td data-ng-bind="token.username"></td>
-                    <td data-ng-bind="token.expires"></td>
-                    <td><a class="nav" ng-href="#!/viewToken/{{token.token | encodeURIComponent}}">View</a>
-                        <a class="nav" data-ng-click="revokeToken(token)" href>Revoke</a>
-                    </td>
-                </tr>
-                </tbody>
-            </table>
-        </div>
-
-        <div data-ng-show="!showRmiError && tokens.length == 0">
-            <table class="tablesorter"><tr><td colspan="2">No Tokens Found</td></tr></table>
-        </div>
-
-        <div data-ng-show="showRmiError">
-            <h2><font color="dc143c">Tokens Unavailable</font></h2>
-            <p>Error retrieving tokens.</p>
-            <hr/>
-        </div>
-    </div>
-</div>
diff --git a/src/takserver-core/src/main/webapp/Marti/oauth/partials/viewToken.html b/src/takserver-core/src/main/webapp/Marti/oauth/partials/viewToken.html
deleted file mode 100644
index d445d42a..00000000
--- a/src/takserver-core/src/main/webapp/Marti/oauth/partials/viewToken.html
+++ /dev/null
@@ -1,24 +0,0 @@
-<style>
-    .nav, .pagination, .carousel, .panel-title a { cursor: pointer; color:blue;}
-
-    pre {
-        white-space: pre-wrap;
-        word-break: break-word;
-    }
-</style>
-
-
-<div id="viewTokenView">
-    <div id="TokenContainer" class="content" >
-
-        <div data-ng-show="!showRmiError">
-            <pre style="font-family:courier;">{{ parsedToken }}</pre>
-        </div>
-
-        <div data-ng-show="!showRmiError">
-            <pre style="font-family:courier;">{{ token }}</pre>
-        </div>
-
-        <input type="button" data-ng-click="backToTokens()" value="Back To Tokens" />&nbsp;
-    </div>
-</div>
diff --git a/src/takserver-core/src/main/webapp/Marti/sendMissionPackage.jsp b/src/takserver-core/src/main/webapp/Marti/sendMissionPackage.jsp
index 47a6414a..c3c4e58f 100644
--- a/src/takserver-core/src/main/webapp/Marti/sendMissionPackage.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/sendMissionPackage.jsp
@@ -15,7 +15,7 @@
 		<%@ page import="java.util.Collections" %>
 		<%@ page import="com.bbn.marti.remote.SubscriptionManagerLite" %>
 		<%@ page import="com.bbn.marti.remote.RemoteSubscription" %>
-		<%@ page import="com.bbn.marti.util.spring.SpringContextBeanForApi" %>
+		<%@ page import="com.bbn.marti.remote.util.SpringContextBeanForApi" %>
 		
 		
 		
diff --git a/src/takserver-core/src/main/webapp/Marti/trackExport.jsp b/src/takserver-core/src/main/webapp/Marti/trackExport.jsp
index a40948bb..40a04378 100644
--- a/src/takserver-core/src/main/webapp/Marti/trackExport.jsp
+++ b/src/takserver-core/src/main/webapp/Marti/trackExport.jsp
@@ -18,10 +18,11 @@
 <%@ page import="org.owasp.esapi.ESAPI" %>
 <%@ page import="org.owasp.esapi.errors.IntrusionException" %>
 <%@ page import="org.owasp.esapi.errors.ValidationException" %>
+<%@ page import="com.bbn.marti.remote.util.SpringContextBeanForApi" %>
 <%
 	final String context = "trackExport.jsp";
 	Logger log = Logger.getLogger(context);
-    Validator validator = com.bbn.marti.util.spring.SpringContextBeanForApi.getSpringContext().getBean(Validator.class);
+    Validator validator = SpringContextBeanForApi.getSpringContext().getBean(Validator.class);
 	SimpleDateFormat sqlDateFormat = new SimpleDateFormat(Constants.SQL_DATE_FORMAT);
 	SimpleDateFormat cotDateFormat = new SimpleDateFormat(Constants.COT_DATE_FORMAT);
 
@@ -76,10 +77,10 @@
 		}
 		sqlString += "uid=? ORDER BY servertime ASC;";
 		
-		try (java.sql.Connection connection =  com.bbn.marti.util.spring.SpringContextBeanForApi.getSpringContext().getBean(javax.sql.DataSource.class).getConnection(); java.sql.PreparedStatement sqlQuery = com.bbn.marti.util.spring.SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.JDBCQueryAuditLogHelper.class).prepareStatement(sqlString, connection)) {
+		try (java.sql.Connection connection =  SpringContextBeanForApi.getSpringContext().getBean(javax.sql.DataSource.class).getConnection(); java.sql.PreparedStatement sqlQuery = SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.JDBCQueryAuditLogHelper.class).prepareStatement(sqlString, connection)) {
 		
 		sqlQuery.setString(1, uid);
-		try (ResultSet results = com.bbn.marti.util.spring.SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.JDBCQueryAuditLogHelper.class).doQuery(sqlQuery)) {
+		try (ResultSet results = SpringContextBeanForApi.getSpringContext().getBean(com.bbn.marti.JDBCQueryAuditLogHelper.class).doQuery(sqlQuery)) {
 		if(results == null || results.isClosed()) {
 	// do proper error handling... later..
 		}
diff --git a/src/takserver-core/src/main/webapp/Marti/vbm/index.html b/src/takserver-core/src/main/webapp/Marti/vbm/index.html
index 09573c38..9c47643b 100644
--- a/src/takserver-core/src/main/webapp/Marti/vbm/index.html
+++ b/src/takserver-core/src/main/webapp/Marti/vbm/index.html
@@ -38,6 +38,22 @@ <h2>VBM Settings</h2>
           <input data-ng-disabled="!vbm_enabled" type="checkbox" class="custom-control-input" id="customSwitch3" ng-model="chat_disabled" >
           <label class="custom-control-label" for="customSwitch3"> Disable Chat Sharing </label>
         </div>
+
+        <div class="custom-control custom-switch">
+            <input data-ng-disabled="!vbm_enabled" type="checkbox" class="custom-control-input" id="customSwitch4" ng-model="ism_strict_enforcing" >
+            <label class="custom-control-label" for="customSwitch4"> ISM Strict Enforcing </label>
+        </div>
+
+        <div>
+            <input data-ng-disabled="!vbm_enabled" type="text" size="25"  id="customText1" ng-model="ism_url" >
+            <label> ISM URL </label>
+        </div>
+
+        <div>
+            <input data-ng-disabled="!vbm_enabled" type="text" size="25"  id="customText2" ng-model="network_classification" >
+            <label> Network Classification </label>
+        </div>
+
         <button class="btn btn-primary" style="margin-top:20px;" ng-click="save_changes()"> Save changes </button>
     </div>
     <div data-ng-include="'../footer.jsp'"></div>
diff --git a/src/takserver-core/src/main/webapp/Marti/vbm/js/controllers.js b/src/takserver-core/src/main/webapp/Marti/vbm/js/controllers.js
index 0ed9fb04..d7903f63 100644
--- a/src/takserver-core/src/main/webapp/Marti/vbm/js/controllers.js
+++ b/src/takserver-core/src/main/webapp/Marti/vbm/js/controllers.js
@@ -15,6 +15,9 @@ app.controller('vbmController',
 	            $scope.vbm_enabled = current_config.vbmEnabled;
 	            $scope.sa_disabled = current_config.sadisabled;
 	            $scope.chat_disabled = current_config.chatDisabled;
+	            $scope.ism_strict_enforcing = current_config.ismStrictEnforcing;
+				$scope.ism_url = current_config.ismUrl;
+	            $scope.network_classification = current_config.networkClassification;
 
 	          }, function myError(response) {
 	            alert("Error fetching data from server");
@@ -31,6 +34,9 @@ app.controller('vbmController',
 	            vbmEnabled: $scope.vbm_enabled,
 	            sadisabled: $scope.sa_disabled,
 	            chatDisabled: $scope.chat_disabled,
+				ismStrictEnforcing: $scope.ism_strict_enforcing,
+				ismUrl: $scope.ism_url,
+				networkClassification: $scope.network_classification
        		};	
 
 			$http({
diff --git a/src/takserver-core/src/main/webapp/classification/css/main.css b/src/takserver-core/src/main/webapp/classification/css/main.css
deleted file mode 100644
index 9642af4a..00000000
--- a/src/takserver-core/src/main/webapp/classification/css/main.css
+++ /dev/null
@@ -1,123 +0,0 @@
-* {
-    box-sizing: border-box;
-  }
-
-  body {
-    margin: 0px;
-  }  
-
-  /* Style the header */
-  .header {
-    background-color: #f1f1f1;
-    padding: 20px;
-    text-align: center;
-  }
-  
-  /* Style the top navigation bar */
-  .topnav {
-    overflow: hidden;
-    background-color: #333;
-  }
-  
-  /* Style the topnav links */
-  .topnav a {
-    float: left;
-    display: block;
-    color: #f2f2f2;
-    text-align: center;
-    padding: 14px 16px;
-    text-decoration: none;
-  }
-  
-  /* Change color on hover */
-  .topnav a:hover {
-    background-color: #ddd;
-    color: black;
-  }
-  
-  .three_columns_parent {
-    display:flex; /* so that the height of this element depends on the height of its child elements */
-  }
-
-  /* Create three unequal columns that floats next to each other */
-  .column {
-    float: left;
-    padding: 10px;
-    /* height: 700px; */
-  }
-  
-  .left, .right {
-    width: 20%;
-  }
-  
-  .middle {
-    width: 60%;
-  }
-  
-  /* Clear floats after the columns */
-  /* .row:after {
-    content: "";
-    display: table;
-    clear: both;
-  }
-   */
-
-  /* Responsive layout - makes the three columns stack on top of each other instead of next to each other on smaller screens (600px wide or less) */
-  @media screen and (max-width: 600px) {
-    .column {
-      width: 100%;
-    }
-  }
-
-  .dropbox_selected_caveats {
-    float: center;
-    width: 100%;
-    height: 400px;
-    padding: 10px;
-    border: 3px solid #aaaaaa; 
-    overflow: auto;
-    margin-bottom: 10px;
-    margin-top: 10px;
-    display: block;
-  }
-  
-  .list_container {
-    overflow: auto;
-    height: 500px;
-  }
-
-  .columnFF {
-    float: left;
-    width: 50%;
-  }
-  
-  /* Clear floats after the columns */
-  .rowFF:after {
-    content: "";
-    display: table;
-    clear: both;
-  }
-
-  .classification_object {
-    margin-bottom: 2px;
-  }
-
-  .caveat_object {
-    margin-bottom: 2px;
-  }
-
-  .caveat_button {
-    margin-bottom: 2px;
-  }
-
-  .help-block {
-    color: red;
-  }
-
-[ng-drag].dragging {
-    opacity: 0;
-}
-
-[ng-drop].drag-enter {
-    border: solid 5px red;
-}
diff --git a/src/takserver-core/src/main/webapp/classification/default.view.html b/src/takserver-core/src/main/webapp/classification/default.view.html
deleted file mode 100644
index 4ea3711f..00000000
--- a/src/takserver-core/src/main/webapp/classification/default.view.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<h1>Classification Tool</h1>
-
-<p>This tool is used to manage classifications for TAK Server</p>
diff --git a/src/takserver-core/src/main/webapp/classification/index.html b/src/takserver-core/src/main/webapp/classification/index.html
deleted file mode 100644
index 79ec91f7..00000000
--- a/src/takserver-core/src/main/webapp/classification/index.html
+++ /dev/null
@@ -1,116 +0,0 @@
-<!DOCTYPE html>
-<html ng-app="takClassificationApp" >
-<head>
-
-    <link rel="icon" type="image/x-icon" href="../Marti/favicon.ico" />    
-    <meta content="text/html;charset=utf-8" http-equiv="Content-Type">
-    <meta content="utf-8" http-equiv="encoding">
-    <title>Manage Classification</title> 
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    
-    <!-- This jQuery 3.5.0 is needed for the standard TAK header to work -->
-    <script type="text/javascript" src="../Marti/jquery/jquery-3.5.0.js"></script> 
-  
-    <!-- This Classification UI uses the same bower library with user-management UI -->
-    <script src="../user-management/bower_components/angular/angular.min.js"></script>
-    <script src="../user-management/bower_components/angular-route/angular-route.min.js"></script>
-
-    <link rel="stylesheet" href="../user-management/bower_components/bootstrap/dist/css/bootstrap.min.css">
-    <script src="../user-management/bower_components/jquery/dist/jquery.min.js"></script>
-    <script src="../user-management/bower_components/popper.js/dist/umd/popper.min.js"></script>    
-    <script src="../user-management/bower_components/bootstrap/dist/js/bootstrap.min.js"></script>
-
-    <link rel="stylesheet" href="../user-management/bower_components/components-font-awesome/css/font-awesome.min.css">
-
-    <link rel="stylesheet" href="css/main.css">
-
-    <link rel="stylesheet" href="../user-management/bower_components/ng-dialog/css/ngDialog.min.css">
-    <link rel="stylesheet" href="../user-management/bower_components/ng-dialog/css/ngDialog-theme-default.min.css">
-    <script src="../user-management/bower_components/ng-dialog/js/ngDialog.min.js"></script>
-    <script src="../user-management/bower_components/ngDraggable/ngDraggable.js"></script>
-        
-</head>
-<body>
-
-<!-- <div style="font:18px arial, sans-serif;" ng-include="'../Marti/menubar.html'"></div> -->
-<div style="font:18px arial, sans-serif;" ng-include="'../user-management/menubar_modified.html'"></div>
-
-<div ng-controller="takClassificationController">
-
-<!--    <div class="header">
-        <h1>TAK Classification Management</h1>
-    </div> -->
-
-    <div class="three_columns_parent">
-    <div class="column left" style="background-color:#F3F2F1;">
-        <h4 style="display:inline;"> Classifications </h4>
-        <button style="font-size:18px;" ng-click="refresh_classifications()"> <i class="fa fa-refresh"></i> </button> 
-        &nbsp; 
-        <button style="margin-top:10px;" ng-click="open_new_classification_dialog()"><i class="fa fa-plus" aria-hidden="true"></i> New </button>
-         
-        <p style="margin-top:10px;">Search <input type="text" ng-model="classification_search_term"></p>
-
-        <div class="list_container">
-            <div ng-repeat="x in classifications | filter:{level:classification_search_term} | orderBy:'level' ">
-
-                <div class="dropright classification_object" id="button_classification_{{ x.level }}">
-                    <button class="btn btn-success dropdown-toggle" type="button" id="dropdownMenuButton_classification_{{ x.level }}" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-                        {{ x.level }}
-                    </button>
-                    <div class="dropdown-menu" aria-labelledby="dropdownMenuButton_classification_{{ x.level }}">
-                      <a class="dropdown-item" href="#!set_caveats_for_classification" ng-click="find_caveats_for_classification(x.level)">View/Edit Caveats</a>
-                      <a class="dropdown-item" ng-click="delete_classification(x.level)">Delete Classification</a>
-                    </div>
-                </div>
-
-            </div>
-        </div>
-
-
-
-    </div>
-    <div class="column middle" style="background-color:white;">
-        <div ng-view></div>
-
-    </div>
-    <div class="column right" style="background-color:#F3F2F1;">
-        <h4 style="display:inline;"> Caveats </h4> 
-        <button style="font-size:18px;" ng-click="refresh_caveats()"> <i class="fa fa-refresh"></i> </button> 
-        &nbsp; 
-        <button style="margin-top:10px;" ng-click="open_new_caveat_dialog()"><i class="fa fa-plus" aria-hidden="true"></i> New Caveat</button>
-        
-        <p style="margin-top:10px;">Search <input type="text" ng-model="caveat_search_term"></p>
-
-        <div class="list_container" ng-drop="true" ng-drop-success="onDropCompleteToCaveatRepo($data,$event)" > 
-            <div ng-repeat="x in caveats | filter:{name:caveat_search_term} | orderBy:'name' ">
-                
-                <div class="dropright caveat_object" id="button_group_{{ x.name }}" ng-drag="true" ng-drag-data="{'caveat': x, 'from': 'caveatRepo'}" data-allow-transform="true" ng-drag-success="onDragComplete($data,$event)">
-                    <button class="btn btn-info dropdown-toggle" type="button" id="dropdownMenuButton_group_{{ x.name }}" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-                        {{ x.name }}
-                    </button>
-                    <div class="dropdown-menu" aria-labelledby="dropdownMenuButton_group_{{ x.name }}">
-                      <a class="dropdown-item" ng-click="delete_caveat(x.name)">Delete caveat</a>
-                    </div>
-                </div>
-
-            </div>
-        </div>
-        <div ng-drag-clone="">
-            <button class="btn btn-info" type="button">{{ clonedData.caveat.name }}</button>
-        </div>
-
-    </div>
-    </div>
-    
-    <div ng-include="'/Marti/footer.jsp'"></div>
-
-</div>
-
-<script src="js/app.js"></script>
-<script src="js/controllers/takClassificationController.js"></script>
-<script src="js/controllers/newClassificationController.js"></script>
-<script src="js/controllers/newCaveatController.js"></script>
-<script src="js/controllers/setCaveatsController.js"></script>
-
-</body>
-</html>
diff --git a/src/takserver-core/src/main/webapp/classification/js/app.js b/src/takserver-core/src/main/webapp/classification/js/app.js
deleted file mode 100644
index c48874c2..00000000
--- a/src/takserver-core/src/main/webapp/classification/js/app.js
+++ /dev/null
@@ -1,13 +0,0 @@
-var app = angular.module('takClassificationApp', ["ngRoute", "ngDraggable", "ngDialog"]);
-
-app.config(function($routeProvider) {
-    $routeProvider
-    .when("/", {
-      templateUrl : "default.view.html"
-    })
-    .when("/set_caveats_for_classification", {
-      templateUrl : "set_caveats_for_classification.view.html",
-      controller: "setCaveatsController"
-    })
-    .otherwise({ redirectTo: '/' });
-  });
diff --git a/src/takserver-core/src/main/webapp/classification/js/controllers/newCaveatController.js b/src/takserver-core/src/main/webapp/classification/js/controllers/newCaveatController.js
deleted file mode 100644
index 9bd8b7a3..00000000
--- a/src/takserver-core/src/main/webapp/classification/js/controllers/newCaveatController.js
+++ /dev/null
@@ -1,51 +0,0 @@
-app.controller('newCaveatController', function($scope, $http) {
-
-    reset_form = function(){
-        // Reset the form model.
-        $scope.new_caveat_name = "";
-        // Set back to pristine.
-        //$scope.form.$setPristine();
-        // Since Angular 1.3, set back to untouched state.
-        //$scope.form.$setUntouched();
-    }
-
-    $scope.new_caveat = function(){
-
-        if ($scope.new_caveat_name.length < 3 || $scope.new_caveat_name.match("^[a-zA-Z0-9_\.\\-]+$") == null){
-
-            alert("Caveat name must be at least 3 characters and must only contain letters, number, hyphen, underscore and dot");
-            return;
-        }
-
-
-        for (const element of $scope.caveats) {
-            if (element.name == $scope.new_caveat_name){
-                alert("Caveat " + $scope.new_caveat_name + " already exists!");
-                return;
-            }
-        }
-
-        $http({
-            method : "POST",
-            url : "/Marti/api/caveat/" + encodeURI($scope.new_caveat_name)
-        }).then(function mySuccess(response) {
-
-            alert("Successfully created new caveat "+ $scope.new_caveat_name);
-            reset_form();
-            $scope.list_caveats();
-
-        }, function myError(response) {
-            if (response.data != null){
-                alert("Error creating caveat. " + response.data.message);
-            } else {
-                alert("Error creating caveat.");
-            }
-            console.error("response status: "+response.status);
-            console.error("response text: "+response.statusText);
-        });
-
-        $scope.closeThisDialog(1);
-
-    }
-
-});
\ No newline at end of file
diff --git a/src/takserver-core/src/main/webapp/classification/js/controllers/newClassificationController.js b/src/takserver-core/src/main/webapp/classification/js/controllers/newClassificationController.js
deleted file mode 100644
index bf166a48..00000000
--- a/src/takserver-core/src/main/webapp/classification/js/controllers/newClassificationController.js
+++ /dev/null
@@ -1,51 +0,0 @@
-app.controller('newClassificationController', function($scope, $http) {
-
-    reset_form = function(){
-        // Reset the form model.
-        $scope.new_classification_level = "";
-        // Set back to pristine.
-        //$scope.form.$setPristine();
-        // Since Angular 1.3, set back to untouched state.
-        //$scope.form.$setUntouched();
-    }
-
-    $scope.new_classification = function(){
-
-        if ($scope.new_classification_level.length < 3 || $scope.new_classification_level.match("^[a-zA-Z0-9_\.\\-]+$") == null){
-
-            alert("Classification level must be at least 3 characters and must only contain letters, number, hyphen, underscore and dot");
-            return;
-        }
-
-
-        for (const element of $scope.classifications) {
-            if (element.name == $scope.new_classification_level){
-                alert("Classification level " + $scope.new_classification_level + " already exists!");
-                return;
-            }
-        }
-
-        $http({
-            method : "POST",
-            url : "/Marti/api/classification/" + encodeURI($scope.new_classification_level)
-        }).then(function mySuccess(response) {
-
-            alert("Successfully created new classification level: "+ $scope.new_classification_level);
-            reset_form();
-            $scope.list_classifications();
-
-        }, function myError(response) {
-            if (response.data != null){
-                alert("Error creating new classification. " + response.data.message);
-            } else {
-                alert("Error creating new classification.");
-            }
-            console.error("response status: "+response.status);
-            console.error("response text: "+response.statusText);
-        });
-
-        $scope.closeThisDialog(1);
-
-    }
-
-});
\ No newline at end of file
diff --git a/src/takserver-core/src/main/webapp/classification/js/controllers/setCaveatsController.js b/src/takserver-core/src/main/webapp/classification/js/controllers/setCaveatsController.js
deleted file mode 100644
index cf01f4cc..00000000
--- a/src/takserver-core/src/main/webapp/classification/js/controllers/setCaveatsController.js
+++ /dev/null
@@ -1,35 +0,0 @@
-app.controller('setCaveatsController', function($scope, $http) {
-
-    $scope.setCaveatsForClassification = function() {
-
-        if ($scope.current_classification_level_to_set_caveats == undefined){
-            alert("Please select Classification to edit from the left panel");
-            return;
-        }
-
-        data = {
-            level: $scope.current_classification_level_to_set_caveats,
-            caveats: $scope.selected_caveats_for_current_classification
-        }
-
-        $http({
-            method : "PUT",
-            url : "/Marti/api/classification",
-            data: JSON.stringify(data)
-        }).then(function mySuccess(response) {
-            if (response.status == 200){
-                alert("Successfully set caveats for classification level " + data.level);
-                $scope.reset_middle_panel();
-            }else{
-                alert("response.status: "+ response.status);
-            }
-
-        }, function myError(response) {
-            alert("Error setting caveats for classification level " + data.level);
-            console.error("response status: "+response.status);
-            console.error("response text: "+response.statusText);
-        });      
-        
-    }
-
-});
\ No newline at end of file
diff --git a/src/takserver-core/src/main/webapp/classification/js/controllers/takClassificationController.js b/src/takserver-core/src/main/webapp/classification/js/controllers/takClassificationController.js
deleted file mode 100644
index e222ad91..00000000
--- a/src/takserver-core/src/main/webapp/classification/js/controllers/takClassificationController.js
+++ /dev/null
@@ -1,246 +0,0 @@
-app.controller('takClassificationController', function($scope, $http, ngDialog) {
-
-    $scope.list_classifications = function(){
-        $http({
-            method : "GET",
-            url : "/Marti/api/classification"
-          }).then(function mySuccess(response) {
-            response_data = angular.fromJson(response.data);
-            // response_data = {
-            //     "data": [{
-            //         "level": "CLASSIFIED",
-            //         "caveats":[{"name":"CUI"}, {"name":"ABC"}]
-            //     },
-            //     {
-            //         "level": "UNCLASSIFIED",
-            //         "caveats":[]
-            //     }]
-            // };
-            $scope.classifications = response_data.data;
-            console.log("$scope.classifications: "+ JSON.stringify($scope.classifications));
-          }, function myError(response) {
-            alert("Error fetching classification data from server");
-            console.error("response status: "+response.status);
-            console.error("response text: "+response.statusText);
-          });
-    }
-
-    $scope.list_caveats = function(){
-        $http({
-            method : "GET",
-            url : "/Marti/api/caveat"
-        }).then(function mySuccess(response) {
-            response_data = angular.fromJson(response.data);
-            // response_data = {
-            //     "data": [{
-            //         "name": "CUI"
-            //     },
-            //     {
-            //         "name": "ABC"
-            //     }]
-            // };
-            $scope.caveats = response_data.data;
-            console.log("$scope.caveats: "+JSON.stringify($scope.caveats));
-        }, function myError(response) {
-            alert("Error fetching list of caveats from server");
-            console.error("response status: "+response.status);
-            console.error("response text: "+response.statusText);
-        });
-    }
-
-    $scope.list_classifications();
-    $scope.list_caveats();
-
-    $scope.refresh_classifications = function(){
-        $scope.list_classifications();
-    }
-
-    $scope.refresh_caveats = function(){
-        $scope.list_caveats();
-    }
-
-    $scope.reset_middle_panel = function(){
-        $scope.current_classification_level_to_set_caveats = undefined;
-        $scope.selected_caveats_for_current_classification = [];
-    }
-
-    $scope.refresh_middle_panel = function(){
-        
-        if ($scope.current_classification_level_to_set_caveats == undefined || $scope.current_classification_level_to_set_caveats == ""){
-            return;
-        } else{
-            $scope.find_caveats_for_classification($scope.current_classification_level_to_set_caveats);
-        }
-    }
-
-
-    $scope.find_caveats_for_classification = function(level){
-        
-        $scope.current_classification_level_to_set_caveats = level;
-
-        // var found = false;
-        // for (let item in $scope.classifications){
-        //     if ($scope.classifications[item].level == level){
-        //         caveat_list = $scope.classifications[item].caveats;
-        //         found = true;
-        //         break;
-        //     }
-        // }
-        // if (found) {
-        //     $scope.selected_caveats_for_current_classification = caveat_list; //[{"name":"CUI"}, {"name":"ABC"}]
-        // } else{ 
-        //    $scope.selected_caveats_for_current_classification = [];
-        //    alert("Could not find classification level " + level);
-        // }  
-
-        $http({
-            method : "GET",
-            url : "/Marti/api/classification/" + encodeURI(level)
-          }).then(function mySuccess(response) {
-            response_data = angular.fromJson(response.data);
-            
-            if (response_data.data == undefined){ // No such classification exists
-                $scope.reset_middle_panel();
-            }else{
-                $scope.selected_caveats_for_current_classification = response_data.data.caveats; //[{"name":"CUI"}, {"name":"ABC"}]
-            }
-
-          }, function myError(response) {
-             $scope.reset_middle_panel();
-             alert("Error fetching caveats from server");
-          });
-
-    }
-
-    $scope.delete_classification = function(level) {
-
-        var confirmDialog = ngDialog.openConfirm({
-            template:'\
-                <p>Are you sure you want to delete classification '+level+' ?</p>\
-                <div class="ngdialog-buttons">\
-                    <button type="button" class="ngdialog-button ngdialog-button-secondary" ng-click="closeThisDialog()">No</button>\
-                    <button type="button" class="ngdialog-button ngdialog-button-primary" ng-click="confirm(1)">Yes</button>\
-                </div>',
-            plain: true
-        }).then(function (confirm) {
-            $http({
-                method : "DELETE",
-                url : "/Marti/api/classification/" + encodeURI(level)
-            }).then(function mySuccess(response) {
-                if (response.status == 200){
-                    alert("Successfully deleted classification " + level);
-                }else{
-                    alert("response.status: "+ response.status);
-                }
-                console.log("response.data: "+ response.data);
-                $scope.list_classifications();
-                $scope.refresh_middle_panel();
-
-            }, function myError(response) {
-                alert("Error deleting classification");
-                console.error("response status: "+response.status);
-                console.error("response text: "+response.statusText);
-            });
-          }, function(reject) {
-            
-          });
-
-    };
-
-    $scope.delete_caveat = function(caveat_name){
-
-        var confirmDialog = ngDialog.openConfirm({
-            template:'\
-                <p>Are you sure you want to delete caveat '+caveat_name+' ?</p>\
-                <div class="ngdialog-buttons">\
-                    <button type="button" class="ngdialog-button ngdialog-button-secondary" ng-click="closeThisDialog()">No</button>\
-                    <button type="button" class="ngdialog-button ngdialog-button-primary" ng-click="confirm(1)">Yes</button>\
-                </div>',
-            plain: true
-        }).then(function (confirm) {
-
-            $http({
-                method : "DELETE",
-                url : "/Marti/api/caveat/" + encodeURI(caveat_name)
-            }).then(function mySuccess(response) {
-                if (response.status == 200){
-                    alert("Successfully deleted caveat " + caveat_name);
-                }else{
-                    alert("response.status: "+ response.status);
-                }
-                console.log("response.data: "+ response.data);
-                $scope.list_caveats();
-                $scope.refresh_middle_panel();
-
-            }, function myError(response) {
-                alert("Error deleting caveat");
-                console.error("response status: "+response.status);
-                console.error("response text: "+response.statusText);
-            });
-          }, function(reject) {
-            
-          });
-
-    }
-
-    $scope.onDropCompleteToSelectedCaveats = function(data, evt) {
-        console.log("onDropCompleteToSelectedCaveats , data:", data);
-
-        if ($scope.selected_caveats_for_current_classification == null){
-            $scope.selected_caveats_for_current_classification = [];
-        }
-
-        // add to this drop box
-        if (!$scope.selected_caveats_for_current_classification.includes(data.caveat)){
-            $scope.selected_caveats_for_current_classification.push(data.caveat);
-        }
-
-    }
-
-    $scope.onDropCompleteToCaveatRepo = function(data, evt) {
-        console.log("onDropCompleteToCaveatRepo , data:", data);
-
-        if (data == null){
-            return;
-        }
-        // remove from previous drop box if necessary
-        if (data.from == 'selectedCaveats'){
-            index = $scope.selected_caveats_for_current_classification.indexOf(data.caveat);
-            if (index != -1){
-                $scope.selected_caveats_for_current_classification.splice(index, 1);
-            }
-        }
-    }
-      
-    $scope.onDragComplete = function(data, evt) {
-        //console.log("onDropComplete, data:", data);
-    }
-
-    $scope.open_new_caveat_dialog = function () {
-        ngDialog.open({
-            template: 'new_caveat.dialog.html', 
-            className: 'ngdialog-theme-default',
-            controller: 'newCaveatController',
-            scope: $scope
-        });
-
-    };
-
-    $scope.open_new_classification_dialog = function () {
-        ngDialog.open({
-            template: 'new_classification.dialog.html', 
-            className: 'ngdialog-theme-default',
-            controller: 'newClassificationController',
-            scope: $scope
-        });
-
-    };
-
-    $scope.showSimpleMessage = function(message){
-        ngDialog.open({
-            template: '<p>'+message+'</p>',
-            plain: true
-        });
-    }
-
-});
\ No newline at end of file
diff --git a/src/takserver-core/src/main/webapp/classification/new_caveat.dialog.html b/src/takserver-core/src/main/webapp/classification/new_caveat.dialog.html
deleted file mode 100644
index 934c40db..00000000
--- a/src/takserver-core/src/main/webapp/classification/new_caveat.dialog.html
+++ /dev/null
@@ -1,15 +0,0 @@
-
-<div>
-    <h2>New Caveat</h2>
-    <form name="form" role="form">
-        <div class="form-group" ng-class="{ 'has-error': form.caveat_name.$dirty && form.caveat_name.$error.required }">
-            <label for="caveat_name">Caveat name</label>
-            <input type="text" name="caveat_name" id="caveat_name" class="form-control" ng-model="new_caveat_name" required />
-            <span ng-show="form.caveat_name.$dirty && form.caveat_name.$error.required" class="help-block">Caveat name is required</span>
-        </div>
-        <div class="form-actions">
-            <button ng-disabled="form.$invalid" class="btn btn-primary" ng-click="new_caveat()"> Add </button>
-            <a class="btn btn-link" ng-click="closeThisDialog()">Cancel</a>
-        </div>
-    </form>
-</div>
diff --git a/src/takserver-core/src/main/webapp/classification/new_classification.dialog.html b/src/takserver-core/src/main/webapp/classification/new_classification.dialog.html
deleted file mode 100644
index 30a34c61..00000000
--- a/src/takserver-core/src/main/webapp/classification/new_classification.dialog.html
+++ /dev/null
@@ -1,15 +0,0 @@
-
-<div>
-    <h2>New Classification</h2>
-    <form name="form" role="form">
-        <div class="form-group" ng-class="{ 'has-error': form.level.$dirty && form.level.$error.required }">
-            <label for="level">Level</label>
-            <input type="text" name="level" id="level" class="form-control" ng-model="new_classification_level" required />
-            <span ng-show="form.level.$dirty && form.level.$error.required" class="help-block">Classification level is required</span>
-        </div>
-        <div class="form-actions">
-            <button ng-disabled="form.$invalid" class="btn btn-primary" ng-click="new_classification()"> Add </button>
-            <a class="btn btn-link" ng-click="closeThisDialog()">Cancel</a>
-        </div>
-    </form>
-</div>
diff --git a/src/takserver-core/src/main/webapp/classification/set_caveats_for_classification.view.html b/src/takserver-core/src/main/webapp/classification/set_caveats_for_classification.view.html
deleted file mode 100644
index 3212a859..00000000
--- a/src/takserver-core/src/main/webapp/classification/set_caveats_for_classification.view.html
+++ /dev/null
@@ -1,27 +0,0 @@
-<div>
-<h2>Set caveats for classification</h2>
-
-<div class="rowFF">
-    <div class="columnFF">Classification level: <b>{{ current_classification_level_to_set_caveats  }} </b></div>
-    <div class="columnFF" style="text-align: right;">
-        <div style="text-align: right;">
-            <button class="btn btn-primary" ng-click="setCaveatsForClassification()"><i class="fa fa-floppy-o" style="font-size:24px;" aria-hidden="true"></i>&nbsp;Update</button>
-        </div>
-    </div>
-</div>
-
-<div>Drag the caveats on the right panel and drop to the box below. <br/>To remove a caveat from the box, drag it back to the right panel</div>
-
-<div class="dropbox_selected_caveats" id="dropbox_selected_caveats" ng-drop="true" ng-drop-success="onDropCompleteToSelectedCaveats($data,$event)">
-    <div style="text-align: center;"> <b>Selected Caveats</b></div>
-
-    <div ng-repeat="x in selected_caveats_for_current_classification">
-
-        <button class="btn btn-info caveat_button" type="button" id="dropdownMenuButton_group_{{ x }}" ng-drag="true" ng-drag-data="{'caveat':x, 'from':'selectedCaveats'}" ng-drag-success="onDragComplete($data,$event)">
-            {{ x.name }}
-        </button>
-
-    </div>
-</div>
-
-</div>
\ No newline at end of file
diff --git a/src/takserver-core/src/main/webapp/user-management/menubar_modified.html b/src/takserver-core/src/main/webapp/user-management/menubar_modified.html
index f9ecdb99..f90b2c5a 100644
--- a/src/takserver-core/src/main/webapp/user-management/menubar_modified.html
+++ b/src/takserver-core/src/main/webapp/user-management/menubar_modified.html
@@ -10,83 +10,83 @@
 
   <style>
     html {
-    font-family: sans-serif;
+	font-family: sans-serif;
     }
     .sidenav {
-    height: 100%;
-    width: 0;
-    position: fixed;
-    z-index: 1;
-    top: 0;
-    right: 0;
-    background-color: #222;
-    overflow-x: hidden;
-    transition: 0.5s;
-    padding-top: 10px;
+	height: 100%;
+	width: 0;
+	position: fixed;
+	z-index: 1;
+	top: 0;
+	right: 0;
+	background-color: #222;
+	overflow-x: hidden;
+	transition: 0.5s;
+	padding-top: 10px;
     }
     .sidenav a {
-    padding: 8px 8px;
-    text-decoration: none;
-    color: #818181;
-    display: block;
-    transition: 0.3s;
+	padding: 8px 8px;
+	text-decoration: none;
+	color: #818181;
+	display: block;
+	transition: 0.3s;
     }
     .sidenav li > a:hover {
-    color: #f1f1f1;
-    background: #2b2f3a;
+	color: #f1f1f1;
+	background: #2b2f3a;
     }
     .menu-button {
-    position: sticky;
-    height: 60px;
-    color: #818181;
-    background-color: #222;
-    padding: 8px 8px 8px 8px;
-    text-decoration: none;
-    width: 100%;
+	position: sticky;
+	height: 60px;
+	color: #818181;
+	background-color: #222;
+	padding: 8px 8px 8px 8px;
+	text-decoration: none;
+	width: 100%;
     }
     .menu-button span {
-    cursor: pointer;
+	cursor: pointer;
     }
 
     .accordion li {
-    list-style: none;
+	list-style: none;
     }
     .accordion:hover {
-    cursor: pointer;
-    color: #f1f1f1;
-    background: #2b2f3a;
+	cursor: pointer;
+	color: #f1f1f1;
+	background: #2b2f3a;
     }
 
     .accordion:after {
-    content: '\02795'; /* Unicode character for "plus" sign (+) */
-    font-size: 13px;
-    color: #777;
-    float: right;
-    margin-left: 5px;
+	content: '\02795'; /* Unicode character for "plus" sign (+) */
+	font-size: 13px;
+	color: #777;
+	float: right;
+	margin-left: 5px;
     }
 
     .active:after {
-    content: "\2796"; /* Unicode character for "minus" sign (-) */
+	content: "\2796"; /* Unicode character for "minus" sign (-) */
     }
     .panel {
-    background-color: #f5f5dc;
-    display: none;
-    overflow: hidden;
+	background-color: #f5f5dc;
+	display: none;
+	overflow: hidden;
     }
     .panel a {
-    padding: 8px 8px 8px;
-    text-decoration: none;
-    color: #818181;
-    display: block;
+	padding: 8px 8px 8px;
+	text-decoration: none;
+	color: #818181;
+	display: block;
     }
 
     .tak_logo {
-    width:50px;
-    height:50px;
-    display:inline-block;
-    margin-top: -4px;
-    margin-left: 10px;
-    filter: drop-shadow(0 2px 3px #cecece);
+	width:50px;
+	height:50px;
+	display:inline-block;
+	margin-top: -4px;
+	margin-left: 10px;
+	filter: drop-shadow(0 2px 3px #cecece);
     }
   </style>
 
@@ -95,32 +95,32 @@
   <div class="menu-button">
     <a href="/index.html">
       <div class='tak_logo'>
-    <svg xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" id="svg2" version="1.1" inkscape:version="0.91 r13725" viewBox="0 0 842.5 805" sodipodi:docname="TAK MIL Vector.svg" inkscape:export-filename="C:\Users\RileyA\Documents\TAK Design\Launcher and Splash\Final Delivery\modified files\vect pieces\simple logo.png" inkscape:export-xdpi="14.635015" inkscape:export-ydpi="14.635015">
-      <metadata id="metadata8">
-        <rdf:rdf>
-          <cc:work rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage">
-          <dc:title></dc:title>
-        </dc:type>
-          </cc:work>
-        </rdf:rdf>
-      </metadata>
-      <defs id="defs6">
-        <linearGradient inkscape:collect="always" id="linearGradient4893">
-          <stop style="stop-color:#6e6e6e;stop-opacity:1" offset="0" id="stop4895"></stop>
-          <stop id="stop4905" offset="0.5" style="stop-color:#ffffff;stop-opacity:1"></stop>
-          <stop style="stop-color:#6e6e6e;stop-opacity:1" offset="1" id="stop4897"></stop>
-        </linearGradient>
-        <linearGradient inkscape:collect="always" xlink:href="#linearGradient4893" id="linearGradient4903" x1="143.88919" y1="402.5" x2="698.61081" y2="402.5" gradientUnits="userSpaceOnUse"> </linearGradient>
-      </defs>
-      <sodipodi:namedview pagecolor="#ffffff" bordercolor="#666666" borderopacity="1" objecttolerance="10" gridtolerance="10" guidetolerance="10" inkscape:pageopacity="0" inkscape:pageshadow="2" inkscape:window-width="1200" inkscape:window-height="1857" id="namedview4" showgrid="false" inkscape:object-nodes="true" inkscape:snap-intersection-paths="false" inkscape:snap-smooth-nodes="true" inkscape:zoom="0.82920348" inkscape:cx="407.2691" inkscape:cy="-13.264391" inkscape:window-x="-8" inkscape:window-y="172" inkscape:window-maximized="1" inkscape:current-layer="svg2"></sodipodi:namedview>
-      <path style="fill:url(#linearGradient4903);fill-opacity:1.0" d="m 406.60249,743.76344 c -6.7326,-5.0886 -17.8661,-13.9223 -24.7411,-19.6304 -17.5932,-14.6071 -61.3248,-58.6747 -77.3979,-77.9925 -89.1195,-107.1108 -141.2829,-228.3029 -156.296,-363.125 -2.4118,-21.659 -4.7208,-60.7744 -4.2056,-71.2469 l 0.3995,-8.12186 16.25,-4.09782 c 88.0141,-22.19478 180.4684,-72.7928 244.7366,-133.93844 8.1052,-7.71133 15.2043,-13.84047 15.7759,-13.62031 0.5717,0.22016 8.8464,7.55763 18.3884,16.3055 42.0414,38.54243 81.2242,65.35266 132.3491,90.55791 35.4975,17.50066 74.22794,31.81699 110.62404,40.89109 l 15.626,3.89579 0.4097,7.5 c 0.6261,11.46447 -2.1385,58.72484 -4.7948,81.96374 -15.4285,134.9784 -63.9842,251.2889 -146.33724,350.5363 -15.7729,19.0086 -58.4623,60.9748 -77.4027,76.0914 -20.6481,16.4796 -45.1907,33.2836 -48.6113,33.2836 -1.3924,0 -8.0401,-4.1635 -14.7726,-9.2521 z" id="path4751-5" inkscape:connector-curvature="0"></path>
-      <path style="fill:#0b0b0b" d="M 404.2674,773.79865 C 361.0723,744.12024 313.994,699.12276 273.363,648.68009 l -12.8375,-15.9375 -98.7002,0 c -84.593,0 -98.7003,-0.2546 -98.7003,-1.78131 0,-2.16073 60.6753,-212.6732 62.446,-216.65619 1.1455,-2.5765 2.0856,-2.8125 11.2035,-2.8125 5.4741,0 10.29,-0.54526 10.7019,-1.21169 0.4118,-0.66642 -1.2275,-8.68205 -3.643,-17.8125 -14.4819,-54.74121 -21.5824,-106.80396 -22.8304,-167.39816 -0.8416,-40.86041 -1.7687,-37.51684 10.872,-39.2115 29.3974,-3.94113 84.9181,-22.90458 125.7763,-42.95968 57.4562,-28.20219 100.0499,-58.509169 145.733,-103.694201 l 17.1342,-16.94745 22.8658,22.43419 c 43.0863,42.273132 80.7773,69.193761 134.3453,95.955561 43.9907,21.97713 98.4353,40.62374 132.2704,45.30099 11.1927,1.54724 10.625,0.17761 10.625,25.63673 0,56.845 -7.2877,121.35496 -19.6182,173.65771 -6.4845,27.50539 -6.9064,25.54953 5.6059,25.98886 9.3224,0.32734 10.4813,0.64108 11.5436,3.125 1.7489,4.08921 61.2187,214.4932 61.2187,216.59158 0,1.54356 -13.3312,1.79723 -95.3125,1.8137 -52.4218,0.01 -95.9277,0.4324 -96.6797,0.9375 -0.752,0.5051 -7.0102,7.94961 -13.9072,16.54336 -30.4811,37.97996 -66.0563,72.81804 -102.2894,100.16989 -22.3778,16.8927 -47.0729,32.33011 -51.7182,32.33011 -1.2008,0 -8.0411,-4.02478 -15.2006,-8.94394 z m 29.2357,-26.56186 c 14.8308,-9.77796 30.9867,-22.10731 47.9152,-36.56651 25.8514,-22.08057 74.3229,-73.45597 72.3364,-76.67014 -1.2468,-2.01745 -259.3819,-1.71396 -259.3721,0.30495 0.028,5.7043 63.3051,71.64062 89.1687,92.9155 22.2036,18.26427 33.7758,26.65976 36.8268,26.71751 1.583,0.03 7.4892,-2.98562 13.125,-6.70131 z m 235.5566,-337.3067 c 1.4275,-1.79756 10.2179,-37.7889 13.9673,-57.1875 7.091,-36.68705 10.7672,-70.10838 12.5807,-114.375 0.8575,-20.93036 0.7701,-27.82834 -0.3655,-28.87439 C 694.4215,208.73729 685.3125,205.99648 675,203.40251 588.0145,181.52255 502.829,134.57486 435.2796,71.286961 l -14.7205,-13.79177 -10.6807,9.8112 c -26.7374,24.56071 -47.9424,41.637539 -70.925,57.117539 -53.2187,35.84548 -117.4005,65.00368 -175.2034,79.59596 -8.9375,2.25626 -17.0047,4.79171 -17.9272,5.63434 -1.3873,1.26723 -1.4381,6.4968 -0.294,30.255 2.6398,54.82109 9.7496,100.90961 23.3838,151.58336 2.4972,9.28125 5.0979,17.57812 5.7794,18.4375 0.9838,1.24051 51.9221,1.5625 247.183,1.5625 195.2601,0 246.1996,-0.322 247.1847,-1.5625 z" id="path4690-7" inkscape:connector-curvature="0" sodipodi:nodetypes="sscsscscssssscsssssscscsssssssccscsssscsscssscsscss"></path>
-      <path style="fill:#080808" d="m 379.99995,381.41191 c -2.6442,-0.72999 -3.1863,-1.71607 -3.5233,-6.40976 -0.5776,-8.04522 0.7591,-13.49898 3.6935,-15.06943 6.4551,-3.45463 12.3298,3.39385 12.3298,14.37345 0,5.05378 -0.4026,5.93261 -3.2064,6.99859 -3.5564,1.35215 -4.7346,1.36573 -9.2936,0.10712 z m 21.8256,-0.99104 c -4.4383,-4.43838 0.3505,-17.89705 6.3682,-17.89705 0.9167,0 3.1598,1.28419 4.9845,2.85375 3.9748,3.41903 5.9356,14.10714 2.9363,16.00636 -3.0201,1.91249 -12.02,1.30592 -14.289,-0.96306 z m 25.1774,0.4773 c -1.9597,-1.43392 -2.2528,-2.79284 -1.6864,-7.81815 0.6929,-6.14732 4.0357,-10.5562 8.0037,-10.5562 5.192,0 11.2402,12.68611 8.2916,17.39155 -1.6468,2.62793 -11.4584,3.288 -14.6089,0.9828 z m 27.997,0.0537 c -2.8128,-1.49278 -3.1243,-2.42141 -3.1178,-9.2949 0.01,-5.74016 0.5966,-8.28785 2.3812,-10.25976 3.2011,-3.53715 7.5183,-3.30579 10.564,0.56612 2.8113,3.57396 4.9322,16.30094 3.033,18.20013 -2.0654,2.0654 -9.5855,2.52642 -12.8604,0.78841 z m -39.2483,-19.7636 c -5.9457,-4.47073 -7.6371,-4.53705 -13.5331,-0.53066 l -4.6117,3.13375 -4.1159,-3.57544 c -8.6965,-7.55438 -11.765,-7.57613 -20.2305,-0.14334 -5.3836,4.72685 -7.6377,4.24334 -10.3435,-2.21863 -1.838,-4.38982 -1.8635,-9.74646 -0.1115,-23.45507 0.2969,-2.32275 -0.6443,-2.55967 -13.276,-3.34165 -7.4775,-0.4629 -15.0075,-1.19604 -16.7333,-1.62919 -4.4093,-1.10666 -11.3594,-6.66716 -13.4948,-10.79665 -2.5505,-4.93212 -2.252,-8.64115 1.3114,-16.29588 2.5692,-5.51887 3.1038,-8.5422 3.0609,-17.31163 -0.029,-5.84375 -0.4731,-14.41156 -0.9878,-19.0396 -0.555,-4.98971 -0.4424,-9.31426 0.2766,-10.625 0.6668,-1.21571 5.3614,-7.11764 10.4323,-13.11537 11.1398,-13.17603 12.5312,-15.69583 11.8568,-21.47273 -0.6008,-5.14613 -2.1867,-4.91477 -3.3743,0.49227 -0.8817,4.0145 -16.2675,19.17081 -18.6557,18.37738 -1.7016,-0.56536 -4.6434,-25.01657 -3.7137,-30.86701 1.7411,-10.956 16.4918,-34.01782 28.6938,-44.86081 7.4451,-6.61591 20.1406,-12.87615 33.6734,-16.6045 8.9952,-2.47824 12.9515,-2.75506 39.375,-2.75506 26.4234,0 30.3797,0.27682 39.375,2.75506 13.5327,3.72835 26.2282,9.98859 33.6733,16.6045 12.202,10.84299 26.9527,33.90481 28.6938,44.86081 0.9297,5.85044 -2.0121,30.30165 -3.7137,30.86701 -2.3881,0.79343 -17.774,-14.36288 -18.6557,-18.37738 -1.1876,-5.40704 -2.7735,-5.6384 -3.3743,-0.49227 -0.6744,5.7769 0.717,8.2967 11.8569,21.47268 5.0709,5.99773 9.7654,11.89966 10.4322,13.11537 0.719,1.31074 0.8316,5.63529 0.2767,10.625 -0.5147,4.62804 -0.9593,13.19585 -0.9878,19.0396 -0.043,8.76943 0.4916,11.79276 3.0608,17.31163 3.5634,7.65473 3.8619,11.36376 1.3114,16.29588 -2.1354,4.12949 -9.0855,9.68999 -13.4948,10.79665 -1.7258,0.43315 -9.2558,1.16629 -16.7333,1.62919 -12.6316,0.78198 -13.5729,1.0189 -13.276,3.34165 1.752,13.70861 1.7265,19.06525 -0.1115,23.45507 -2.7058,6.46197 -4.9599,6.94548 -10.3435,2.21863 -8.4655,-7.43278 -11.534,-7.41103 -20.2304,0.14334 l -4.116,3.57544 -4.6117,-3.13375 c -5.9094,-4.01553 -7.5393,-3.94291 -13.833,0.61626 -2.8472,2.0625 -5.3222,3.71148 -5.5001,3.6644 -0.1778,-0.0471 -2.5163,-1.73459 -5.1966,-3.75 z m -0.022,-29.60189 c 0.4275,-1.89063 1.5442,-6.52218 2.4815,-10.29233 0.994,-3.99851 1.2412,-7.31779 0.5931,-7.96591 -1.6055,-1.60543 -6.7996,4.03945 -10.5782,11.4963 -4.5085,8.89703 -4.285,10.19944 1.7501,10.19944 4.4068,0 5.0651,-0.39333 5.7535,-3.4375 z m 21.7703,1.52685 c 0,-2.93437 -6.8963,-15.91604 -9.8929,-18.62231 -4.0808,-3.68558 -5.3029,-1.17995 -3.3183,6.80313 0.9373,3.77015 2.054,8.4017 2.4815,10.29233 0.6884,3.04417 1.3467,3.4375 5.7535,3.4375 3.6312,0 4.9762,-0.51641 4.9762,-1.91065 z m -47.3939,-34.39354 c 2.7536,-1.40477 7.2461,-4.57741 9.9833,-7.0503 5.4387,-4.91357 7.4278,-4.69314 5.3204,0.58965 -0.7438,1.86438 -1.808,4.51479 -2.3651,5.88979 -1.9233,4.7475 3.0231,-0.53185 8.6989,-9.28446 6.8604,-10.57937 8.7917,-12.23344 11.5958,-9.93109 1.1492,0.94355 4.4869,5.41254 7.417,9.93109 5.6758,8.75261 10.6222,14.03196 8.6989,9.28446 -0.5571,-1.375 -1.6214,-4.02541 -2.3651,-5.88979 -2.1074,-5.28279 -0.1184,-5.50322 5.3204,-0.58965 2.7372,2.47289 7.3656,5.71488 10.2854,7.20443 5.0117,2.55676 5.9064,2.62492 15.9938,1.21851 23.1915,-3.23342 34.424,-13.39408 30.0411,-27.17453 -1.9972,-6.27938 -8.5739,-16.64397 -10.5613,-16.64397 -0.8633,0 -9.1016,3.61006 -18.3072,8.02236 -18.3028,8.77266 -29.6794,12.60091 -33.6767,11.33224 -3.3925,-1.07676 -5.07,-5.78195 -5.3403,-14.9796 -0.2557,-8.70019 -2.0369,-9.40873 -4.2804,-1.70265 -0.8579,2.94705 -2.4048,6.20317 -3.4375,7.23582 -1.67,1.67005 -2.085,1.67005 -3.755,0 -1.0327,-1.03265 -2.5796,-4.28877 -3.4375,-7.23582 -2.2435,-7.70608 -4.0247,-6.99754 -4.2804,1.70265 -0.2703,9.19765 -1.9478,13.90284 -5.3403,14.9796 -3.9973,1.26867 -15.3739,-2.55958 -33.6767,-11.33224 -9.2056,-4.4123 -17.4439,-8.02236 -18.3072,-8.02236 -1.9874,0 -8.5641,10.36459 -10.5613,16.64397 -4.0611,12.7686 5.7213,22.92867 25.5432,26.5295 12.4341,2.25877 15.1246,2.16462 20.7938,-0.72761 z" id="path4768" inkscape:connector-curvature="0"></path>
-      <path style="fill:#000000" d="" id="path4855" inkscape:connector-curvature="0"></path>
-      <path style="fill:#ffffff;fill-opacity:1" d="m 279.11424,580.10645 c -1.65294,-2.35992 -1.94587,-8.25437 -1.94587,-39.1571 l 0,-36.37897 2.89306,-2.7179 c 2.49989,-2.34853 4.33074,-2.71789 13.47186,-2.71789 17.33193,0 16.13508,-3.09704 16.13508,41.75215 0,45.35925 1.32783,41.99785 -16.59005,41.99785 -11.00224,0 -12.18269,-0.23485 -13.96408,-2.77814 z m 62.87485,-0.24107 c -1.5353,-3.36973 -1.3696,-3.72355 25.5227,-54.48079 10.9686,-20.70251 14.7893,-26.875 16.6352,-26.875 3.0301,0 15.4024,23.08883 15.4736,28.87649 0.03,2.42452 -4.6229,13.54423 -12.4222,29.6875 l -12.4699,25.81101 -15.6819,0 c -15.3677,0 -15.7094,-0.0605 -17.0575,-3.01921 z m 94.7513,0.20671 c -0.9546,-1.54688 -3.087,-5.34375 -4.7388,-8.4375 l -3.0032,-5.625 -17.79,-0.34683 c -17.4621,-0.34042 -17.7892,-0.39802 -17.7445,-3.125 0.025,-1.52799 2.697,-7.84067 5.9375,-14.02817 5.0221,-9.58909 6.3995,-11.3084 9.3295,-11.64553 2.1372,-0.24591 3.4375,-1.14469 3.4375,-2.37603 0,-1.08928 -5.0625,-11.80776 -11.25,-23.81885 -6.1875,-12.0111 -11.2421,-22.75439 -11.2325,-23.87398 0.01,-1.11958 3.1466,-8.11593 6.9711,-15.54745 5.716,-11.10708 7.4035,-13.443 9.4813,-13.125 1.9647,0.30068 9.3477,13.82804 33.1485,60.7362 17.0529,33.60894 30.3082,61.16383 29.9154,62.1875 -0.5665,1.47631 -3.6601,1.83814 -15.7158,1.83814 -14.2187,0 -15.1019,-0.14833 -16.746,-2.8125 z m 52.7685,0.74654 c -1.3867,-1.66994 -1.7825,-12.93603 -2.0648,-58.77009 l -0.3492,-56.70412 3.2269,-3.22686 c 3.0724,-3.07239 3.7675,-3.20606 14.5229,-2.79241 16.2444,0.62474 16.0737,0.32744 16.0737,27.99915 0,11.91451 0.5042,21.97434 1.1204,22.35518 0.6162,0.38083 3.2618,-2.1156 5.8791,-5.54765 5.5742,-7.30937 8.628,-8.72385 11.746,-5.4406 1.2109,1.2751 14.208,18.91211 28.8824,39.19336 20.4254,28.2295 26.6886,37.7542 26.714,40.625 l 0.033,3.75 -16.4798,0.3482 -16.4798,0.34821 -6.751,-8.47321 c -3.713,-4.66026 -12.4943,-15.92633 -19.514,-25.0357 -7.0196,-9.10938 -13.2654,-16.5625 -13.8794,-16.5625 -0.614,0 -1.2918,10.45265 -1.5062,23.2281 -0.4717,28.10872 0.3947,26.7719 -17.3507,26.7719 -9.7348,0 -12.4443,-0.40494 -13.8236,-2.06596 z m 61.6414,-81.0374 c -4.2526,-5.83185 -7.7319,-11.65371 -7.7319,-12.93749 0,-1.28377 4.194,-7.687 9.32,-14.22939 10.5503,-13.46556 10.5799,-13.47976 28.1425,-13.47976 9.1548,0 11.2472,0.38362 13.0684,2.39601 2.713,2.99785 3.0556,2.3259 -14.5533,28.54149 -17.0187,25.33672 -16.8839,25.2904 -28.2457,9.70914 z m -301.20378,-8.84252 c -2.5634,-1.79547 -2.77814,-2.93561 -2.77814,-14.75 0,-8.2921 0.52859,-13.33271 1.5,-14.30412 1.10894,-1.10894 12.79027,-1.5 44.80626,-1.5 51.48266,0 47.44376,-1.36516 47.44376,16.03592 0,17.69858 3.4939,16.46408 -46.59688,16.46408 -35.62534,0 -41.99569,-0.27935 -44.375,-1.94588 z" id="path4872" inkscape:connector-curvature="0"></path>
-    </svg>
+	<svg xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" id="svg2" version="1.1" inkscape:version="0.91 r13725" viewBox="0 0 842.5 805" sodipodi:docname="TAK MIL Vector.svg" inkscape:export-filename="C:\Users\RileyA\Documents\TAK Design\Launcher and Splash\Final Delivery\modified files\vect pieces\simple logo.png" inkscape:export-xdpi="14.635015" inkscape:export-ydpi="14.635015">
+	  <metadata id="metadata8">
+	    <rdf:rdf>
+	      <cc:work rdf:about="">
+		<dc:format>image/svg+xml</dc:format>
+		<dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage">
+		  <dc:title></dc:title>
+		</dc:type>
+	      </cc:work>
+	    </rdf:rdf>
+	  </metadata>
+	  <defs id="defs6">
+	    <linearGradient inkscape:collect="always" id="linearGradient4893">
+	      <stop style="stop-color:#6e6e6e;stop-opacity:1" offset="0" id="stop4895"></stop>
+	      <stop id="stop4905" offset="0.5" style="stop-color:#ffffff;stop-opacity:1"></stop>
+	      <stop style="stop-color:#6e6e6e;stop-opacity:1" offset="1" id="stop4897"></stop>
+	    </linearGradient>
+	    <linearGradient inkscape:collect="always" xlink:href="#linearGradient4893" id="linearGradient4903" x1="143.88919" y1="402.5" x2="698.61081" y2="402.5" gradientUnits="userSpaceOnUse"> </linearGradient>
+	  </defs>
+	  <sodipodi:namedview pagecolor="#ffffff" bordercolor="#666666" borderopacity="1" objecttolerance="10" gridtolerance="10" guidetolerance="10" inkscape:pageopacity="0" inkscape:pageshadow="2" inkscape:window-width="1200" inkscape:window-height="1857" id="namedview4" showgrid="false" inkscape:object-nodes="true" inkscape:snap-intersection-paths="false" inkscape:snap-smooth-nodes="true" inkscape:zoom="0.82920348" inkscape:cx="407.2691" inkscape:cy="-13.264391" inkscape:window-x="-8" inkscape:window-y="172" inkscape:window-maximized="1" inkscape:current-layer="svg2"></sodipodi:namedview>
+	  <path style="fill:url(#linearGradient4903);fill-opacity:1.0" d="m 406.60249,743.76344 c -6.7326,-5.0886 -17.8661,-13.9223 -24.7411,-19.6304 -17.5932,-14.6071 -61.3248,-58.6747 -77.3979,-77.9925 -89.1195,-107.1108 -141.2829,-228.3029 -156.296,-363.125 -2.4118,-21.659 -4.7208,-60.7744 -4.2056,-71.2469 l 0.3995,-8.12186 16.25,-4.09782 c 88.0141,-22.19478 180.4684,-72.7928 244.7366,-133.93844 8.1052,-7.71133 15.2043,-13.84047 15.7759,-13.62031 0.5717,0.22016 8.8464,7.55763 18.3884,16.3055 42.0414,38.54243 81.2242,65.35266 132.3491,90.55791 35.4975,17.50066 74.22794,31.81699 110.62404,40.89109 l 15.626,3.89579 0.4097,7.5 c 0.6261,11.46447 -2.1385,58.72484 -4.7948,81.96374 -15.4285,134.9784 -63.9842,251.2889 -146.33724,350.5363 -15.7729,19.0086 -58.4623,60.9748 -77.4027,76.0914 -20.6481,16.4796 -45.1907,33.2836 -48.6113,33.2836 -1.3924,0 -8.0401,-4.1635 -14.7726,-9.2521 z" id="path4751-5" inkscape:connector-curvature="0"></path>
+	  <path style="fill:#0b0b0b" d="M 404.2674,773.79865 C 361.0723,744.12024 313.994,699.12276 273.363,648.68009 l -12.8375,-15.9375 -98.7002,0 c -84.593,0 -98.7003,-0.2546 -98.7003,-1.78131 0,-2.16073 60.6753,-212.6732 62.446,-216.65619 1.1455,-2.5765 2.0856,-2.8125 11.2035,-2.8125 5.4741,0 10.29,-0.54526 10.7019,-1.21169 0.4118,-0.66642 -1.2275,-8.68205 -3.643,-17.8125 -14.4819,-54.74121 -21.5824,-106.80396 -22.8304,-167.39816 -0.8416,-40.86041 -1.7687,-37.51684 10.872,-39.2115 29.3974,-3.94113 84.9181,-22.90458 125.7763,-42.95968 57.4562,-28.20219 100.0499,-58.509169 145.733,-103.694201 l 17.1342,-16.94745 22.8658,22.43419 c 43.0863,42.273132 80.7773,69.193761 134.3453,95.955561 43.9907,21.97713 98.4353,40.62374 132.2704,45.30099 11.1927,1.54724 10.625,0.17761 10.625,25.63673 0,56.845 -7.2877,121.35496 -19.6182,173.65771 -6.4845,27.50539 -6.9064,25.54953 5.6059,25.98886 9.3224,0.32734 10.4813,0.64108 11.5436,3.125 1.7489,4.08921 61.2187,214.4932 61.2187,216.59158 0,1.54356 -13.3312,1.79723 -95.3125,1.8137 -52.4218,0.01 -95.9277,0.4324 -96.6797,0.9375 -0.752,0.5051 -7.0102,7.94961 -13.9072,16.54336 -30.4811,37.97996 -66.0563,72.81804 -102.2894,100.16989 -22.3778,16.8927 -47.0729,32.33011 -51.7182,32.33011 -1.2008,0 -8.0411,-4.02478 -15.2006,-8.94394 z m 29.2357,-26.56186 c 14.8308,-9.77796 30.9867,-22.10731 47.9152,-36.56651 25.8514,-22.08057 74.3229,-73.45597 72.3364,-76.67014 -1.2468,-2.01745 -259.3819,-1.71396 -259.3721,0.30495 0.028,5.7043 63.3051,71.64062 89.1687,92.9155 22.2036,18.26427 33.7758,26.65976 36.8268,26.71751 1.583,0.03 7.4892,-2.98562 13.125,-6.70131 z m 235.5566,-337.3067 c 1.4275,-1.79756 10.2179,-37.7889 13.9673,-57.1875 7.091,-36.68705 10.7672,-70.10838 12.5807,-114.375 0.8575,-20.93036 0.7701,-27.82834 -0.3655,-28.87439 C 694.4215,208.73729 685.3125,205.99648 675,203.40251 588.0145,181.52255 502.829,134.57486 435.2796,71.286961 l -14.7205,-13.79177 -10.6807,9.8112 c -26.7374,24.56071 -47.9424,41.637539 -70.925,57.117539 -53.2187,35.84548 -117.4005,65.00368 -175.2034,79.59596 -8.9375,2.25626 -17.0047,4.79171 -17.9272,5.63434 -1.3873,1.26723 -1.4381,6.4968 -0.294,30.255 2.6398,54.82109 9.7496,100.90961 23.3838,151.58336 2.4972,9.28125 5.0979,17.57812 5.7794,18.4375 0.9838,1.24051 51.9221,1.5625 247.183,1.5625 195.2601,0 246.1996,-0.322 247.1847,-1.5625 z" id="path4690-7" inkscape:connector-curvature="0" sodipodi:nodetypes="sscsscscssssscsssssscscsssssssccscsssscsscssscsscss"></path>
+	  <path style="fill:#080808" d="m 379.99995,381.41191 c -2.6442,-0.72999 -3.1863,-1.71607 -3.5233,-6.40976 -0.5776,-8.04522 0.7591,-13.49898 3.6935,-15.06943 6.4551,-3.45463 12.3298,3.39385 12.3298,14.37345 0,5.05378 -0.4026,5.93261 -3.2064,6.99859 -3.5564,1.35215 -4.7346,1.36573 -9.2936,0.10712 z m 21.8256,-0.99104 c -4.4383,-4.43838 0.3505,-17.89705 6.3682,-17.89705 0.9167,0 3.1598,1.28419 4.9845,2.85375 3.9748,3.41903 5.9356,14.10714 2.9363,16.00636 -3.0201,1.91249 -12.02,1.30592 -14.289,-0.96306 z m 25.1774,0.4773 c -1.9597,-1.43392 -2.2528,-2.79284 -1.6864,-7.81815 0.6929,-6.14732 4.0357,-10.5562 8.0037,-10.5562 5.192,0 11.2402,12.68611 8.2916,17.39155 -1.6468,2.62793 -11.4584,3.288 -14.6089,0.9828 z m 27.997,0.0537 c -2.8128,-1.49278 -3.1243,-2.42141 -3.1178,-9.2949 0.01,-5.74016 0.5966,-8.28785 2.3812,-10.25976 3.2011,-3.53715 7.5183,-3.30579 10.564,0.56612 2.8113,3.57396 4.9322,16.30094 3.033,18.20013 -2.0654,2.0654 -9.5855,2.52642 -12.8604,0.78841 z m -39.2483,-19.7636 c -5.9457,-4.47073 -7.6371,-4.53705 -13.5331,-0.53066 l -4.6117,3.13375 -4.1159,-3.57544 c -8.6965,-7.55438 -11.765,-7.57613 -20.2305,-0.14334 -5.3836,4.72685 -7.6377,4.24334 -10.3435,-2.21863 -1.838,-4.38982 -1.8635,-9.74646 -0.1115,-23.45507 0.2969,-2.32275 -0.6443,-2.55967 -13.276,-3.34165 -7.4775,-0.4629 -15.0075,-1.19604 -16.7333,-1.62919 -4.4093,-1.10666 -11.3594,-6.66716 -13.4948,-10.79665 -2.5505,-4.93212 -2.252,-8.64115 1.3114,-16.29588 2.5692,-5.51887 3.1038,-8.5422 3.0609,-17.31163 -0.029,-5.84375 -0.4731,-14.41156 -0.9878,-19.0396 -0.555,-4.98971 -0.4424,-9.31426 0.2766,-10.625 0.6668,-1.21571 5.3614,-7.11764 10.4323,-13.11537 11.1398,-13.17603 12.5312,-15.69583 11.8568,-21.47273 -0.6008,-5.14613 -2.1867,-4.91477 -3.3743,0.49227 -0.8817,4.0145 -16.2675,19.17081 -18.6557,18.37738 -1.7016,-0.56536 -4.6434,-25.01657 -3.7137,-30.86701 1.7411,-10.956 16.4918,-34.01782 28.6938,-44.86081 7.4451,-6.61591 20.1406,-12.87615 33.6734,-16.6045 8.9952,-2.47824 12.9515,-2.75506 39.375,-2.75506 26.4234,0 30.3797,0.27682 39.375,2.75506 13.5327,3.72835 26.2282,9.98859 33.6733,16.6045 12.202,10.84299 26.9527,33.90481 28.6938,44.86081 0.9297,5.85044 -2.0121,30.30165 -3.7137,30.86701 -2.3881,0.79343 -17.774,-14.36288 -18.6557,-18.37738 -1.1876,-5.40704 -2.7735,-5.6384 -3.3743,-0.49227 -0.6744,5.7769 0.717,8.2967 11.8569,21.47268 5.0709,5.99773 9.7654,11.89966 10.4322,13.11537 0.719,1.31074 0.8316,5.63529 0.2767,10.625 -0.5147,4.62804 -0.9593,13.19585 -0.9878,19.0396 -0.043,8.76943 0.4916,11.79276 3.0608,17.31163 3.5634,7.65473 3.8619,11.36376 1.3114,16.29588 -2.1354,4.12949 -9.0855,9.68999 -13.4948,10.79665 -1.7258,0.43315 -9.2558,1.16629 -16.7333,1.62919 -12.6316,0.78198 -13.5729,1.0189 -13.276,3.34165 1.752,13.70861 1.7265,19.06525 -0.1115,23.45507 -2.7058,6.46197 -4.9599,6.94548 -10.3435,2.21863 -8.4655,-7.43278 -11.534,-7.41103 -20.2304,0.14334 l -4.116,3.57544 -4.6117,-3.13375 c -5.9094,-4.01553 -7.5393,-3.94291 -13.833,0.61626 -2.8472,2.0625 -5.3222,3.71148 -5.5001,3.6644 -0.1778,-0.0471 -2.5163,-1.73459 -5.1966,-3.75 z m -0.022,-29.60189 c 0.4275,-1.89063 1.5442,-6.52218 2.4815,-10.29233 0.994,-3.99851 1.2412,-7.31779 0.5931,-7.96591 -1.6055,-1.60543 -6.7996,4.03945 -10.5782,11.4963 -4.5085,8.89703 -4.285,10.19944 1.7501,10.19944 4.4068,0 5.0651,-0.39333 5.7535,-3.4375 z m 21.7703,1.52685 c 0,-2.93437 -6.8963,-15.91604 -9.8929,-18.62231 -4.0808,-3.68558 -5.3029,-1.17995 -3.3183,6.80313 0.9373,3.77015 2.054,8.4017 2.4815,10.29233 0.6884,3.04417 1.3467,3.4375 5.7535,3.4375 3.6312,0 4.9762,-0.51641 4.9762,-1.91065 z m -47.3939,-34.39354 c 2.7536,-1.40477 7.2461,-4.57741 9.9833,-7.0503 5.4387,-4.91357 7.4278,-4.69314 5.3204,0.58965 -0.7438,1.86438 -1.808,4.51479 -2.3651,5.88979 -1.9233,4.7475 3.0231,-0.53185 8.6989,-9.28446 6.8604,-10.57937 8.7917,-12.23344 11.5958,-9.93109 1.1492,0.94355 4.4869,5.41254 7.417,9.93109 5.6758,8.75261 10.6222,14.03196 8.6989,9.28446 -0.5571,-1.375 -1.6214,-4.02541 -2.3651,-5.88979 -2.1074,-5.28279 -0.1184,-5.50322 5.3204,-0.58965 2.7372,2.47289 7.3656,5.71488 10.2854,7.20443 5.0117,2.55676 5.9064,2.62492 15.9938,1.21851 23.1915,-3.23342 34.424,-13.39408 30.0411,-27.17453 -1.9972,-6.27938 -8.5739,-16.64397 -10.5613,-16.64397 -0.8633,0 -9.1016,3.61006 -18.3072,8.02236 -18.3028,8.77266 -29.6794,12.60091 -33.6767,11.33224 -3.3925,-1.07676 -5.07,-5.78195 -5.3403,-14.9796 -0.2557,-8.70019 -2.0369,-9.40873 -4.2804,-1.70265 -0.8579,2.94705 -2.4048,6.20317 -3.4375,7.23582 -1.67,1.67005 -2.085,1.67005 -3.755,0 -1.0327,-1.03265 -2.5796,-4.28877 -3.4375,-7.23582 -2.2435,-7.70608 -4.0247,-6.99754 -4.2804,1.70265 -0.2703,9.19765 -1.9478,13.90284 -5.3403,14.9796 -3.9973,1.26867 -15.3739,-2.55958 -33.6767,-11.33224 -9.2056,-4.4123 -17.4439,-8.02236 -18.3072,-8.02236 -1.9874,0 -8.5641,10.36459 -10.5613,16.64397 -4.0611,12.7686 5.7213,22.92867 25.5432,26.5295 12.4341,2.25877 15.1246,2.16462 20.7938,-0.72761 z" id="path4768" inkscape:connector-curvature="0"></path>
+	  <path style="fill:#000000" d="" id="path4855" inkscape:connector-curvature="0"></path>
+	  <path style="fill:#ffffff;fill-opacity:1" d="m 279.11424,580.10645 c -1.65294,-2.35992 -1.94587,-8.25437 -1.94587,-39.1571 l 0,-36.37897 2.89306,-2.7179 c 2.49989,-2.34853 4.33074,-2.71789 13.47186,-2.71789 17.33193,0 16.13508,-3.09704 16.13508,41.75215 0,45.35925 1.32783,41.99785 -16.59005,41.99785 -11.00224,0 -12.18269,-0.23485 -13.96408,-2.77814 z m 62.87485,-0.24107 c -1.5353,-3.36973 -1.3696,-3.72355 25.5227,-54.48079 10.9686,-20.70251 14.7893,-26.875 16.6352,-26.875 3.0301,0 15.4024,23.08883 15.4736,28.87649 0.03,2.42452 -4.6229,13.54423 -12.4222,29.6875 l -12.4699,25.81101 -15.6819,0 c -15.3677,0 -15.7094,-0.0605 -17.0575,-3.01921 z m 94.7513,0.20671 c -0.9546,-1.54688 -3.087,-5.34375 -4.7388,-8.4375 l -3.0032,-5.625 -17.79,-0.34683 c -17.4621,-0.34042 -17.7892,-0.39802 -17.7445,-3.125 0.025,-1.52799 2.697,-7.84067 5.9375,-14.02817 5.0221,-9.58909 6.3995,-11.3084 9.3295,-11.64553 2.1372,-0.24591 3.4375,-1.14469 3.4375,-2.37603 0,-1.08928 -5.0625,-11.80776 -11.25,-23.81885 -6.1875,-12.0111 -11.2421,-22.75439 -11.2325,-23.87398 0.01,-1.11958 3.1466,-8.11593 6.9711,-15.54745 5.716,-11.10708 7.4035,-13.443 9.4813,-13.125 1.9647,0.30068 9.3477,13.82804 33.1485,60.7362 17.0529,33.60894 30.3082,61.16383 29.9154,62.1875 -0.5665,1.47631 -3.6601,1.83814 -15.7158,1.83814 -14.2187,0 -15.1019,-0.14833 -16.746,-2.8125 z m 52.7685,0.74654 c -1.3867,-1.66994 -1.7825,-12.93603 -2.0648,-58.77009 l -0.3492,-56.70412 3.2269,-3.22686 c 3.0724,-3.07239 3.7675,-3.20606 14.5229,-2.79241 16.2444,0.62474 16.0737,0.32744 16.0737,27.99915 0,11.91451 0.5042,21.97434 1.1204,22.35518 0.6162,0.38083 3.2618,-2.1156 5.8791,-5.54765 5.5742,-7.30937 8.628,-8.72385 11.746,-5.4406 1.2109,1.2751 14.208,18.91211 28.8824,39.19336 20.4254,28.2295 26.6886,37.7542 26.714,40.625 l 0.033,3.75 -16.4798,0.3482 -16.4798,0.34821 -6.751,-8.47321 c -3.713,-4.66026 -12.4943,-15.92633 -19.514,-25.0357 -7.0196,-9.10938 -13.2654,-16.5625 -13.8794,-16.5625 -0.614,0 -1.2918,10.45265 -1.5062,23.2281 -0.4717,28.10872 0.3947,26.7719 -17.3507,26.7719 -9.7348,0 -12.4443,-0.40494 -13.8236,-2.06596 z m 61.6414,-81.0374 c -4.2526,-5.83185 -7.7319,-11.65371 -7.7319,-12.93749 0,-1.28377 4.194,-7.687 9.32,-14.22939 10.5503,-13.46556 10.5799,-13.47976 28.1425,-13.47976 9.1548,0 11.2472,0.38362 13.0684,2.39601 2.713,2.99785 3.0556,2.3259 -14.5533,28.54149 -17.0187,25.33672 -16.8839,25.2904 -28.2457,9.70914 z m -301.20378,-8.84252 c -2.5634,-1.79547 -2.77814,-2.93561 -2.77814,-14.75 0,-8.2921 0.52859,-13.33271 1.5,-14.30412 1.10894,-1.10894 12.79027,-1.5 44.80626,-1.5 51.48266,0 47.44376,-1.36516 47.44376,16.03592 0,17.69858 3.4939,16.46408 -46.59688,16.46408 -35.62534,0 -41.99569,-0.27935 -44.375,-1.94588 z" id="path4872" inkscape:connector-curvature="0"></path>
+	</svg>
       </div>
     </a>
     <span style="cursor:pointer;float:right;font-size:25px;padding-right:25px" onclick="toggleNav()">&#9776</span>
@@ -128,55 +128,53 @@
   <div style="margin-top:60px;" class='sidenav' id='cssmenu'>
     <ul>
       <li><a href="" class="accordion"><span>Data</span></a>
-    <ul class="panel">
-      <li class='adminOnly'><a href="/Marti/query.jsp"><span>Cot Query</span></a></li>
-      <li><a href="/Marti/EnterpriseSync.jsp"><span>Enterprise Sync</span></a></li>
-      <li><a href="/Marti/sendMissionPackage.jsp"><span>Send Mission Package</span></a></li>
-      <li><a href="/Marti/VideoManager.jsp"><span>Video Feed Manager</span></a></li>
-      <li><a href="/Marti/Missions.jsp"><span>Missions</span></a></li>
-      <li class='last'><a href="/Marti/ExCheck.jsp"><span>ExCheck</span></a></li>
-    </ul>
+	<ul class="panel">
+	  <li class='adminOnly'><a href="/Marti/query.jsp"><span>Cot Query</span></a></li>
+	  <li><a href="/Marti/EnterpriseSync.jsp"><span>Enterprise Sync</span></a></li>
+	  <li><a href="/Marti/sendMissionPackage.jsp"><span>Send Mission Package</span></a></li>
+	  <li><a href="/Marti/VideoManager.jsp"><span>Video Feed Manager</span></a></li>
+	  <li><a href="/Marti/Missions.jsp"><span>Missions</span></a></li>
+	  <li class='last'><a href="/Marti/ExCheck.jsp"><span>ExCheck</span></a></li>
+	</ul>
       </li>
 
       <li><a href="" class='accordion'><span>Situation Awareness</span></a>
-    <ul class='panel'>
-      <li class='adminOnly'><a href="/Marti/ExportMission.jsp"><span>Export Mission</span></a></li>
-      <li class='adminOnly'><a href="/Marti/KmlMasterSA?secago=60"><span>KML SA Feed</span></a></li>
-      <li class='last'><a href="/webtak/index.html"><span>WebTAK</span></a></li>
-    </ul>
+	<ul class='panel'>
+	  <li class='adminOnly'><a href="/Marti/ExportMission.jsp"><span>Export Mission</span></a></li>
+	  <li class='adminOnly'><a href="/Marti/KmlMasterSA?secago=60"><span>KML SA Feed</span></a></li>
+	  <li class='last'><a href="/webtak/index.html"><span>WebTAK</span></a></li>
+	</ul>
       </li>
 
       <li class='adminOnly'><a href="" class='accordion'><span>Configuration</span></a>
-    <ul class='panel'>
-      <li><a href="/Marti/inputs/index.html"><span>Inputs and Data Feeds</span></a></li>
-      <li><a href="/Marti/federation/index.html"><span>Federation</span></a></li>
-      <li><a href="/Marti/certificates/index.html"><span>Federate Certificate Authorities</span></a></li>
-      <li><a href="/Marti/injectors/index.html"><span>Injectors</span></a></li>
-      <li class='last'><a href="/Marti/security/index.html"><span>Security and Authentication</span></a></li>
-    </ul>
+	<ul class='panel'>
+	  <li><a href="/Marti/inputs/index.html"><span>Inputs and Data Feeds</span></a></li>
+	  <li><a href="/Marti/federation/index.html"><span>Federation</span></a></li>
+	  <li><a href="/Marti/certificates/index.html"><span>Federate Certificate Authorities</span></a></li>
+	  <li><a href="/Marti/injectors/index.html"><span>Injectors</span></a></li>
+	  <li class='last'><a href="/Marti/security/index.html"><span>Security and Authentication</span></a></li>
+	</ul>
       </li>
 
       <li class='adminOnly'><a href="" class='accordion'><span>Administrative</span></a>
-    <ul class='panel'>
-      <li><a href="/Marti/database/index.html"><span>Database</span></a></li>
+	<ul class='panel'>
+	  <li><a href="/Marti/database/index.html"><span>Database</span></a></li>
       <li><a href="/Marti/data_retention/index.html"><span>Data Retention</span></a></li>
       <li><a href="/user-management/index.html"><span>Manage Users</span></a></li> 
-      <li><a href="/Marti/clientcerts/index.html"><span>Client Certificates</span></a></li>
-      <li><a href="/Marti/oauth/index.html"><span>Tokens</span></a></li>
-      <li><a href="/Marti/LogManager.jsp"><span>Device Logs</span></a></li>
-      <li><a href="/Marti/profiles/index.html"><span>Device Profiles</span></a></li>
-      <li><a href="/Marti/file/index.html"><span>File Config</span></a></li>
-      <li><a href="/Marti/vbm/index.html"><span>VBM Configuration</span></a></li>
-      <li class='last'><a href="/classification/index.html"><span>Classification</span></a></li>
-    </ul>
+	  <li><a href="/Marti/clientcerts/index.html"><span>Client Certificates</span></a></li>
+	  <li><a href="/Marti/LogManager.jsp"><span>Device Logs</span></a></li>
+	  <li><a href="/Marti/profiles/index.html"><span>Device Profiles</span></a></li>
+	  <li><a href="/Marti/file/index.html"><span>File Config</span></a></li>
+      <li class='last'><a href="/Marti/vbm/index.html"><span>VBM Configuration</span></a></li>
+	</ul>
       </li>
 
       <li><a href="" class='accordion'><span>Monitoring</span></a>
-    <ul class='panel'>
-      <li class='adminOnly'><a href="/Marti/repeater/index.html"><span>Alarms</span></a></li>
-      <li class='adminOnly'><a href="/Marti/metrics/index.html"><span>Metrics Dashboard</span></a></li>
-      <li class='last'><a href="/Marti/clients/index.html"><span>Client Dashboard</span></a></li>
-    </ul>
+	<ul class='panel'>
+	  <li class='adminOnly'><a href="/Marti/repeater/index.html"><span>Alarms</span></a></li>
+  	  <li class='adminOnly'><a href="/Marti/metrics/index.html"><span>Metrics Dashboard</span></a></li>
+	  <li class='last'><a href="/Marti/clients/index.html"><span>Client Dashboard</span></a></li>
+	</ul>
       </li>
       <li class='adminOnly'><a href="/Marti/plugins/index.html"><span>Plugins</span></a></li>
     </ul>
@@ -189,7 +187,7 @@
     </div>
 
 
-    <script type='text/javascript'>
+ <script type='text/javascript'>
       function toggleNav() {
           if (document.getElementById("cssmenu").style.width != "250px") {
               openNav();
diff --git a/src/takserver-core/src/test/java/tak/server/ClusterMessageConverterTests.java b/src/takserver-core/src/test/java/tak/server/ClusterMessageConverterTests.java
index 14dd5b1c..b1abb775 100644
--- a/src/takserver-core/src/test/java/tak/server/ClusterMessageConverterTests.java
+++ b/src/takserver-core/src/test/java/tak/server/ClusterMessageConverterTests.java
@@ -89,7 +89,7 @@ public void deserializeMessageTest() throws DocumentException, ParserConfigurati
 
 		byte[] clusterMessageBytes = converter.cotToDataMessage(chatCot);
 
-		CotEventContainer chatCotDeserialized = converter.dataMessageToCot(clusterMessageBytes);
+		CotEventContainer chatCotDeserialized = converter.dataMessageToCot(clusterMessageBytes, false);
 
 		org.junit.Assert.assertTrue("GeoChat.ANDROID-358982072593830.Green.2b4fb2c4-300d-41e6-9df3-f21b597b87e3".equals(chatCotDeserialized.getUid()));
 	}
diff --git a/src/takserver-core/src/test/java/tak/server/MissionFederationROLTests.java b/src/takserver-core/src/test/java/tak/server/MissionFederationROLTests.java
index 1ad774cb..dd91c44c 100644
--- a/src/takserver-core/src/test/java/tak/server/MissionFederationROLTests.java
+++ b/src/takserver-core/src/test/java/tak/server/MissionFederationROLTests.java
@@ -2,10 +2,12 @@
 
 import com.atakmap.Tak.ROL;
 import com.bbn.marti.remote.sync.MissionHierarchy;
-import com.bbn.marti.sync.federation.MissionEnterpriseSyncRolVisitor;
 import com.fasterxml.jackson.databind.ObjectMapper;
+
 import mil.af.rl.rol.RolLexer;
 import mil.af.rl.rol.RolParser;
+import tak.server.federation.rol.MissionEnterpriseSyncRolVisitor;
+
 import org.antlr.v4.runtime.ANTLRInputStream;
 import org.antlr.v4.runtime.BailErrorStrategy;
 import org.antlr.v4.runtime.CommonTokenStream;
diff --git a/src/takserver-core/src/test/java/tak/server/TakServerTestApplicationConfig.java b/src/takserver-core/src/test/java/tak/server/TakServerTestApplicationConfig.java
index d962199c..0317f234 100644
--- a/src/takserver-core/src/test/java/tak/server/TakServerTestApplicationConfig.java
+++ b/src/takserver-core/src/test/java/tak/server/TakServerTestApplicationConfig.java
@@ -9,6 +9,9 @@
 import java.util.Map;
 import java.util.UUID;
 
+import com.bbn.cluster.ClusterGroupDefinition;
+import com.bbn.marti.config.TAKIgniteConfiguration;
+import com.bbn.marti.remote.config.DistributedConfiguration;
 import org.apache.ignite.Ignite;
 import org.apache.ignite.Ignition;
 import org.apache.ignite.configuration.IgniteConfiguration;
@@ -28,7 +31,7 @@
 import com.bbn.marti.sync.api.PropertiesApi;
 import com.bbn.marti.sync.service.PropertiesService;
 import com.bbn.marti.util.MessagingDependencyInjectionProxy;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.MapperFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -40,12 +43,14 @@
 import ch.qos.logback.classic.spi.ILoggingEvent;
 import ch.qos.logback.core.FileAppender;
 import tak.server.ignite.IgniteConfigurationHolder;
+import tak.server.ignite.IgniteHolder;
 import tak.server.messaging.MessageConverter;
 
 @Configuration
 public class TakServerTestApplicationConfig {
 
 	public static final String JARG_KEY_IGNITE_TEST_LOG_FILE = "tak.server.test.logging.targetPath";
+	private static final org.slf4j.Logger logger = LoggerFactory.getLogger(TakServerTestApplicationConfig.class);
 
 	@Bean
 	Marshaller jaxbMarshaller() {
@@ -71,6 +76,14 @@ MessageConverter clusterMessageConverter() {
 		return new MessageConverter();
 	}
 
+	@Bean
+	public DistributedConfiguration getDistributedConfiguration() {
+		DistributedConfiguration distributedConfiguration = DistributedConfiguration.getInstance();
+
+		return distributedConfiguration;
+	}
+
+
 	@MockBean
 	GroupManager groupManager;
 
@@ -129,10 +142,70 @@ public boolean isCluster() {
 	
 	@Bean 
 	Ignite ignite() {
-		IgniteConfigurationHolder.getInstance().setConfiguration(IgniteConfigurationHolder.getInstance().getIgniteConfiguration(Constants.MESSAGING_PROFILE_NAME, "127.0.0.1", false, false, true, false, 47500, 100, 47100, 100, 0, 600000, 524288000, 524288000));
-		IgniteConfiguration igniteConfiguration = IgniteConfigurationHolder.getInstance().getConfiguration();
+
+		/**
+		 * Now that there is a separate configuration microservice, it needs to be loaded first, followed by the messaging
+		 * microservice. Specifically, we have to load the DistributedConfiguration as a reference in Ignite to be
+		 * used by the CoreConfigFacade when invoked by the Messaging Microservice.
+		 */
+		// setup the configuration service in Ignite
+		TAKIgniteConfiguration takIgniteConfiguration =	IgniteConfigurationHolder.getInstance().getTAKIgniteConfiguration(
+				"127.0.0.1", false, false, true,
+				false, 47500, 100,
+				47100,100, 0, 600000,
+				524288000,	524288000);
+		IgniteConfiguration igniteConfiguration = IgniteConfigurationHolder.getInstance().getIgniteConfiguration(Constants.CONFIG_PROFILE_NAME, takIgniteConfiguration);
 		String logPath = System.getProperty(JARG_KEY_IGNITE_TEST_LOG_FILE, null);
 
+		if (logPath != null && new File(logPath).isDirectory()) {
+			logPath = Paths.get(logPath).resolve(Constants.CONFIG_PROFILE_NAME + "-ignite.log").toAbsolutePath().toString();
+			LoggerFactory.getLogger(TakServerTestApplicationConfig.class).warn("Redirecting ignite logs to '" + logPath + "'.");
+
+			Logger logger = (Logger) LoggerFactory.getLogger("org.apache.ignite");
+			LoggerContext lc = logger.getLoggerContext();
+
+			FileAppender<ILoggingEvent> fileAppender = new FileAppender<>();
+			fileAppender.setPrudent(true);
+			fileAppender.setFile(logPath);
+			fileAppender.setContext(lc);
+
+			PatternLayout pl = new PatternLayout();
+			pl.setPattern("%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %logger{36} - %msg%n");
+			pl.setContext(lc);
+			pl.start();
+
+			fileAppender.setLayout(pl);
+			fileAppender.start();
+
+			logger.setAdditive(false);
+			logger.addAppender(fileAppender);
+
+			igniteConfiguration.setGridLogger(new Slf4jLogger(logger));
+		}
+
+		Ignite ignite = null;
+
+		try {
+			// start the config microservice
+			ignite = Ignition.getOrStart(igniteConfiguration);
+		}
+		catch(Exception e1) {
+			logger.error("Error starting up the Configuration Ignite cluster.", e1);
+		}
+
+		try {
+			// load the distributed
+			ignite.services(ClusterGroupDefinition.getConfigClusterDeploymentGroup(ignite)).deployNodeSingleton(
+					Constants.DISTRIBUTED_CONFIGURATION, getDistributedConfiguration());
+		}
+		catch(Exception e2) {
+			logger.error("Error deploying the Distributed Configuration to the Configuration Ignite cluster.", e2);
+		}
+
+		igniteConfiguration = IgniteConfigurationHolder.getInstance().getIgniteConfiguration(
+				Constants.MESSAGING_PROFILE_NAME, takIgniteConfiguration);
+		IgniteConfigurationHolder.getInstance().setIgniteConfiguration(igniteConfiguration);
+
 		if (logPath != null && new File(logPath).isDirectory()) {
 			logPath = Paths.get(logPath).resolve(Constants.MESSAGING_PROFILE_NAME + "-ignite.log").toAbsolutePath().toString();
 			LoggerFactory.getLogger(TakServerTestApplicationConfig.class).warn("Redirecting ignite logs to '" + logPath + "'.");
@@ -159,7 +232,15 @@ Ignite ignite() {
 			igniteConfiguration.setGridLogger(new Slf4jLogger(logger));
 		}
 
-		return Ignition.getOrStart(igniteConfiguration);
+		try {
+			ignite = IgniteHolder.getInstance().getIgnite();
+		}
+		catch(Exception e3) {
+			logger.error("Error starting up the Messaging Ignite cluster.", e3);
+		}
+
+
+		return ignite;
 	}
 	
 	@Bean 
@@ -179,7 +260,7 @@ public List<String> findAllUids() {
 
 			@Override
 			public Map<String, Collection<String>> getKeyValuesByUid(String uid) {
-				if(uid == "1234") {
+				if (uid == "1234") {
 					Multimap<String, String> uidKvMap = new ConcurrentMultiHashMap<String, String>();
 					uidKvMap.put("Key1", "value1");
 					uidKvMap.put("Key1", "value2");
@@ -193,7 +274,7 @@ public Map<String, Collection<String>> getKeyValuesByUid(String uid) {
 
 			@Override
 			public List<String> getValuesByKeyAndUid(String uid, String key) {
-				if(uid == "1234" && key == "Key1") {
+				if (uid == "1234" && key == "Key1") {
 					List<String> values = new ArrayList<String>();
 					values.add("value1");
 					values.add("value2");
diff --git a/src/takserver-core/takserver-war/build.gradle b/src/takserver-core/takserver-war/build.gradle
index 7d7eb9c7..ffe124b5 100644
--- a/src/takserver-core/takserver-war/build.gradle
+++ b/src/takserver-core/takserver-war/build.gradle
@@ -22,21 +22,26 @@ javadoc {
 dependencies {
 
   providedCompile group: 'javax.servlet', name: 'javax.servlet-api', version: servlet_api_version
-  providedCompile group: 'javax.mail', name: 'javax.mail-api', version: mail_api_version
+  //providedCompile group: 'javax.mail', name: 'javax.mail-api', version: mail_api_version
+  implementation group: 'jakarta.mail', name: 'jakarta.mail-api', version: jakarta_mail_api_version
   providedCompile group: 'org.apache.tomcat', name: 'tomcat-catalina', version: tomcat_version
 
   // swagger
-  // implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: springdoc_version
-  implementation ("org.springdoc:springdoc-openapi-ui:$springdoc_version") {
+//  implementation ("org.springdoc:springdoc-openapi-ui:$springdoc_version") {
   	  // Added to exclude dom4j 1.6.1, a transitive dependency
-  	  exclude group: 'dom4j', module: 'dom4j'
-  }
+//  	  exclude group: 'dom4j', module: 'dom4j'
+//  }
+    
+  implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: springdoc_version
+  
   implementation(project(':takserver-common'))
+  implementation project(':federation-common')
+  
 
   // cloudwatch metrics
   api group: 'io.awspring.cloud', name: 'spring-cloud-starter-aws', version: spring_cloud_starter_version
-  implementation group: 'io.micrometer', name: 'micrometer-registry-cloudwatch', version: micrometer_cloudwatch_version
-  implementation group: 'io.micrometer', name: 'micrometer-core'
+  implementation group: 'io.micrometer', name: 'micrometer-registry-cloudwatch', version: micrometer_version
+  implementation group: 'io.micrometer', name: 'micrometer-core', version: micrometer_version
 
   implementation group: 'commons-codec', name: 'commons-codec', version: commons_codec_version
   implementation group: 'org.dom4j', name: 'dom4j', version: dom4j_version
@@ -50,32 +55,43 @@ dependencies {
   implementation group: 'commons-validator', name: 'commons-validator', version: commons_validator_version
   implementation group: 'org.apache.commons', name: 'commons-pool2', version: commons_pool_version
   api group: 'org.owasp.esapi', name: 'esapi', version: esapi_version
-  implementation group: 'org.hibernate', name: 'hibernate-core', version: hibernate_version
-  implementation group: 'org.hibernate', name: 'hibernate-entitymanager', version: hibernate_version
-  implementation group: 'org.hibernate', name: 'hibernate-spatial', version: hibernate_version
-  implementation group: 'org.hibernate', name: 'hibernate-validator', version: hibernate_validator_version
-
-  implementation group: 'org.hibernate.javax.persistence', name: 'hibernate-jpa-2.1-api', version: hibernate_jpa_version
+  //implementation group: 'org.hibernate', name: 'hibernate-core', version: hibernate_version
+  //implementation group: 'org.hibernate', name: 'hibernate-entitymanager', version: hibernate_version
+  //implementation group: 'org.hibernate', name: 'hibernate-spatial', version: hibernate_version
+  //implementation group: 'org.hibernate', name: 'hibernate-validator', version: hibernate_validator_version
+  
+  implementation group: 'org.hibernate.orm', name: 'hibernate-core', version: hibernate_version
+  implementation group: 'org.hibernate.orm', name: 'hibernate-entitymanager', version: hibernate_entitymanager_version
+  implementation group: 'org.hibernate.orm', name: 'hibernate-spatial', version: hibernate_version
+  implementation group: 'org.hibernate.validator', name: 'hibernate-validator', version: hibernate_validator_version
+
+  //implementation group: 'org.hibernate.javax.persistence', name: 'hibernate-jpa-2.1-api', version: hibernate_jpa_version
   implementation group: 'com.fasterxml.jackson.core', name: 'jackson-annotations', version: jackson_version
   implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: jackson_version
   implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: jackson_version
   implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: jackson_version
-  implementation group: 'org.jboss', name: 'jandex', version: jandex_version
+  //implementation group: 'org.jboss', name: 'jandex', version: jandex_version
   implementation group: 'org.javassist', name: 'javassist', version: javassist_version
-  implementation group: 'javax.inject', name: 'javax.inject', version: javax_inject_version
-  implementation group: 'org.eclipse.persistence', name: 'javax.persistence', version: javax_persistence_version
-  implementation group: 'org.jboss.logging', name: 'jboss-logging', version: jboss_logging_version
-  implementation group: 'org.jboss.spec.javax.transaction', name: 'jboss-transaction-api_1.2_spec', version: javax_transaction_version
+  //implementation group: 'javax.inject', name: 'javax.inject', version: javax_inject_version
+  //implementation group: 'org.eclipse.persistence', name: 'javax.persistence', version: javax_persistence_version
+  //implementation group: 'org.jboss.logging', name: 'jboss-logging', version: jboss_logging_version
+  //implementation group: 'org.jboss.spec.javax.transaction', name: 'jboss-transaction-api_1.2_spec', version: javax_transaction_version
   implementation group: 'org.slf4j', name: 'jcl-over-slf4j', version: slf4j_version
   api group: 'com.beust', name: 'jcommander', version: jcommander_version
   implementation group: 'com.googlecode.json-simple', name: 'json-simple', version: json_simple_version
   implementation group: 'com.google.code.gson', name: 'gson', version: gson_version
-  implementation group: 'javax.ws.rs', name: 'jsr311-api', version: jsr311_version
+  //implementation group: 'javax.ws.rs', name: 'jsr311-api', version: jsr311_version
   implementation group: 'org.slf4j', name: 'jul-to-slf4j', version: slf4j_version
   implementation group: 'org.gnu.inet', name: 'libidn', version: libidn_version
 
   // required for audit log custom logging filter
   implementation group: 'ch.qos.logback', name: 'logback-classic', version: logback_version
+  implementation group: 'ch.qos.logback.contrib', name: 'logback-jackson', version: logback_jackson_version
+  implementation group: 'ch.qos.logback.contrib', name: 'logback-json-classic', version: logback_jackson_version
+  // https://mvnrepository.com/artifact/org.codehaus.janino/janino License: BSD 3-Clause
+  // required for conditional processing of logback configuration
+  implementation group: 'org.codehaus.janino', name: 'janino', version: janino_version
+
 
   api group: 'org.postgresql', name: 'postgresql', version: postgres_version
   implementation group: 'org.ocpsoft.prettytime', name: 'prettytime', version: prettytime_version
@@ -102,9 +118,9 @@ dependencies {
   implementation group: 'org.springframework.security', name: 'spring-security-messaging', version: spring_security_version
   implementation group: 'org.springframework.security', name: 'spring-security-web', version: spring_security_version
   implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: spring_security_jwt_version
-  api group: 'org.springframework.security.oauth', name: 'spring-security-oauth2', version: spring_security_oauth_version
-  implementation group: 'org.springframework.security.oauth.boot', name: 'spring-security-oauth2-autoconfigure', version: spring_security_oauth2_autoconfigure_version
-  // implementation group: 'org.igniterealtime', name: 'tinder', version: tinder_version
+  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-core', version: spring_security_version
+  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-authorization-server', version: spring_security_oauth2_authorization_server_version
+
   implementation ("org.igniterealtime:tinder:$tinder_version") {
   	  // Added to exclude dom4j 1.6.1, a transitive dependency
   	  exclude group: 'dom4j', module: 'dom4j'
@@ -119,17 +135,24 @@ dependencies {
   implementation ("org.igniterealtime.whack:core:$whack_version") {
   	  // Added to exclude dom4j 1.6.1, a transitive dependency
   	  exclude group: 'dom4j', module: 'dom4j'
+      exclude group: 'org.eclipse.jetty', module: 'jetty-server'
+      exclude group: 'org.eclipse.jetty', module: 'jetty-webapp'
   }
 
   implementation group: 'org.apache.ignite', name: 'ignite-spring-cache-ext', version: ignite_spring_cache_version
 
 
-  implementation 'javax.xml.bind:jaxb-api:' + jaxb_api_version
-  implementation 'javax.activation:activation:' + javax_activation_version
-  implementation('org.glassfish.jaxb:jaxb-runtime:' + jaxb_api_version)
+  //implementation 'javax.xml.bind:jaxb-api:' + jaxb_api_version
+  implementation group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: jakarta_xml_bind_api_version
+  implementation group: 'jakarta.xml.ws', name: 'jakarta.xml.ws-api', version: jakarta_xml_ws_api_version
+  implementation group: 'jakarta.xml.soap', name: 'jakarta.xml.soap-api', version: jakarta_xml_soap_api_version
+  
+  //implementation 'javax.activation:activation:' + javax_activation_version
+  implementation('org.glassfish.jaxb:jaxb-runtime:' + jaxb_glassfish_version)
 
   api name: 'JavaAPIforKml-2.2.2'
   implementation group: 'com.squareup.okhttp3', name: 'okhttp', version: okhttp3_version
+ 
 }
 
 sourceSets {
@@ -148,10 +171,11 @@ openApiGenerate {
   invokerPackage = "org.ism.invoker"
   modelPackage = "org.ism.model"
   configOptions = [
-          dateLibrary: "java8",
+          dateLibrary: "java17",
           annotationLibrary: "none",
           library: "resttemplate",
-          openApiNullable : "false"
+          openApiNullable : "false",
+          useJakartaEe: "true"
   ]
 }
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/locate/LocateApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/locate/LocateApi.java
index c957c9a0..09c53b9a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/locate/LocateApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/locate/LocateApi.java
@@ -3,6 +3,7 @@
 import com.bbn.marti.config.Locate;
 import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.SubmissionInterface;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.groups.Direction;
 import com.bbn.marti.remote.groups.Group;
@@ -19,11 +20,16 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.*;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.util.Date;
+import java.util.NavigableSet;
+import java.util.UUID;
 import java.util.concurrent.ConcurrentSkipListSet;
 
 @Validated
@@ -47,9 +53,6 @@ public class LocateApi {
     @Autowired
     private MissionService missionService;
 
-    @Autowired
-    CoreConfig coreConfig;
-
     @Autowired
     private Validator validator = new MartiValidator();
 
@@ -64,16 +67,16 @@ public void locate(
         boolean status = true;
         try {
 
-            if (coreConfig == null || coreConfig.getRemoteConfiguration() == null) {
+            if (CoreConfigFacade.getInstance() == null || CoreConfigFacade.getInstance().getRemoteConfiguration() == null) {
                 throw new TakException("Unable to find coreConfig");
             }
 
-            if (coreConfig.getRemoteConfiguration().getLocate() == null ||
-                    !coreConfig.getRemoteConfiguration().getLocate().isEnabled()) {
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getLocate() == null ||
+                    !CoreConfigFacade.getInstance().getRemoteConfiguration().getLocate().isEnabled()) {
                 throw new TakException("locate element is missing from coreConfig or is not enabled");
             }
 
-            Locate locateConfig = coreConfig.getRemoteConfiguration().getLocate();
+            Locate locateConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getLocate();
 
             // validate inputs
             validator.getValidInput("LocateApi", Double.toString(latitude),
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/locate/LocateAuthorizationProvider.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/locate/LocateAuthorizationProvider.java
index 2e08ac80..1cdae7c1 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/locate/LocateAuthorizationProvider.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/locate/LocateAuthorizationProvider.java
@@ -1,6 +1,7 @@
 
 package com.bbn.locate;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import com.bbn.marti.remote.CoreConfig;
@@ -10,19 +11,16 @@ class LocateAuthorizationProvider {
 
     private final org.slf4j.Logger logger = LoggerFactory.getLogger(com.bbn.locate.LocateAuthorizationProvider.class);
 
-    @Autowired
-    CoreConfig coreConfig;
-
     public synchronized String getRole() {
         try {
-            if (coreConfig == null
-            || coreConfig.getRemoteConfiguration() == null
-            || coreConfig.getRemoteConfiguration().getLocate() == null
-            || !coreConfig.getRemoteConfiguration().getLocate().isEnabled()) {
+            if (CoreConfigFacade.getInstance() == null
+            || CoreConfigFacade.getInstance().getRemoteConfiguration() == null
+            || CoreConfigFacade.getInstance().getRemoteConfiguration().getLocate() == null
+            || !CoreConfigFacade.getInstance().getRemoteConfiguration().getLocate().isEnabled()) {
                 return "ROLE_NONEXISTENT";
             }
 
-            if (coreConfig.getRemoteConfiguration().getLocate().isRequireLogin()) {
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getLocate().isRequireLogin()) {
                 return "ROLE_WEBTAK";
             } else {
                 return "ROLE_NO_CLIENT_CERT";
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/CotImageBean.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/CotImageBean.java
index 5f04a214..01180b72 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/CotImageBean.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/CotImageBean.java
@@ -335,7 +335,7 @@ public CotMessageList getCotMessagesInBoundary(int limit, double x1, double y1,
 		// Construct SQL query
 		String sqlQuery = "SELECT id, uid, ST_AsKML(event_pt), ST_AsText(event_pt), cot_type, servertime, detail "
 				+ "FROM cot_router WHERE ";
-		if(sinceTimeMillis > 0) {
+		if (sinceTimeMillis > 0) {
 			sqlQuery += " servertime > ? AND ";
 		}
 		if (shouldGroup) {
@@ -351,7 +351,7 @@ public CotMessageList getCotMessagesInBoundary(int limit, double x1, double y1,
 
 			int columnIndex = 1;
 
-			if(sinceTimeMillis > 0) {
+			if (sinceTimeMillis > 0) {
 				preparedQuery.setTimestamp(columnIndex++, new Timestamp(sinceTimeMillis));
 			}
 
@@ -389,12 +389,12 @@ public CotMessageList getCotMessagesInBoundary(int limit, double x1, double y1,
 					// build the String[] for the column
 					String[] row = new String[NUMBER_OF_COLUMNS];
 					for (int i = 0; i < NUMBER_OF_COLUMNS; i++) {
-						if(i == 3) { // Strip out POINT(...)
+						if (i == 3) { // Strip out POINT(...)
 							String s = results.getString(i + 1);
 							row[i] = s.substring(6, s.indexOf(')'));
-						}
-						else
+						} else {
 							row[i] = results.getString(i + 1);
+						}
 					}
 					ret.add(row);
 				}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/CreateSubscriptionServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/CreateSubscriptionServlet.java
index 73a22281..77ab0ea2 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/CreateSubscriptionServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/CreateSubscriptionServlet.java
@@ -7,10 +7,10 @@
 import java.rmi.NotBoundException;
 import java.util.logging.Logger;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathExpressionException;
 import javax.xml.xpath.XPathFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/DBAdminServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/DBAdminServlet.java
index 96aa27a9..5227922d 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/DBAdminServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/DBAdminServlet.java
@@ -8,9 +8,9 @@
 import java.sql.SQLException;
 
 import javax.naming.NamingException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import javax.sql.DataSource;
 
 import org.slf4j.Logger;
@@ -35,16 +35,16 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 		initAuditLog(request);
 
 		for(String s : request.getParameterMap().keySet()) {
-			if(s.compareToIgnoreCase("vacuum") == 0) {
+			if (s.compareToIgnoreCase("vacuum") == 0) {
 				sql = "VACUUM";
 				break;
-			} else if(s.compareToIgnoreCase("reindex") == 0) {
+			} else if (s.compareToIgnoreCase("reindex") == 0) {
 				sql = "REINDEX DATABASE cot";
 				break;
 			}
 		}
 
-		if(sql == null) {
+		if (sql == null) {
 
 			String msg = "Invalid parameters";
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/EditSubscriptionServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/EditSubscriptionServlet.java
index 0d01ec23..7e2b1f3c 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/EditSubscriptionServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/EditSubscriptionServlet.java
@@ -7,9 +7,9 @@
 import java.rmi.NotBoundException;
 import java.rmi.RemoteException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.bbn.marti.remote.SubscriptionManagerLite;
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/EsapiServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/EsapiServlet.java
index c491cc73..ea6ec745 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/EsapiServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/EsapiServlet.java
@@ -4,14 +4,16 @@
 
 import java.io.IOException;
 import java.util.Enumeration;
+import java.util.HashSet;
 import java.util.Map;
+import java.util.Set;
 import java.util.logging.Logger;
 
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang3.StringUtils;
 import org.owasp.esapi.Validator;
@@ -73,14 +75,15 @@ protected Map<String, String[]> validateParams(String context,
 
 		String parameterName = null;
 		try {
-			validator.assertValidHTTPRequestParameterSet(context, request, requiredHttpParameters.keySet(), 
-					optionalHttpParameters.keySet());
+			ValidatorUtils.assertValidHTTPRequestParameterSet(context, request.getParameterMap().keySet(), requiredHttpParameters.keySet(),
+					optionalHttpParameters.keySet(), validator);
+			
 			Enumeration<String> parameters = request.getParameterNames();
 			while (parameters.hasMoreElements()) {
 				parameterName = parameters.nextElement();
 				boolean required = true;
 				HttpParameterConstraints parameter = requiredHttpParameters.get(parameterName);
-				if(parameter == null) {
+				if (parameter == null) {
 					parameter = optionalHttpParameters.get(parameterName);
 					required = false;
 				}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/FileDownloadCounter.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/FileDownloadCounter.java
index 741a9c7d..e327e54a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/FileDownloadCounter.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/FileDownloadCounter.java
@@ -2,14 +2,17 @@
 
 package com.bbn.marti;
 
-import java.util.*;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
 
 public class FileDownloadCounter {
 
 	private static FileDownloadCounter instance = null;
 
 	public static FileDownloadCounter instance() {
-		if(instance == null)
+		if (instance == null)
 			instance = new FileDownloadCounter();
 
 		return instance;
@@ -21,7 +24,7 @@ public void putDownloader(String filename, String downloader) {
 		List<String> downloaders =
 			filesDownloadedByWho.get(filename);
 
-		if(downloaders == null) {
+		if (downloaders == null) {
 			downloaders = new LinkedList<String>();
 			filesDownloadedByWho.put(filename, downloaders);
 		} 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/GetCotDataServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/GetCotDataServlet.java
index 13dabf54..368b9ad9 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/GetCotDataServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/GetCotDataServlet.java
@@ -7,10 +7,10 @@
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import javax.sql.DataSource;
 
 import org.dom4j.Document;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/GetServerTimeServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/GetServerTimeServlet.java
index 1ce18911..ab009928 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/GetServerTimeServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/GetServerTimeServlet.java
@@ -4,9 +4,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 //@WebServlet("/GetTime")
 public class GetServerTimeServlet extends EsapiServlet {
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/KmlMasterSaServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/KmlMasterSaServlet.java
index 739e273e..36edf806 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/KmlMasterSaServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/KmlMasterSaServlet.java
@@ -6,9 +6,9 @@
 import java.io.PrintWriter;
 import java.util.logging.Logger;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.bbn.marti.util.KmlUtils;
 
@@ -66,7 +66,7 @@ protected void writeSubsection(PrintWriter writer, String name, String cotType,
     int secAgo, boolean visible, String baseurl) {
     
     int refreshInterval = 60;
-    if(secAgo > 0) {
+    if (secAgo > 0) {
       refreshInterval = secAgo;
     }
     
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/LatestKMLServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/LatestKMLServlet.java
index b05eab58..bfc1e280 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/LatestKMLServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/LatestKMLServlet.java
@@ -10,9 +10,9 @@
 import java.util.SimpleTimeZone;
 import java.util.logging.Logger;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.ocpsoft.prettytime.PrettyTime;
 import org.owasp.esapi.errors.IntrusionException;
@@ -119,13 +119,13 @@ private void processHttpQuery(HttpServletRequest request, HttpServletResponse re
 		sqlDateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
 		Map<String, String[]> httpParameters = validateParams("LatestKMLServlet", request, response, 
 				requiredHttpParameters, optionalHttpParameters);
-		if(httpParameters == null) {
+		if (httpParameters == null) {
 			// if that is null, then validateParams already did response.sendError
 			return;
 		}
 
          String cotType = getParameterValue(httpParameters, QueryParameter.cotType.name());
-                if(cotType != null) {
+                if (cotType != null) {
                    if (validator != null) {
 			try {
 				cotType = validator.getValidInput(CONTEXT, cotType, MartiValidatorConstants.Regex.CotType.name(), 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/MissionKMLServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/MissionKMLServlet.java
index db31f2ad..b2d8d338 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/MissionKMLServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/MissionKMLServlet.java
@@ -41,10 +41,10 @@
 import java.util.zip.ZipOutputStream;
 
 import javax.naming.NamingException;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import javax.sql.DataSource;
 
 import org.owasp.esapi.ESAPI;
@@ -68,8 +68,7 @@
 import com.bbn.marti.util.CommonUtil;
 import com.bbn.marti.util.Coord;
 import com.bbn.marti.util.KmlUtils;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import com.bbn.security.web.MartiValidator;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.bbn.security.web.MartiValidatorConstants;
 import com.bbn.security.web.MartiValidatorConstants.Regex;
 import com.google.common.base.Strings;
@@ -176,7 +175,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
     	Map<String, String[]> httpParameters = validateParams("MissionKMLServlet", request, response, 
     			requiredHttpParameters, optionalHttpParameters);
 
-    	if(httpParameters == null)
+    	if (httpParameters == null)
     		return;
 
     	String intervalParam = getParameterValue(httpParameters, QueryParameter.interval.name());
@@ -276,7 +275,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
     	AllowedFormat format = AllowedFormat.kml;
     	String formatParam = getParameterValue(httpParameters, QueryParameter.format.name());
 
-    	if(formatParam != null && formatParam.compareToIgnoreCase("kmz") == 0) {
+    	if (formatParam != null && formatParam.compareToIgnoreCase("kmz") == 0) {
     		format = AllowedFormat.kmz;
     	}
 
@@ -348,7 +347,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
     			+ "WHERE servertime BETWEEN ? AND ? and cot_type != 'b-t-f' and cot_type != 'b-f-t-r' and cot_type != 'b-f-t-a'";
 
 
-    	if(uidParam != null) {
+    	if (uidParam != null) {
     		trackQuery += " and uid = ?";
     	}
 
@@ -380,7 +379,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
     			sqlQuery.setTimestamp(1, periodOfInterest.begin);
     			sqlQuery.setTimestamp(2, periodOfInterest.end);
     			
-    			if(uidParam != null) {
+    			if (uidParam != null) {
     				sqlQuery.setString(3, uidParam);
     				sqlQuery.setString(4, filterGroupVector);
     	    	} else {
@@ -488,7 +487,7 @@ public int compare(CotElement thisCot, CotElement thatCot) {
     							// progressively build image url list.
     							KmlUtils.getImageUrlList(qrs, images, Constants.KML_MAX_IMAGE_COUNT, imagePath, kmlDao, uids);
     						}
-    						if(uidParam == null) {
+    						if (uidParam == null) {
     							buildMissionFeatures(qrs, doc, seenUrls, periodOfInterest.end, baseUrl, images, format, true, includeExtendedData, multiTrackThresholdAsInteger, optimizeExportAsBoolean);
     						} else {
     							buildMissionFeatures(qrs, doc, seenUrls, periodOfInterest.end, baseUrl, images, format, false, includeExtendedData, multiTrackThresholdAsInteger, optimizeExportAsBoolean);
@@ -503,11 +502,11 @@ public int compare(CotElement thisCot, CotElement thatCot) {
 
     				if (qrs != null && !qrs.isEmpty()) {
 
-    					if(format.equals(AllowedFormat.kmz)) {
+    					if (format.equals(AllowedFormat.kmz)) {
     						// progressively build image url list.
     						KmlUtils.getImageUrlList(qrs, images, Constants.KML_MAX_IMAGE_COUNT, imagePath, kmlDao, uids);
     					}
-    					if(uidParam == null) {
+    					if (uidParam == null) {
     						buildMissionFeatures(qrs, doc, seenUrls, periodOfInterest.end, baseUrl, images, format, true, includeExtendedData, multiTrackThresholdAsInteger, optimizeExportAsBoolean);
     					} else {
     						buildMissionFeatures(qrs, doc, seenUrls, periodOfInterest.end, baseUrl, images, format, false, includeExtendedData, multiTrackThresholdAsInteger, optimizeExportAsBoolean);
@@ -531,7 +530,7 @@ public int compare(CotElement thisCot, CotElement thatCot) {
     						+ " total duration: " 
     						+ (kmlInitDuration + cotFetchAndDeserializeDuration + dbDuration + kmlDuration + kmlGenDuration));
 
-    				if(format.equals(AllowedFormat.kmz)) {
+    				if (format.equals(AllowedFormat.kmz)) {
     					zip = new ZipOutputStream(responseOutputStream);
 
     					// marshal jak -> doc.kml
@@ -708,7 +707,7 @@ public void buildMissionFeatures(LinkedList<CotElement> qrs, Document doc, Set<A
             List<Placemark> ps = buildTimeseriesLineString(qrs, maxStartTime);
             
             for(Placemark p : ps) {
-                if(includeDescription) {
+                if (includeDescription) {
                     p.withDescription(KmlUtils.buildDescription(last, Constants.KML_MAX_IMAGE_COUNT, baseUrl, "", imageTag));
                 }
                 doc.addToFeature(p); 
@@ -721,7 +720,7 @@ public void buildMissionFeatures(LinkedList<CotElement> qrs, Document doc, Set<A
             if (format.equals(AllowedFormat.kmz) && imageTag) {
                 p.setName("* " + p.getName());
             }
-            if(includeDescription) {
+            if (includeDescription) {
                 p.withDescription(KmlUtils.buildDescription(last, Constants.KML_MAX_IMAGE_COUNT, baseUrl, "", imageTag));
             }
             doc.addToFeature(p);
@@ -758,7 +757,7 @@ protected LinkedList<CotElement> parseUidGroup(ResultSet results)
 
         // seek to the first valid query result -- need a baseline uid for comparison
         CotElement cursor = seekValid(results); 
-        if(cursor != null) {
+        if (cursor != null) {
             // didn't reach the end of the row -- get baseline uid out
             String uid = cursor.uid;
             do {
@@ -938,7 +937,7 @@ public long parseResultsForCotElements(Set<CotElement> cotResultSet, ResultSet r
 
 		// deserialize all cot results
 		CotElement cursor = seekValid(results, queue);
-		if(cursor != null) {
+		if (cursor != null) {
 			// didn't reach the end of the row -- get baseline uid out
 			while(results.next() && (cursor = seekValid(results, queue)) != null);
 		}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/ResubscribeServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/ResubscribeServlet.java
index 7413e447..ec130ae3 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/ResubscribeServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/ResubscribeServlet.java
@@ -9,9 +9,9 @@
 import java.util.Map;
 import java.util.logging.Logger;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import javax.sql.DataSource;
 
 import org.owasp.esapi.errors.IntrusionException;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/TracksKMLServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/TracksKMLServlet.java
index 0a679007..88f1089b 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/TracksKMLServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/TracksKMLServlet.java
@@ -13,9 +13,9 @@
 import java.util.Map;
 
 import javax.naming.NamingException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import javax.sql.DataSource;
 
 import org.apache.commons.io.IOUtils;
@@ -92,7 +92,7 @@ private List<Integer> getNextPrimaryKeyBatchFromSequence(String sequence, int ba
 		try (Connection connection = ds.getConnection(); PreparedStatement sql = wrapper.prepareStatement("select nextval('"+sequence+"') from generate_series(1,?)", connection)) {
 			sql.setInt(1, batchSize);
 			try (ResultSet results = sql.executeQuery()) {
-				if(results != null) {
+				if (results != null) {
 					while(results.next())
 						idBatch.add(results.getInt(1));					
 				}
@@ -269,7 +269,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
             Map<String, String[]> httpParameters = validateParams("tracksKml", request, response, 
             		requiredHttpParameters, optionalHttpParameters);
 
-            if(httpParameters == null)
+            if (httpParameters == null)
                 return;
 
 			String groupVector = martiUtil.getGroupBitVector(request);
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/ValidatorUtils.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/ValidatorUtils.java
new file mode 100644
index 00000000..63b74b55
--- /dev/null
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/ValidatorUtils.java
@@ -0,0 +1,84 @@
+package com.bbn.marti;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import com.bbn.security.web.MartiValidatorConstants;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+
+
+public class ValidatorUtils {
+	
+	/**
+	 * Referenced implementation: https://github.com/ESAPI/esapi-java-legacy/blob/develop/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+	 * @param context
+	 * @param requestParameterKeySet
+	 * @param required
+	 * @param optional
+	 * @throws IntrusionException
+	 * @throws ValidationException
+	 */
+	public static void assertValidHTTPRequestParameterSet(
+	        String context, Set<String> requestParameterKeySet, Set<String> required, Set<String> optional,
+            Validator validator) throws IntrusionException, ValidationException {
+
+        Set<String> given = requestParameterKeySet;
+        Set<String> lowerCase = new HashSet<String>();
+        for (String key : given) {
+            lowerCase.add(key.toLowerCase());
+        }
+
+        // verify ALL required parameters are present
+        Set<String> missing = new HashSet<String>();
+        for (String parameter : required) {
+            if (!lowerCase.contains(parameter.toLowerCase())) {
+                missing.add(parameter);
+            }
+        }
+        if (missing.size() > 0) {
+
+            String message = "Invalid HTTP request missing parameters " + missing + ": context=" + context;
+
+            throw new ValidationException(message, message, context);
+        }
+
+        // verify ONLY optional + required parameters are present
+        Set<String> allowed = new HashSet<String>();
+        for (String parameter : required) {
+            allowed.add(parameter.toLowerCase());
+        }
+        for (String parameter : optional) {
+            allowed.add(parameter.toLowerCase());
+        }
+
+        Set<String> extra = new HashSet<String>();
+        for (String parameter : given) {
+            if (!allowed.contains(parameter.toLowerCase())) {
+                extra.add(parameter);
+            }
+        }
+
+        if (extra.size() > 0) {
+            Iterator<String> extraItr = extra.iterator();
+            StringBuilder badParameters = new StringBuilder();
+            while (extraItr.hasNext()) {
+                String badExtra = extraItr.next();
+                if (validator.isValidInput("assertValidHttpRequestParameterSet", badExtra, "HTTPParameterName",
+                        MartiValidatorConstants.DEFAULT_STRING_CHARS, false)) {
+                    badParameters.append(badExtra);
+                } else {
+                    badParameters.append("[redacted]");
+                }
+                if (extraItr.hasNext()) {
+                    badParameters.append(", ");
+                }
+            }
+
+            throw new ValidationException(context + ": Invalid HTTP request extra parameters (redacted) ",
+                    "Invalid HTTP request extra parameters " + badParameters.toString() + ": context=" + context, context);
+        }
+	}
+}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/CITrapReportAPI.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/CITrapReportAPI.java
index 5f506c67..c3b0cdd3 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/CITrapReportAPI.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/CITrapReportAPI.java
@@ -6,9 +6,10 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.commons.lang3.StringUtils;
 import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.IntrusionException;
@@ -65,10 +66,7 @@ public class CITrapReportAPI extends BaseRestController {
     
     @Autowired
     com.bbn.marti.citrap.PersistenceStore persistenceStore;
-    
-    @Autowired
-    CoreConfig coreConfig;
-    
+
     @Autowired
     ApplicationContext context;
 
@@ -86,9 +84,9 @@ ResponseEntity<String> postReport(
             // Get group vector for the user associated with this session
             String groupVector = martiUtil.getGroupBitVector(request);
         
-            if (reportMP.length > coreConfig.getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB() * 1000000) {
+            if (reportMP.length > CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB() * 1000000) {
                 String message = "Uploaded file exceeds server's size limit of "
-                        + coreConfig.getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB()
+                        + CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB()
                         + " MB! (limit is set in CoreConfig)";
                 logger.error(message);
                 return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
@@ -97,7 +95,7 @@ ResponseEntity<String> postReport(
             ReportType report = ciTrapReportService.addReport(
                     reportMP, clientUid, groupVector, missionService, subscriptionManager,
                     martiUtil.getGroupsFromRequest(request),
-                    coreConfig.getRemoteConfiguration().getCitrap());
+                    CoreConfigFacade.getInstance().getRemoteConfiguration().getCitrap());
             if (report == null) {
                 logger.error("addReport failed");
                 return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/CITrapReportService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/CITrapReportService.java
index b23564ed..a439b2e9 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/CITrapReportService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/CITrapReportService.java
@@ -15,11 +15,11 @@
 import java.util.zip.ZipInputStream;
 import java.util.zip.ZipOutputStream;
 
-import javax.xml.bind.DatatypeConverter;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
+import jakarta.xml.bind.DatatypeConverter;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBException;
+import jakarta.xml.bind.Marshaller;
+import jakarta.xml.bind.Unmarshaller;
 
 import org.json.simple.JSONArray;
 import org.json.simple.JSONObject;
@@ -39,7 +39,7 @@
 import com.bbn.marti.remote.util.SecureXmlParser;
 import com.bbn.marti.sync.Metadata;
 import com.bbn.marti.sync.service.MissionService;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 public class CITrapReportService {
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ListType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ListType.java
index b98372c7..ff88a6dd 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ListType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ListType.java
@@ -10,12 +10,12 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlElements;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlElements;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ObjectFactory.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ObjectFactory.java
index 0f05c12e..23c5cd4a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ObjectFactory.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ObjectFactory.java
@@ -8,9 +8,9 @@
 
 package com.bbn.marti.citrap.reports;
 
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.annotation.XmlElementDecl;
-import javax.xml.bind.annotation.XmlRegistry;
+import jakarta.xml.bind.JAXBElement;
+import jakarta.xml.bind.annotation.XmlElementDecl;
+import jakarta.xml.bind.annotation.XmlRegistry;
 import javax.xml.namespace.QName;
 
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/OptionType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/OptionType.java
index 80f33bed..c3d1e0c9 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/OptionType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/OptionType.java
@@ -8,10 +8,10 @@
 
 package com.bbn.marti.citrap.reports;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ReportType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ReportType.java
index fde488d4..148ecd2d 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ReportType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ReportType.java
@@ -10,8 +10,12 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.*;
-
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 /**
  * <p>Java class for reportType complex type.
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ReportsType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ReportsType.java
index 6bf45861..bb92a418 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ReportsType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/ReportsType.java
@@ -10,8 +10,11 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.*;
-
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 /**
  * <p>Java class for reportsType complex type.
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/SectionType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/SectionType.java
index 060650dd..bb2492f6 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/SectionType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/citrap/reports/SectionType.java
@@ -10,12 +10,12 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlElements;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlElements;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/classification/service/ClassificationService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/classification/service/ClassificationService.java
index 8b1caf4f..eeeb3acd 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/classification/service/ClassificationService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/classification/service/ClassificationService.java
@@ -1,9 +1,11 @@
 package com.bbn.marti.classification.service;
 
 import com.bbn.marti.remote.groups.UserClassification;
+import tak.server.cot.CotEventContainer;
 
 public interface ClassificationService {
 
     boolean canAccess(UserClassification userClassification, String itemClassification);
 
+    boolean canAccess(UserClassification userClassification, CotEventContainer cotEventContainer);
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/classification/service/ClassificationServiceImpl.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/classification/service/ClassificationServiceImpl.java
index 7b13a3b9..90ef9d39 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/classification/service/ClassificationServiceImpl.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/classification/service/ClassificationServiceImpl.java
@@ -9,6 +9,7 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.base.Strings;
@@ -27,15 +28,13 @@
 import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.groups.UserClassification;
 import tak.server.cache.classification.ClassificationCacheHelper;
+import tak.server.cot.CotEventContainer;
 
 
 public class ClassificationServiceImpl implements ClassificationService {
 
     private static final Logger logger = LoggerFactory.getLogger(ClassificationServiceImpl.class);
 
-    @Autowired
-    private CoreConfig config;
-
     @Autowired
     private ClassificationCacheHelper classificationCacheHelper;
 
@@ -43,12 +42,26 @@ public class ClassificationServiceImpl implements ClassificationService {
 
 
     public boolean canAccess(UserClassification userClassification, String itemClassification) {
+
+        // if we don't have the item's classification, fallback to network classification
+        if (Strings.isNullOrEmpty(itemClassification)) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("itemClassification not found, using network classification");
+            }
+
+            CoreConfig config = CoreConfigFacade.getInstance();
+            if (config.getRemoteConfiguration().getVbm() != null
+                    && config.getRemoteConfiguration().getVbm().isEnabled()) {
+                itemClassification = config.getRemoteConfiguration().getVbm().getNetworkClassification();
+            }
+       }
+
         // if we don't have enough input, deny access if strict mode enabled
         if (userClassification == null || Strings.isNullOrEmpty(itemClassification)) {
             if (logger.isDebugEnabled()) {
-                logger.debug(("userClassification or itemClassification not found"));
+                logger.debug(("userClassification and/or itemClassification not found"));
             }
-            return !config.getRemoteConfiguration().getVbm().isIsmStrictEnforcing();
+            return !CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isIsmStrictEnforcing();
         }
 
         // see if we have an item itemClassification result for this userClassification
@@ -96,12 +109,31 @@ public boolean canAccess(UserClassification userClassification, String itemClass
         return result;
     }
 
+    public boolean canAccess(UserClassification userClassification, CotEventContainer cotEventContainer) {
+
+        String itemClassification = null;
+
+        if (!Strings.isNullOrEmpty(cotEventContainer.getAccess())) {
+            itemClassification = cotEventContainer.getAccess();
+
+            if (!Strings.isNullOrEmpty(cotEventContainer.getCaveat())) {
+                itemClassification += "//" + cotEventContainer.getCaveat();
+            }
+
+            if (!Strings.isNullOrEmpty(cotEventContainer.getReleaseableTo())) {
+                itemClassification += "//" + cotEventContainer.getReleaseableTo();
+            }
+        }
+
+        return canAccess(userClassification, itemClassification);
+    }
+
     private Boolean ismCanAccess(UserClassification userClassification, String itemClassification) {
-        if (Strings.isNullOrEmpty(config.getRemoteConfiguration().getVbm().getIsmUrl())) {
+        if (Strings.isNullOrEmpty(CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().getIsmUrl())) {
             if (logger.isDebugEnabled()) {
                 logger.debug("ismUrl is not set");
             }
-            return !config.getRemoteConfiguration().getVbm().isIsmStrictEnforcing();
+            return !CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isIsmStrictEnforcing();
         }
 
         User ismUser = new User();
@@ -132,18 +164,18 @@ private DefaultApi getIsmApi() {
         if (ismApi == null) {
             RestTemplateBuilder restTemplateBuilder = new RestTemplateBuilder();
 
-            if (config.getRemoteConfiguration().getVbm().getIsmConnectTimeoutSeconds() != -1) {
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().getIsmConnectTimeoutSeconds() != -1) {
                 restTemplateBuilder.setConnectTimeout(Duration.ofSeconds(
-                        config.getRemoteConfiguration().getVbm().getIsmConnectTimeoutSeconds()));
+                        CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().getIsmConnectTimeoutSeconds()));
             }
 
-            if (config.getRemoteConfiguration().getVbm().getIsmReadTimeoutSeconds() != -1) {
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().getIsmReadTimeoutSeconds() != -1) {
                 restTemplateBuilder.setReadTimeout(Duration.ofSeconds(
-                        config.getRemoteConfiguration().getVbm().getIsmReadTimeoutSeconds()));
+                        CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().getIsmReadTimeoutSeconds()));
             }
 
             ApiClient apiClient = new ApiClient(restTemplateBuilder.build());
-            apiClient.setBasePath(config.getRemoteConfiguration().getVbm().getIsmUrl());
+            apiClient.setBasePath(CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().getIsmUrl());
 
             ismApi = new DefaultApi(apiClient);
         }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/config/ConfigAPI.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/config/ConfigAPI.java
index 401b518a..e15b13da 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/config/ConfigAPI.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/config/ConfigAPI.java
@@ -3,8 +3,9 @@
 import java.rmi.RemoteException;
 import java.util.List;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -21,9 +22,6 @@ public class ConfigAPI extends BaseRestController {
 
     private static final Logger logger = LoggerFactory.getLogger(ConfigAPI.class);
 
-    @Autowired
-    private CoreConfig coreConfig;
-
     @Autowired
     private CommonUtil martiUtil;
 
@@ -36,9 +34,9 @@ Configuration getCoreConfig(HttpServletResponse response) throws RemoteException
             return null;
         }
 
-        return coreConfig.getRemoteConfiguration();
+        return CoreConfigFacade.getInstance().getRemoteConfiguration();
     }
-    
+
     @RequestMapping(value = "/cachedConfig", method = RequestMethod.GET)
     Configuration getCachedCoreConfig(HttpServletResponse response) throws RemoteException {
 
@@ -48,9 +46,9 @@ Configuration getCachedCoreConfig(HttpServletResponse response) throws RemoteExc
             return null;
         }
 
-        return coreConfig.getCachedConfiguration();
+        return CoreConfigFacade.getInstance().getCachedConfiguration();
     }
-    
+
     @RequestMapping(value = "/cachedInputConfig", method = RequestMethod.GET)
     List<Input> getCachedInputConfig(HttpServletResponse response) throws RemoteException {
 
@@ -60,6 +58,6 @@ List<Input> getCachedInputConfig(HttpServletResponse response) throws RemoteExce
             return null;
         }
 
-        return coreConfig.getCachedConfiguration().getNetwork().getInput();
+        return CoreConfigFacade.getInstance().getCachedConfiguration().getNetwork().getInput();
     }
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/cot/search/api/CotQueryServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/cot/search/api/CotQueryServlet.java
index 67c2186d..78e3d21b 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/cot/search/api/CotQueryServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/cot/search/api/CotQueryServlet.java
@@ -14,10 +14,10 @@
 import java.util.SimpleTimeZone;
 import java.util.logging.Logger;
 
-import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -119,7 +119,7 @@ private void processHttpQuery(HttpServletRequest request, HttpServletResponse re
         Map<String, String[]> httpParameters = validateParams(esapiContext, request, response, 
                 requiredHttpParameters, optionalHttpParameters);
 
-        if(httpParameters == null) {
+        if (httpParameters == null) {
             return;
         }
         String hostName = getParameterValue(httpParameters, CotQueryParameter.hostName.name());
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/cot/search/service/CotQueryWorker.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/cot/search/service/CotQueryWorker.java
index b4a91661..a28f3271 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/cot/search/service/CotQueryWorker.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/cot/search/service/CotQueryWorker.java
@@ -32,7 +32,7 @@
 import com.bbn.marti.cot.search.model.query.Column;
 import com.bbn.marti.cot.search.model.query.DeliveryProtocol;
 import com.bbn.marti.cot.search.model.query.ImageOption;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.google.common.base.Strings;
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/dao/kml/IconsetRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/dao/kml/IconsetRepository.java
index 98c26251..ece5a1ec 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/dao/kml/IconsetRepository.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/dao/kml/IconsetRepository.java
@@ -5,7 +5,6 @@
 import java.util.Set;
 
 import org.springframework.cache.annotation.CacheEvict;
-import org.springframework.cache.annotation.Cacheable;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.CrudRepository;
 
@@ -18,10 +17,8 @@ public interface IconsetRepository extends CrudRepository<Iconset, Long> {
     @CacheEvict(value = "iconIconsetCache", allEntries = true)
     void deleteByUid(String uid);
     
-    @Cacheable("iconIconsetCache")
     Iconset findByUid(String uid);
     
-    @Cacheable("iconIconsetCache")
     @Query("select i.uid from Iconset i")
     Set<String> getAllUids();
     
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/dao/kml/JDBCCachingKMLDao.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/dao/kml/JDBCCachingKMLDao.java
index 52737843..4a51015e 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/dao/kml/JDBCCachingKMLDao.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/dao/kml/JDBCCachingKMLDao.java
@@ -100,7 +100,7 @@ public List<CotElement> getCotElements(String cotType, int secAgo, String groupV
 //        if (secAgo > 600) {
 //            slfLogger.debug("secAgo value greater than 10 minutes. Limiting cache TTL to 10 minutes");
 //            ttl = 600;
-//        } else if(secAgo == 0) {
+//        } else if (secAgo == 0) {
 //            ttl = 60;
 //        }
 
@@ -613,13 +613,13 @@ public byte[] extractData(ResultSet resultSet) throws SQLException {
     public static void ParseDetailText(CotElement cotElement) {
         slfLogger.debug("cotElement: " + cotElement);
 
-        if(cotElement.detailtext != null) {
+        if (cotElement.detailtext != null) {
             cotElement.hasImage = cotElement.detailtext.contains("image");
-            if(cotElement.detailtext.contains("contact") && cotElement.detailtext.contains(" callsign=\"")) {
+            if (cotElement.detailtext.contains("contact") && cotElement.detailtext.contains(" callsign=\"")) {
                 cotElement.callsign = cotElement.detailtext.substring(
                         cotElement.detailtext.indexOf(" callsign=\"") + " callsign=\"".length(),
                         cotElement.detailtext.indexOf("\"", cotElement.detailtext.indexOf(" callsign=\"") + " callsign=\"".length()));
-            } else if(cotElement.detailtext.contains("contact") && cotElement.detailtext.contains(" callsign=\'")) {
+            } else if (cotElement.detailtext.contains("contact") && cotElement.detailtext.contains(" callsign=\'")) {
                 cotElement.callsign = cotElement.detailtext.substring(
                         cotElement.detailtext.indexOf(" callsign=\'") + " callsign=\'".length(),
                         cotElement.detailtext.indexOf("\'", cotElement.detailtext.indexOf(" callsign=\'") + " callsign=\'".length()));
@@ -808,7 +808,7 @@ public CotElement deserialize(ResultSet results) throws SQLException {
             cotElement.lon = results.getDouble(2);
             cotElement.lat = results.getDouble(3);
 
-            if(cotElement.lon == 0 && cotElement.lat == 0 && !(results.getString(5).equals("b-m-r"))) {
+            if (cotElement.lon == 0 && cotElement.lat == 0 && !(results.getString(5).equals("b-m-r"))) {
                 // filter out non-routes at 0,0
                 return null;
             }
@@ -1111,12 +1111,12 @@ public List<UIDResult> searchUIDs(Date startDate, Date endDate) {
 
     @Override
     public @NotNull String latestCallsign(String uid) {
-        if(uid == null) { return ""; }
+        if (uid == null) { return ""; }
 
         JdbcTemplate jdbcTemplate = new JdbcTemplate(dataSource);
         String query = "SELECT callsign FROM client_endpoint WHERE uid= ? ORDER BY id DESC";
         List<String> results = jdbcTemplate.query(query, new Object[] { uid }, new StringListResultSetExtractor());
-        if(results != null && !results.isEmpty()) {
+        if (results != null && !results.isEmpty()) {
             return results.get(0);
         }
         return "";
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/api/ProfileAPI.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/api/ProfileAPI.java
index 8298cc52..e33c8058 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/api/ProfileAPI.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/api/ProfileAPI.java
@@ -10,6 +10,7 @@
 import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.RemoteSubscription;
 import com.bbn.marti.remote.SubscriptionManagerLite;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.remote.exception.NotFoundException;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.groups.GroupManager;
@@ -21,8 +22,8 @@
 import java.net.URI;
 import java.rmi.RemoteException;
 import java.util.List;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.jetbrains.annotations.NotNull;
 import org.owasp.esapi.Validator;
@@ -31,7 +32,11 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 
 
 @RestController
@@ -65,14 +70,12 @@ public class ProfileAPI extends BaseRestController {
     @Autowired
     private GroupManager groupManager;
 
-    @Autowired
-    CoreConfig coreConfig;
 
 
     private String getGroupVectorFromStreamingClient(String clientUid, String groupVector) {
         try {
-            if (coreConfig.getRemoteConfiguration().getProfile() != null &&
-                    coreConfig.getRemoteConfiguration().getProfile().isUseStreamingGroup()) {
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getProfile() != null &&
+                    CoreConfigFacade.getInstance().getRemoteConfiguration().getProfile().isUseStreamingGroup()) {
                 RemoteSubscription subscription = subscriptionManager.getRemoteSubscriptionByClientUid(clientUid);
                 if (subscription != null) {
                     String groupVectorTmp = groupManager.getCachedOutboundGroupVectorByConnectionId(
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/api/ProfileAdminAPI.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/api/ProfileAdminAPI.java
index ffa14a28..8848d045 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/api/ProfileAdminAPI.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/api/ProfileAdminAPI.java
@@ -7,8 +7,8 @@
 import java.util.List;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import javax.transaction.Transactional;
 
 import org.jetbrains.annotations.NotNull;
@@ -47,7 +47,7 @@
 import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.sync.api.MissionApi;
 import com.bbn.marti.util.CommonUtil;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 import tak.server.Constants;
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/Profile.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/Profile.java
index 601f6b2d..ee5296e6 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/Profile.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/Profile.java
@@ -3,7 +3,14 @@
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
-import javax.persistence.*;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import jakarta.persistence.Transient;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Date;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/ProfileDirectory.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/ProfileDirectory.java
index 478ac6fb..3a98bf66 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/ProfileDirectory.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/ProfileDirectory.java
@@ -2,7 +2,13 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 
-import javax.persistence.*;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
 import java.io.Serializable;
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/ProfileFile.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/ProfileFile.java
index 27c052d2..d0e4f107 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/ProfileFile.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/model/ProfileFile.java
@@ -2,7 +2,13 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 
-import javax.persistence.*;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
 import java.io.Serializable;
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/service/ProfileService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/service/ProfileService.java
index 13d8f333..59e3638f 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/service/ProfileService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/device/profile/service/ProfileService.java
@@ -1,5 +1,6 @@
 package com.bbn.marti.device.profile.service;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.google.common.base.Strings;
 
 import java.io.File;
@@ -20,8 +21,8 @@
 import java.util.ListIterator;
 import java.util.UUID;
 import java.util.zip.ZipException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.io.DirectoryWalker;
 import org.apache.commons.io.filefilter.DirectoryFileFilter;
@@ -65,9 +66,6 @@ public class ProfileService {
     @Autowired
     private ProfileDirectoryRepository profileDirectoryRepository;
 
-    @Autowired
-    CoreConfig coreConfig;
-
     @Autowired
     private CommonUtil martiUtil;
 
@@ -100,7 +98,7 @@ public List<ProfileFile> getProfileFiles(
         }
 
         if (applyOnEnrollment) {
-            Auth.Ldap ldap = coreConfig.getRemoteConfiguration().getAuth().getLdap();
+            Auth.Ldap ldap = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getLdap();
 
             // if we've got any of the user attributes set, go ahead and build the user preferences
             if (ldap != null &&
@@ -116,7 +114,7 @@ public List<ProfileFile> getProfileFiles(
             }
 
             // is the X509GroupCache enabled on this server?
-            if (coreConfig.getRemoteConfiguration().getAuth().isX509UseGroupCache()) {
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509UseGroupCache()) {
                 files.add(getX509GroupCachePreference(host));
             }
         }
@@ -341,7 +339,7 @@ private List<ProfileDirectoryContent> getProfileDirectoryContent(
             throws IOException, NotFoundException {
 
         List<ProfileDirectoryContent> results = new LinkedList<>();
-        final int uploadSizeLimitMB = coreConfig.getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
+        final int uploadSizeLimitMB = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
 
         for (ProfileDirectory profileDirectory : directories) {
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/email/EmailClient.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/email/EmailClient.java
index b958c349..2c6cf46d 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/email/EmailClient.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/email/EmailClient.java
@@ -1,6 +1,6 @@
 package com.bbn.marti.email;
 
-import javax.mail.internet.MimeMessage;
+import jakarta.mail.internet.MimeMessage;
 import java.util.HashMap;
 import java.util.Map;
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/ExCheckAPI.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/ExCheckAPI.java
index c9e787b7..52327946 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/ExCheckAPI.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/ExCheckAPI.java
@@ -8,10 +8,11 @@
 import java.util.SimpleTimeZone;
 import java.util.UUID;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
@@ -43,7 +44,7 @@
 
 @RestController
 public class ExCheckAPI extends BaseRestController {
-	
+
     private static final org.slf4j.Logger logger = LoggerFactory.getLogger(com.bbn.marti.excheck.ExCheckAPI.class);
 
     @Autowired
@@ -51,9 +52,6 @@ public class ExCheckAPI extends BaseRestController {
 
     @Autowired
     private ExCheckService exCheckService;
-    
-    @Autowired
-    private CoreConfig coreConfig;
 
     @Autowired
     private MissionService missionService;
@@ -100,10 +98,10 @@ ResponseEntity postTemplate(
                 payload = mpf.getBytes();
             }
 
-            if (payload.length > coreConfig.getRemoteConfiguration().getNetwork().
+            if (payload.length > CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().
                     getEnterpriseSyncSizeLimitMB() * 1000000) {
                 String message = "Uploaded file exceeds server's size limit of "
-                        + coreConfig.getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB()
+                        + CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB()
                         + " MB! (limit is set in CoreConfig)";
                 logger.error(message);
                 return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
@@ -312,8 +310,8 @@ ResponseEntity addEditChecklistTask(
         if (existing == null) {
             operation = "added";
         } else if (existing.getStatus() == ChecklistTaskStatus.PENDING &&
-            (checklistTask.getStatus() == ChecklistTaskStatus.COMPLETE ||
-                    checklistTask.getStatus() == ChecklistTaskStatus.COMPLETE_LATE)) {
+                (checklistTask.getStatus() == ChecklistTaskStatus.COMPLETE ||
+                        checklistTask.getStatus() == ChecklistTaskStatus.COMPLETE_LATE)) {
             operation = "completed";
         } else {
             operation = "updated";
@@ -493,7 +491,7 @@ ResponseEntity getChecklistStatus(
             sb.append("<html><body>");
             sb.append("<h2>Checklist : " + checklist.getChecklistDetails().getName() + "</h2>");
             sb.append("<h3>Progress : " + complete + "/" + total + "</h3>");
-                sb.append("<progress value=\"" + complete + "\" max=\"" + total + "\"></progress>");
+            sb.append("<progress value=\"" + complete + "\" max=\"" + total + "\"></progress>");
 
             //
             // show task level info if we were given a token
@@ -564,19 +562,19 @@ ResponseEntity removeMissionReferenceFromChecklist(
                 checklistUid, missionService.trimName(missionName), clientUid, martiUtil.getGroupBitVector(request));
         return new ResponseEntity(HttpStatus.OK);
     }
-    
+
     /**
-	 * Utility method that reads a byte array from an input stream using Guava.
-	 * 
-	 * @param in
-	 *            any InputStream containing some data
-	 * @return the InputStream's contents as a byte array; may be size 0 but
-	 *         will not be null.
-	 * @throws IOException
-	 *             if a read error occurs
-	 */
-	private byte[] readByteArray(InputStream in) throws IOException {
-	    
-	    return ByteStreams.toByteArray(in);
-	}
+     * Utility method that reads a byte array from an input stream using Guava.
+     *
+     * @param in
+     *            any InputStream containing some data
+     * @return the InputStream's contents as a byte array; may be size 0 but
+     *         will not be null.
+     * @throws IOException
+     *             if a read error occurs
+     */
+    private byte[] readByteArray(InputStream in) throws IOException {
+
+        return ByteStreams.toByteArray(in);
+    }
 }
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/ExCheckService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/ExCheckService.java
index bda9d3e9..e5f4aecd 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/ExCheckService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/ExCheckService.java
@@ -22,16 +22,21 @@
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import javax.sql.DataSource;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBException;
+import jakarta.xml.bind.Marshaller;
+import jakarta.xml.bind.Unmarshaller;
 import javax.xml.parsers.SAXParserFactory;
 import javax.xml.transform.Source;
 import javax.xml.transform.sax.SAXSource;
 
+import com.bbn.marti.sync.model.ExternalMissionData;
+import com.bbn.marti.sync.model.Mission;
+import com.bbn.marti.sync.model.MissionPermission;
+import com.bbn.marti.sync.model.MissionRole;
+import com.bbn.marti.sync.model.Resource;
 import com.google.common.base.Strings;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -61,12 +66,11 @@
 import com.bbn.marti.remote.sync.MissionContent;
 import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.sync.Metadata;
-import com.bbn.marti.sync.model.*;
 import com.bbn.marti.sync.service.MissionTokenUtils;
 import com.bbn.marti.sync.repository.MissionRoleRepository;
 import com.bbn.marti.sync.repository.MissionRepository;
 import com.bbn.marti.sync.service.MissionService;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 import tak.server.Constants;
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Checklist.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Checklist.java
index c983bcac..eda49959 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Checklist.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Checklist.java
@@ -8,8 +8,11 @@
 
 package com.bbn.marti.excheck.checklist;
 
-import javax.xml.bind.annotation.*;
-
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 /**
  * <p>Java class for checklist complex type.
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumn.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumn.java
index 80fcc904..5bbd315d 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumn.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumn.java
@@ -10,11 +10,11 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlSchemaType;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlSchemaType;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumnType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumnType.java
index 665aa070..792d1d4a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumnType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumnType.java
@@ -8,9 +8,9 @@
 
 package com.bbn.marti.excheck.checklist;
 
-import javax.xml.bind.annotation.XmlEnum;
-import javax.xml.bind.annotation.XmlEnumValue;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlEnum;
+import jakarta.xml.bind.annotation.XmlEnumValue;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumns.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumns.java
index a10af367..b62b5aaf 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumns.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistColumns.java
@@ -10,10 +10,10 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistDetails.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistDetails.java
index 2009d1d1..df8bcb8a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistDetails.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistDetails.java
@@ -8,10 +8,10 @@
 
 package com.bbn.marti.excheck.checklist;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistStatus.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistStatus.java
index 81180ed9..d1fa35fd 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistStatus.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistStatus.java
@@ -10,7 +10,12 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.*;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTask.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTask.java
index b968df3e..d0cca541 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTask.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTask.java
@@ -10,7 +10,12 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.*;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlSchemaType;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTaskStatus.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTaskStatus.java
index 171e55f8..7864b950 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTaskStatus.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTaskStatus.java
@@ -8,9 +8,9 @@
 
 package com.bbn.marti.excheck.checklist;
 
-import javax.xml.bind.annotation.XmlEnum;
-import javax.xml.bind.annotation.XmlEnumValue;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlEnum;
+import jakarta.xml.bind.annotation.XmlEnumValue;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTasks.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTasks.java
index ff24ed01..2eafeddb 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTasks.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ChecklistTasks.java
@@ -10,10 +10,10 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Missions.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Missions.java
index 152f15d4..b492c731 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Missions.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Missions.java
@@ -10,10 +10,10 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ObjectFactory.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ObjectFactory.java
index 47e9b3e3..b4ca1750 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ObjectFactory.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/ObjectFactory.java
@@ -8,7 +8,7 @@
 
 package com.bbn.marti.excheck.checklist;
 
-import javax.xml.bind.annotation.XmlRegistry;
+import jakarta.xml.bind.annotation.XmlRegistry;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/StatusCount.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/StatusCount.java
index 57b073e3..2379091a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/StatusCount.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/StatusCount.java
@@ -8,10 +8,10 @@
 
 package com.bbn.marti.excheck.checklist;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Templates.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Templates.java
index b009b7e6..035ac42c 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Templates.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/excheck/checklist/Templates.java
@@ -10,10 +10,10 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/feeds/DataFeedApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/feeds/DataFeedApi.java
index ba6e82d9..f1801813 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/feeds/DataFeedApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/feeds/DataFeedApi.java
@@ -5,8 +5,8 @@
 import java.util.UUID;
 import java.util.concurrent.Callable;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -228,7 +228,7 @@ public Callable<ApiResponse<PredicateDataFeed>> createPredicateDataFeed(@Request
 			logger.debug("predicate feed id {}", feedId);
 			
 			if (pfeed.getTags() != null && !pfeed.getTags().isEmpty()) {
-        		dataFeedRepository.addDataFeedTags(feedId, pfeed.getTags());
+        		dataFeedRepository.addDataFeedTags(feedId, pfeed.getTags().toArray(String[]::new));
         	}
 			
 			 // Needed for permissions to access data feed
@@ -238,7 +238,7 @@ public Callable<ApiResponse<PredicateDataFeed>> createPredicateDataFeed(@Request
 			
 			// default feed to __ANON__ group if none specified
 			
-	        dataFeedRepository.addDataFeedFilterGroups(feedId, pfeed.getFilterGroups());
+	        dataFeedRepository.addDataFeedFilterGroups(feedId, pfeed.getFilterGroups().toArray(String[]::new));
 			
 			logger.info("create new predicate-based data feed: {}", pfeed);
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/feeds/DataFeedService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/feeds/DataFeedService.java
index 87316bb0..10079b2a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/feeds/DataFeedService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/feeds/DataFeedService.java
@@ -1,6 +1,5 @@
 package com.bbn.marti.feeds;
 
-import java.net.URL;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
@@ -15,12 +14,10 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.cache.annotation.Cacheable;
-import org.springframework.data.repository.query.Param;
 
 import com.bbn.marti.config.AuthType;
-import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.sync.repository.DataFeedRepository;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.google.common.base.Strings;
 
 import tak.server.Constants;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/groups/CustomExceptionHandler.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/groups/CustomExceptionHandler.java
index 408f1617..0a7cebe5 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/groups/CustomExceptionHandler.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/groups/CustomExceptionHandler.java
@@ -2,6 +2,15 @@
 
 package com.bbn.marti.groups;
 
+import com.bbn.marti.remote.exception.DuplicateFederateException;
+import com.bbn.marti.remote.exception.ForbiddenException;
+import com.bbn.marti.remote.exception.MissionDeletedException;
+import com.bbn.marti.remote.exception.RemoteLookupFailureException;
+import com.bbn.marti.remote.exception.NotFoundException;
+import com.bbn.marti.remote.exception.RetryableException;
+import com.bbn.marti.remote.exception.TakException;
+import com.bbn.marti.remote.exception.UnauthorizedException;
+import com.bbn.marti.remote.exception.ValidationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.core.Ordered;
@@ -12,12 +21,10 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.converter.HttpMessageNotReadableException;
 import org.springframework.http.converter.HttpMessageNotWritableException;
-import org.springframework.remoting.RemoteLookupFailureException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 
 import com.bbn.marti.exceptions.DuplicateException;
-import com.bbn.marti.remote.exception.*;
 import com.google.common.base.Strings;
 
 @ControllerAdvice
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/groups/GroupsApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/groups/GroupsApi.java
index 4670361d..9f96e973 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/groups/GroupsApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/groups/GroupsApi.java
@@ -3,22 +3,26 @@
 package com.bbn.marti.groups;
 
 import java.rmi.RemoteException;
-import java.util.*;
+import java.util.Collection;
+import java.util.Comparator;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
+import java.util.SortedSet;
 import java.util.concurrent.ConcurrentSkipListSet;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.*;
 
 import com.bbn.marti.cot.search.model.ApiResponse;
 import com.bbn.marti.network.BaseRestController;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.groups.Direction;
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.groups.GroupManager;
@@ -27,6 +31,11 @@
 import com.bbn.marti.remote.SubscriptionManagerLite;
 import com.bbn.marti.util.CommonUtil;
 
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 import tak.server.Constants;
 import tak.server.cache.ActiveGroupCacheHelper;
 
@@ -58,9 +67,6 @@ public class GroupsApi extends BaseRestController {
     @Autowired
     SubscriptionManagerLite subscriptionManager;
 
-    @Autowired
-    CoreConfig coreConfig;
-
     public GroupManager getGroupManager() {
         return groupManager;
     }
@@ -238,7 +244,7 @@ public ResponseEntity<ApiResponse<Collection<Group>>> getAllGroups(
             }
 
             try {
-                if (coreConfig.getRemoteConfiguration().getAuth().getDefault().equalsIgnoreCase("ldap")) {
+                if (CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getDefault().equalsIgnoreCase("ldap")) {
                     for (Group group : groups) {
                         List<LdapGroup> ldapGroups = groupManager.searchGroups(group.getName(), true);
                         if (ldapGroups.size() == 0) {
@@ -290,7 +296,7 @@ public ResponseEntity<ApiResponse<Boolean>> getGroupCacheEnabled() throws Remote
 
         boolean groupCacheEnabled = false;
         try {
-            groupCacheEnabled = coreConfig.getRemoteConfiguration().getAuth().isX509UseGroupCache();
+            groupCacheEnabled = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509UseGroupCache();
         } catch (Exception e) {
             logger.error("exception in getGroupCacheEnabled", e);
         }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/jwt/JwtUtils.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/jwt/JwtUtils.java
index 1c85c55a..18710da3 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/jwt/JwtUtils.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/jwt/JwtUtils.java
@@ -3,15 +3,25 @@
 import com.bbn.marti.config.MissionTls;
 import com.bbn.marti.config.Oauth;
 import com.bbn.marti.remote.CoreConfig;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import io.jsonwebtoken.*;
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.JwtParser;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.io.FileInputStream;
 import java.nio.file.Files;
 import java.nio.file.Paths;
-import java.security.*;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.security.cert.Certificate;
 import java.security.interfaces.RSAPublicKey;
 import java.security.spec.X509EncodedKeySpec;
@@ -28,8 +38,6 @@ public class JwtUtils {
     private PublicKey publicKey = null;
     private boolean keysLoaded = false;
     private boolean keysGenerated = false;
-    CoreConfig coreConfig;
-
     private static JwtUtils instance = null;
 
     private KeyPair loadKeyPair(String keyStoreType, String keyStoreFile, String keyStorePass) {
@@ -70,9 +78,10 @@ private void loadKeys()  {
             //
             // load keys from tls keystore
             //
-            String keyStoreType = coreConfig().getRemoteConfiguration().getSecurity().getTls().getKeystore();
-            String keyStoreFile = coreConfig().getRemoteConfiguration().getSecurity().getTls().getKeystoreFile();
-            String keyStorePass = coreConfig().getRemoteConfiguration().getSecurity().getTls().getKeystorePass();
+            CoreConfig coreConfig = CoreConfigFacade.getInstance();
+            String keyStoreType = coreConfig.getRemoteConfiguration().getSecurity().getTls().getKeystore();
+            String keyStoreFile = coreConfig.getRemoteConfiguration().getSecurity().getTls().getKeystoreFile();
+            String keyStorePass = coreConfig.getRemoteConfiguration().getSecurity().getTls().getKeystorePass();
 
             KeyPair keyPair = loadKeyPair(keyStoreType, keyStoreFile, keyStorePass);
             if (keyPair == null) {
@@ -169,7 +178,7 @@ private JwtParser getParser(SignatureAlgorithm signatureAlgorithm, Key key) {
 
     public List<RSAPublicKey> getExternalVerifiers() {
         try {
-            Oauth oAuth = coreConfig().getRemoteConfiguration().getAuth().getOauth();
+            Oauth oAuth = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getOauth();
             if (oAuth == null) {
                 logger.error("OAuth config not found");
                 return null;
@@ -244,7 +253,7 @@ public Claims parseMissionTokenClaims(String token) {
         jwtParsers.add(getParser(SignatureAlgorithm.HS256, privateKey));
 
         try {
-            for (MissionTls missionTls : coreConfig().getRemoteConfiguration().getSecurity().getMissionTls()) {
+            for (MissionTls missionTls : CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity().getMissionTls()) {
                 KeyPair keyPair = loadKeyPair(
                         missionTls.getKeystore(), missionTls.getKeystoreFile(), missionTls.getKeystorePass());
                 jwtParsers.add(Jwts.parser().setSigningKey(keyPair.getPrivate().getEncoded()));
@@ -256,17 +265,4 @@ public Claims parseMissionTokenClaims(String token) {
         return parseClaims(token, jwtParsers);
     }
 
-    private CoreConfig coreConfig() {
-        if (coreConfig == null) {
-            synchronized(this) {
-                if (coreConfig == null) {
-                    if (SpringContextBeanForApi.getSpringContext() != null) {
-                        coreConfig = SpringContextBeanForApi.getSpringContext().getBean(CoreConfig.class);
-                    }
-                }
-            }
-        }
-        return coreConfig;
-    }
-
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/KmlParser.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/KmlParser.java
index 9c1cb02e..94e9b925 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/KmlParser.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/KmlParser.java
@@ -5,8 +5,8 @@
 import org.slf4j.LoggerFactory;
 import org.xml.sax.InputSource;
 import javax.xml.XMLConstants;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.Unmarshaller;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.Unmarshaller;
 import javax.xml.parsers.SAXParserFactory;
 import javax.xml.parsers.SAXParser;
 import javax.xml.transform.sax.SAXSource;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/icon/api/IconsetIconApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/icon/api/IconsetIconApi.java
index 07df817e..30811b51 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/icon/api/IconsetIconApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/icon/api/IconsetIconApi.java
@@ -12,9 +12,9 @@
 import java.util.Set;
 import java.util.UUID;
 
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/icon/service/IconsetUploadProcessorImpl.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/icon/service/IconsetUploadProcessorImpl.java
index 56235912..e82b53ed 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/icon/service/IconsetUploadProcessorImpl.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/kml/icon/service/IconsetUploadProcessorImpl.java
@@ -17,9 +17,9 @@
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 
-import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
-import javax.xml.bind.JAXBContext;
+import jakarta.persistence.EntityManager;
+import jakarta.persistence.PersistenceContext;
+import jakarta.xml.bind.JAXBContext;
 
 import com.google.common.base.Strings;
 
@@ -180,7 +180,7 @@ public void process(String filename) {
                                 // Marshaller is also an Unmarshaller
                                 Document doc = SecureXmlParser.makeDocument(new ByteArrayInputStream(os.toByteArray()));
                                 JAXBContext jaxbContext = JAXBContext.newInstance(Iconset.class);
-                                javax.xml.bind.Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+                                jakarta.xml.bind.Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
                                 iconset = (Iconset) unmarshaller.unmarshal(doc);
                             } catch (Exception e) {
                                 logger.error("exception deserializing iconset xml", e);
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/logging/AuditLogUtil.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/logging/AuditLogUtil.java
index 67e3cb0d..65db68cf 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/logging/AuditLogUtil.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/logging/AuditLogUtil.java
@@ -2,31 +2,32 @@
 
 package com.bbn.marti.logging;
 
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 import javax.security.auth.x500.X500Principal;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.catalina.Role;
+import org.apache.commons.io.IOUtils;
 import org.owasp.esapi.Validator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
 import org.slf4j.MarkerFactory;
 import org.slf4j.bridge.SLF4JBridgeHandler;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 
-import com.bbn.security.web.MartiValidator;
 import com.bbn.security.web.MartiValidatorConstants;
 import com.google.common.base.Strings;
 
+import org.springframework.web.util.ContentCachingResponseWrapper;
 import tak.server.Constants;
 
 /*
@@ -95,7 +96,7 @@ private static void setRoles(Principal principal) {
 
                 sb.append(", " + role.getRolename());
             }
-
+            MDC.put("roles", (sb.length() > 0 ? sb.substring(2) : ""));
             rolesThreadLocal.set((sb.length() > 0 ? sb.substring(2) : ""));
         } else if (principal instanceof org.springframework.security.authentication.AbstractAuthenticationToken) {
             AbstractAuthenticationToken token = (AbstractAuthenticationToken) principal;
@@ -105,11 +106,86 @@ private static void setRoles(Principal principal) {
             for (GrantedAuthority authority : token.getAuthorities()) {
                 sb.append(", " + authority.getAuthority());
             }
-            
+            MDC.put("roles", (sb.length() > 0 ? sb.substring(2) : ""));
             rolesThreadLocal.set((sb.length() > 0 ? sb.substring(2) : ""));
         }
     }
 
+    private static void setMdcRoles(Principal principal) {
+        if (principal == null) {
+            return;
+        }
+
+        if (principal instanceof org.apache.catalina.users.AbstractUser) {
+
+            Iterator<Role> roles = ((org.apache.catalina.users.AbstractUser) principal).getRoles();
+            StringBuilder sb = new StringBuilder();
+
+            while (roles.hasNext()) {
+                Role role = roles.next();
+
+                sb.append(", " + role.getRolename());
+            }
+            MDC.put("roles", (sb.length() > 0 ? sb.substring(2) : ""));
+        } else if (principal instanceof org.springframework.security.authentication.AbstractAuthenticationToken) {
+            AbstractAuthenticationToken token = (AbstractAuthenticationToken) principal;
+
+            StringBuilder sb = new StringBuilder();
+
+            for (GrantedAuthority authority : token.getAuthorities()) {
+                sb.append(", " + authority.getAuthority());
+            }
+            MDC.put("roles", (sb.length() > 0 ? sb.substring(2) : ""));
+        }
+    }
+
+    public static void setMdc(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        // request
+        setMdcUsernameAndRoles(req);
+
+        Collections.list(req.getHeaderNames())
+                .forEach(name -> MDC.put((String) name, (String) req.getHeader((String) name)));
+        MDC.put("source-ip", req.getRemoteAddr());
+        MDC.put("session", req.getRequestedSessionId());
+        MDC.put("method", req.getMethod());
+        MDC.put("request-body", IOUtils.toString(req.getInputStream(), StandardCharsets.UTF_8));
+
+        // response
+        MDC.put("response-status", String.valueOf(resp.getStatus()));
+        resp.getHeaderNames().forEach(name -> MDC.put("response-"+(String) name, (String) resp.getHeader((String) name)));
+        MDC.put("response-body", IOUtils.toString(new ContentCachingResponseWrapper(resp).getContentInputStream(), StandardCharsets.UTF_8));
+    }
+
+    private static void setMdcUsernameAndRoles(HttpServletRequest request) {
+
+        if (request == null) {
+            return;
+        }
+        if (usernameThreadLocal.get() != null) {
+            return;
+        }
+
+        // first, try to get the username from the Principal object
+        Principal principal = request.getUserPrincipal();
+
+        if (principal != null) {
+            MDC.put("username", principal.getName());
+            if (rolesThreadLocal.get() == null) {
+                setMdcRoles(principal);
+            }
+            return;
+        }
+
+        // if that fails, get the username from the client cert
+        String username = getUsernameFromClientCert(request);
+
+        if (Strings.isNullOrEmpty(username)) {
+            username = ANON_USERNAME;
+        }
+
+        MDC.put("username", username);
+    }
+
     public static void auditLog(String sqlQuery) {
 
         String username = usernameThreadLocal.get();
@@ -191,6 +267,7 @@ private static void setUsernameAndRoles(HttpServletRequest request) {
 
         if (principal != null) {
             usernameThreadLocal.set(principal.getName());
+            MDC.put("username", principal.getName());
             setRoles(principal);
             return;
         }
@@ -251,9 +328,9 @@ private static String getBaseUrl(HttpServletRequest request) {
 
     private static String getUsernameFromClientCert(HttpServletRequest request) {
         // if the principal was not present in the request (will occur for resources that do not require authentication), get the principal name directly from the SSL cert, if that is present.
-        X509Certificate[] certs = (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
+        X509Certificate[] certs = (X509Certificate[])request.getAttribute("jakarta.servlet.request.X509Certificate");
 
-        if(certs == null || certs.length == 0) {
+        if (certs == null || certs.length == 0) {
             return "";
         }
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/logs/LogServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/logs/LogServlet.java
index 363a8275..79547af5 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/logs/LogServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/logs/LogServlet.java
@@ -1,27 +1,32 @@
 package com.bbn.marti.logs;
 
-import java.io.*;
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.IOException;
 import java.text.SimpleDateFormat;
-import java.util.*;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 import java.util.zip.ZipOutputStream;
 
-import javax.mail.internet.MimeMessage;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
-import com.bbn.marti.config.Email;
 import com.bbn.marti.email.EmailClient;
-import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.commons.io.IOUtils;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.ByteArrayResource;
-import org.springframework.mail.javamail.JavaMailSenderImpl;
-import org.springframework.mail.javamail.MimeMessageHelper;
 import org.springframework.security.crypto.codec.Base64;
 
 import com.bbn.marti.EsapiServlet;
@@ -34,9 +39,6 @@ public class LogServlet extends EsapiServlet {
 	@Autowired
 	private PersistenceStore persistenceStore;
 
-	@Autowired
-	CoreConfig coreConfig;
-
 	public enum QueryParameter {
 		id,
 		uid,
@@ -119,7 +121,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
             Map<String, String[]> httpParameters = validateParams("Log", request, response,
             		requiredPostParameters, optionalPostParameters);
 
-            if(httpParameters == null)
+            if (httpParameters == null)
                 return;
     		
 	      	String uid = getParameterValue(httpParameters, QueryParameter.uid.name());
@@ -148,10 +150,10 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
 				log.setFilename(missionPackageEntry.getKey());
 				persistenceStore.addLog(log);
 
-				if (coreConfig.getRemoteConfiguration().getEmail() != null &&
-					coreConfig.getRemoteConfiguration().getEmail().isLogAlertsEnabled()) {
+				if (CoreConfigFacade.getInstance().getRemoteConfiguration().getEmail() != null &&
+						CoreConfigFacade.getInstance().getRemoteConfiguration().getEmail().isLogAlertsEnabled()) {
 
-					for (String extension : coreConfig.getRemoteConfiguration().getEmail().getLogAlertsExtension()) {
+					for (String extension : CoreConfigFacade.getInstance().getRemoteConfiguration().getEmail().getLogAlertsExtension()) {
 						if (log.getFilename().endsWith(extension)) {
 							sendLogAlert(log.getContents());
 							break;
@@ -170,7 +172,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
     }
 
     private void sendLogAlert(byte[] feedback) {
-		if (coreConfig.getRemoteConfiguration().getEmail() == null) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getEmail() == null) {
 			logger.error("missing email configuration in sendLogAlert");
 			return;
 		}
@@ -207,10 +209,10 @@ private void sendLogAlert(byte[] feedback) {
 
 		if (body != null) {
 			EmailClient.sendEmail(
-					coreConfig.getRemoteConfiguration().getEmail(),
-					coreConfig.getRemoteConfiguration().getEmail().getLogAlertsSubject(),
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getEmail(),
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getEmail().getLogAlertsSubject(),
 					body,
-					coreConfig.getRemoteConfiguration().getEmail().getLogAlertsTo(),
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getEmail().getLogAlertsTo(),
 					cc, logAsZip);
 		}
 	}
@@ -225,7 +227,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
             Map<String, String[]> httpParameters = validateParams("Log", request, response,
             		requiredGetParameters, optionalGetParameters);
 
-            if(httpParameters == null)
+            if (httpParameters == null)
                 return;
     		
 	      	String id = getParameterValue(httpParameters, QueryParameter.id.name());
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/maplayer/repository/MapLayerRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/maplayer/repository/MapLayerRepository.java
index 5b5bb948..18b32a67 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/maplayer/repository/MapLayerRepository.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/maplayer/repository/MapLayerRepository.java
@@ -28,7 +28,7 @@ public interface MapLayerRepository extends JpaRepository<MapLayer, Long> {
 
     @Modifying
     @Transactional
-    @Query(value = "update maplayer set default_layer = false")
+    @Query(value = "update maplayer set default_layer = false", nativeQuery = true)
     void unsetDefault();
 
     @Modifying
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/model/kml/Icon.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/model/kml/Icon.java
index f567a150..0d7385f8 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/model/kml/Icon.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/model/kml/Icon.java
@@ -7,20 +7,20 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.persistence.Cacheable;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.ManyToOne;
-import javax.persistence.Table;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlTransient;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlTransient;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/model/kml/Iconset.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/model/kml/Iconset.java
index 6232c9da..238684c0 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/model/kml/Iconset.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/model/kml/Iconset.java
@@ -6,22 +6,22 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.persistence.Cacheable;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.OneToMany;
+import jakarta.persistence.Table;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlTransient;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/BaseRestController.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/BaseRestController.java
index 410b5eaf..4b7dca41 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/BaseRestController.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/BaseRestController.java
@@ -1,6 +1,6 @@
 package com.bbn.marti.network;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.web.bind.annotation.RequestMapping;
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/ContactManagerApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/ContactManagerApi.java
index e92d951a..2b5bc8fe 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/ContactManagerApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/ContactManagerApi.java
@@ -8,8 +8,8 @@
 import java.util.Set;
 import java.util.concurrent.Callable;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/ContactManagerService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/ContactManagerService.java
index e5146096..82d23957 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/ContactManagerService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/ContactManagerService.java
@@ -10,6 +10,7 @@
 
 import javax.sql.DataSource;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -26,7 +27,7 @@
 import tak.server.cache.ContactCacheHelper;
 
 /**
- * 
+ *
  *
  */
 public class ContactManagerService {
@@ -36,9 +37,6 @@ public class ContactManagerService {
 	@Autowired
 	private DataSource dataSource;
 
-	@Autowired
-	private CoreConfig config;
-
 	@Autowired
 	private ContactCacheHelper contactCache;
 
@@ -49,19 +47,20 @@ public List<ClientEndpoint> getCachedClientEndpointData(boolean connected, boole
 		try {
 
 
-			boolean skipCache = !config.getCachedConfiguration().getBuffer().getQueue().isEnableClientEndpointCache();
+			boolean skipCache = !CoreConfigFacade.getInstance().getCachedConfiguration().getBuffer().getQueue().isEnableClientEndpointCache();
 
 			List<ClientEndpoint> result = null;
 
 			String key = contactCache.getKeyGetCachedClientEndpointData(connected, recent, secAgo);
 
-			result = (List<ClientEndpoint>) contactCache.getContactsCache().getIfPresent(key); 
+			result = (List<ClientEndpoint>) contactCache.getContactsCache().getIfPresent(key);
 
 			if (logger.isDebugEnabled()) {
 				logger.debug("got cache result " + key + " of size " + (result == null ? "null" : result.size()));
 			}
 
-			if (result == null || result.isEmpty() || lastUpdateMillis.get() == -1L || (System.currentTimeMillis() - lastUpdateMillis.get() >= (config.getCachedConfiguration().getBuffer().getQueue().getContactCacheUpdateRateLimitSeconds() * 1000))) {
+			if (result == null || result.isEmpty() || lastUpdateMillis.get() == -1L ||
+					(System.currentTimeMillis() - lastUpdateMillis.get() >= (CoreConfigFacade.getInstance().getCachedConfiguration().getBuffer().getQueue().getContactCacheUpdateRateLimitSeconds() * 1000))) {
 
 				synchronized(this) {
 
@@ -69,13 +68,13 @@ public List<ClientEndpoint> getCachedClientEndpointData(boolean connected, boole
 						logger.debug("contact cache miss - querying contacts");
 					}
 
-					result = (List<ClientEndpoint>) contactCache.getContactsCache().getIfPresent(key); 
+					result = (List<ClientEndpoint>) contactCache.getContactsCache().getIfPresent(key);
 
 					if (logger.isDebugEnabled()) {
 						logger.debug("got cache result " + key + " of size " + (result == null ? "null" : result.size()));
 					}
 
-					if (result == null || (System.currentTimeMillis() - lastUpdateMillis.get() >= (config.getCachedConfiguration().getBuffer().getQueue().getContactCacheUpdateRateLimitSeconds() * 1000))) {
+					if (result == null || (System.currentTimeMillis() - lastUpdateMillis.get() >= (CoreConfigFacade.getInstance().getCachedConfiguration().getBuffer().getQueue().getContactCacheUpdateRateLimitSeconds() * 1000))) {
 
 						result = queryClientEndpointData(connected, recent, groupVector, secAgo);
 
@@ -114,7 +113,7 @@ public List<ClientEndpoint> getCachedClientEndpointData(boolean connected, boole
 
 			groupFilteredResult.removeIf(ce -> ce.getGroups() == null || !RemoteUtil.getInstance().isGroupVectorAllowed(groupVector, ce.getGroups()));
 
-			return groupFilteredResult;		
+			return groupFilteredResult;
 
 		} catch (Exception e) {
 			logger.error("exception getting non-cached contacts", e);
@@ -162,7 +161,7 @@ private List<ClientEndpoint> queryClientEndpointData(boolean connected, boolean
 		if (logger.isDebugEnabled()) {
 			logger.debug("executing client endpoints query");
 		}
-		
+
 		if (logger.isTraceEnabled()) {
 			logger.trace("client endpoints query: " + query + " secAgo: " + secAgo);
 		}
@@ -172,7 +171,7 @@ private List<ClientEndpoint> queryClientEndpointData(boolean connected, boolean
 		if (secAgo > 0) {
 
 			return jdbcTemplate.query(query, arguments, new ClientEndpointResultSetExtractor());
-		} 
+		}
 
 		return jdbcTemplate.query(query, new ClientEndpointResultSetExtractor());
 	}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/FederationApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/FederationApi.java
index 7862253e..e374edcd 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/FederationApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/FederationApi.java
@@ -16,8 +16,8 @@
 import java.util.SortedSet;
 import java.util.concurrent.ConcurrentSkipListSet;
 
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.DatatypeConverter;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.xml.bind.DatatypeConverter;
 
 import org.jetbrains.annotations.NotNull;
 import org.owasp.esapi.Validator;
@@ -344,7 +344,7 @@ public ResponseEntity<ApiResponse<List<FederateGroupAssociation>>> getFederateGr
 				Validator validator = MartiValidator.getInstance();
 				if (groupsInbound != null && !groupsInbound.isEmpty()) {
 					for (String group : groupsInbound){
-						if(validator.isValidInput("Federate group", group, MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, false)) {
+						if (validator.isValidInput("Federate group", group, MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, false)) {
 							federateGroupAssociations.add(new FederateGroupAssociation(federateId, group, DirectionValue.INBOUND));
 						}
 					}
@@ -352,7 +352,7 @@ public ResponseEntity<ApiResponse<List<FederateGroupAssociation>>> getFederateGr
 
 				if (groupsOutbound != null && !groupsOutbound.isEmpty()) {
 					for (String group : groupsOutbound) {
-						if(validator.isValidInput("Federate group", group, MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, false)) {
+						if (validator.isValidInput("Federate group", group, MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, false)) {
 							federateGroupAssociations.add(new FederateGroupAssociation(federateId, group, DirectionValue.OUTBOUND));
 						}
 					}
@@ -625,7 +625,7 @@ public ResponseEntity<ApiResponse<List<FederateCAGroupAssociation>>> getFederate
 		List<FederateCAGroupAssociation> federateCAGroupAssociations = new ArrayList<FederateCAGroupAssociation>();
 
 		try{
-			if(caId == null || caId.trim().length() == 0){
+			if (caId == null || caId.trim().length() == 0){
 				result = new ResponseEntity<ApiResponse<List<FederateCAGroupAssociation>>>(new ApiResponse<List<FederateCAGroupAssociation>>(Constants.API_VERSION, FederateCAGroupAssociation.class.getName(), null),
 						HttpStatus.BAD_REQUEST);
 			}
@@ -635,13 +635,13 @@ public ResponseEntity<ApiResponse<List<FederateCAGroupAssociation>>> getFederate
 
 				Validator validator = MartiValidator.getInstance();
 				for(String groupName : inboundGroups){
-					if(validator.isValidInput("Federate CA group", groupName, MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, false)) {
+					if (validator.isValidInput("Federate CA group", groupName, MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, false)) {
 						federateCAGroupAssociations.add(new FederateCAGroupAssociation(caId, groupName, DirectionValue.INBOUND));
 					}
 				}
 
 				for(String groupName : outboundGroups){
-					if(validator.isValidInput("Federate CA group", groupName, MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, false)) {
+					if (validator.isValidInput("Federate CA group", groupName, MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, false)) {
 						federateCAGroupAssociations.add(new FederateCAGroupAssociation(caId, groupName, DirectionValue.OUTBOUND));
 					}
 				}
@@ -654,7 +654,7 @@ public ResponseEntity<ApiResponse<List<FederateCAGroupAssociation>>> getFederate
 			logger.error("Exception getting federate CA groups", e);
 		}
 
-		if(result == null){
+		if (result == null){
 			result = new ResponseEntity<ApiResponse<List<FederateCAGroupAssociation>>>(new ApiResponse<List<FederateCAGroupAssociation>>(Constants.API_VERSION, FederateCAGroupAssociation.class.getName(),
 					null), HttpStatus.INTERNAL_SERVER_ERROR);
 		}
@@ -670,14 +670,14 @@ public ResponseEntity<ApiResponse<String>> addFederateCAGroup(@RequestBody Feder
 
 		try{
 			errors = getValidationErrors(federateCAGroupAssociation);
-			if(errors.isEmpty()){
+			if (errors.isEmpty()){
 				Set<String> groups = new HashSet<String>(1);
 				groups.add(federateCAGroupAssociation.getGroup());
 				logger.debug("Federate CA Group Association: " + federateCAGroupAssociation);
-				if(federateCAGroupAssociation.getDirection() == DirectionValue.INBOUND){
+				if (federateCAGroupAssociation.getDirection() == DirectionValue.INBOUND){
 					federationInterface.addInboundGroupToCA(federateCAGroupAssociation.getCaId(), groups);
 				}
-				else if(federateCAGroupAssociation.getDirection() == DirectionValue.OUTBOUND){
+				else if (federateCAGroupAssociation.getDirection() == DirectionValue.OUTBOUND){
 					federationInterface.addOutboundGroupToCA(federateCAGroupAssociation.getCaId(), groups);
 				}
 				else{
@@ -697,7 +697,7 @@ else if(federateCAGroupAssociation.getDirection() == DirectionValue.OUTBOUND){
 			errors.add(e.getMessage());
 		}
 
-		if(result == null){
+		if (result == null){
 			result = new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, String.class.getName(), null, errors),
 					HttpStatus.INTERNAL_SERVER_ERROR);
 		}
@@ -714,14 +714,14 @@ public ResponseEntity<ApiResponse<String>> removeFederateCAGroup(@PathVariable("
 			FederateCAGroupAssociation federateCAGroupAssociation = new FederateCAGroupAssociation(caId, group, directionValue);
 			logger.debug("DELETE FederateCAGroupAssociation: " + federateCAGroupAssociation);
 			errors = getValidationErrors(federateCAGroupAssociation);
-			if(errors.isEmpty()){
+			if (errors.isEmpty()){
 				Set<String> groups = new HashSet<String>(1);
 				groups.add(federateCAGroupAssociation.getGroup());
 
-				if(federateCAGroupAssociation.getDirection() == DirectionValue.INBOUND){
+				if (federateCAGroupAssociation.getDirection() == DirectionValue.INBOUND){
 					federationInterface.removeInboundGroupFromCA(federateCAGroupAssociation.getCaId(), groups);
 				}
-				else if(federateCAGroupAssociation.getDirection() == DirectionValue.OUTBOUND){
+				else if (federateCAGroupAssociation.getDirection() == DirectionValue.OUTBOUND){
 					federationInterface.removeOutboundGroupFromCA(federateCAGroupAssociation.getCaId(), groups);
 				}
 				else{
@@ -742,7 +742,7 @@ else if(federateCAGroupAssociation.getDirection() == DirectionValue.OUTBOUND){
 
 		}
 
-		if(result ==  null){
+		if (result ==  null){
 			result = new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, String.class.getName(), null, errors),
 					HttpStatus.INTERNAL_SERVER_ERROR);
 		}
@@ -765,7 +765,7 @@ public ResponseEntity<ApiResponse<String>> setFederateCAHops(@RequestBody Federa
 			errors.add(e.getMessage());
 		}
 
-		if(result == null){
+		if (result == null){
 			result = new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, String.class.getName(), null, errors),
 					HttpStatus.INTERNAL_SERVER_ERROR);
 		}
@@ -814,6 +814,41 @@ public ResponseEntity<ApiResponse<Federation.FederationOutgoing>> createOutgoing
 		return result;
 	}
 
+	@RequestMapping(value = "/outgoingconnections", method = RequestMethod.PUT)
+	public ResponseEntity<ApiResponse<Federation.FederationOutgoing>> updateOutgoingConnection(@RequestBody Map<String, Federation.FederationOutgoing> outgoingConnections) {		
+		ResponseEntity<ApiResponse<Federation.FederationOutgoing>> result = null;
+
+		List<String> errors = null;
+		try {
+			Federation.FederationOutgoing original = outgoingConnections.get("original");
+			Federation.FederationOutgoing update = outgoingConnections.get("update");
+			
+			errors = getValidationErrors(update);
+			if (errors.isEmpty()) {
+				federationInterface.updateOutgoingConnection(original, update);
+
+				result = new ResponseEntity<ApiResponse<Federation.FederationOutgoing>>(new ApiResponse<Federation.FederationOutgoing>(Constants.API_VERSION,
+						Federation.FederationOutgoing.class.getName(), update), HttpStatus.OK);
+			} else {
+				result = new ResponseEntity<ApiResponse<Federation.FederationOutgoing>>(new ApiResponse<Federation.FederationOutgoing>(Constants.API_VERSION,
+						Federation.FederationOutgoing.class.getName(), update, errors), HttpStatus.BAD_REQUEST);
+			}
+		} catch (Exception e) {
+			logger.error("Exception editing outgoing connection.", e);
+			//The types of errors we'll see here concern missing cert files or lack of root access
+			//for lower port numbers the user has provided.
+			errors.add(e.getMessage());
+		}
+		
+		if (result == null) {
+			//This would be an error condition (not an empty input list or bad request)
+			result = new ResponseEntity<ApiResponse<Federation.FederationOutgoing>>(new ApiResponse<Federation.FederationOutgoing>(Constants.API_VERSION,
+					Federation.FederationOutgoing.class.getName(), null, errors), HttpStatus.INTERNAL_SERVER_ERROR);
+		}
+
+		return result;
+	}
+	
 	@RequestMapping(value = "/outgoingconnections/{name}", method = RequestMethod.GET)
 	public ResponseEntity<ApiResponse<Federation.FederationOutgoing>> getOutgoingConnection(@PathVariable("name") String name, HttpServletResponse response) {
 
@@ -990,7 +1025,7 @@ public ResponseEntity<ApiResponse<Federate>> updateFederateDetails(@RequestBody
 			errors = getValidationErrors(federate);
 			if (errors.isEmpty()) {
 				federationInterface.updateFederateDetails(federate.getId(), federate.isArchive(), federate.isShareAlerts(),
-						federate.isFederatedGroupMapping(), federate.isAutomaticGroupMapping(), federate.getNotes(), federate.getMaxHops());
+						federate.isFederatedGroupMapping(), federate.isAutomaticGroupMapping(), federate.isFallbackWhenNoGroupMappings(), federate.getNotes(), federate.getMaxHops());
 
 				result = new ResponseEntity<ApiResponse<Federate>>(new ApiResponse<Federate>(Constants.API_VERSION,
 						Federate.class.getName(), federate), HttpStatus.OK);
@@ -1088,20 +1123,20 @@ private List<String> getValidationErrors(FederateGroupAssociation federateGroupA
 	private List<String> getValidationErrors(FederateCAGroupAssociation federateCAGroupAssociation){
 		List<String> errors = new ArrayList<String>();
 
-		if(federateCAGroupAssociation.getCaId() == null || federateCAGroupAssociation.getCaId().trim().length() == 0){
+		if (federateCAGroupAssociation.getCaId() == null || federateCAGroupAssociation.getCaId().trim().length() == 0){
 			errors.add("Certificate Authority ID must not be null or a zero length string.");
 		}
 		else{
 			federateCAGroupAssociation.setCaId(federateCAGroupAssociation.getCaId().trim());
 		}
 
-		if(federateCAGroupAssociation.getGroup() == null || federateCAGroupAssociation.getGroup().trim().length() == 0){
+		if (federateCAGroupAssociation.getGroup() == null || federateCAGroupAssociation.getGroup().trim().length() == 0){
 			errors.add("Group must not be null or a zero length string.");
 		}
 		else{
 			federateCAGroupAssociation.setGroup(federateCAGroupAssociation.getGroup().trim());
 
-			if(federateCAGroupAssociation.getGroup().length() > FEDERATE_GROUP_NAME_MAX_LENGTH){
+			if (federateCAGroupAssociation.getGroup().length() > FEDERATE_GROUP_NAME_MAX_LENGTH){
 				errors.add("Group name must not be longer than " + FEDERATE_GROUP_NAME_MAX_LENGTH + " characters.");
 			}
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/FederationConfigApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/FederationConfigApi.java
index 883e4e3b..826891ec 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/FederationConfigApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/FederationConfigApi.java
@@ -48,16 +48,16 @@ public ResponseEntity<ApiResponse<FederationConfigInfo>> getFederationConfig(){
     public ResponseEntity<ApiResponse<String>> modifyFederationConfig(@RequestBody FederationConfigInfo info){
         try {
         	File truststoreFileObj = new File(info.getTruststorePath());
-        	if(!truststoreFileObj.exists()) {
+        	if (!truststoreFileObj.exists()) {
         		return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, FederationConfigInfo.class.getName(), "Failed to modify Federation config - Truststore File specified does not exist"),
         				HttpStatus.BAD_REQUEST);
         	}
-        	if(!FilenameUtils.getExtension(info.getTruststorePath()).equals("jks")) {
+        	if (!FilenameUtils.getExtension(info.getTruststorePath()).equals("jks")) {
         		return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, FederationConfigInfo.class.getName(), "Failed to modify Federation config - Truststore File specified is not a .jks file"),
         				HttpStatus.BAD_REQUEST);
         	}
             federationInterface.modifyFederationConfig(info);
-			MessagingIgniteBroker.brokerVoidServiceCalls((s) -> ((FederationManager) s).reconfigureFederation(), Constants.DISTRIBUTED_FEDERATION_MANAGER, FederationManager.class);
+            MessagingIgniteBroker.brokerVoidServiceCalls((s) -> ((FederationManager) s).reconfigureFederation(), Constants.DISTRIBUTED_FEDERATION_MANAGER, FederationManager.class);
             return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, FederationConfigInfo.class.getName(), "Successfully modified Federation config"), HttpStatus.OK);
         }
         catch (Exception e){
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/HomeApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/HomeApi.java
index df009191..06c938ae 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/HomeApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/HomeApi.java
@@ -8,8 +8,8 @@
 import java.util.List;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.io.IOUtils;
 import org.slf4j.Logger;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/LDAPApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/LDAPApi.java
index fcb54667..d11c71d2 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/LDAPApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/LDAPApi.java
@@ -2,11 +2,16 @@
 
 package com.bbn.marti.network;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Comparator;
+import java.util.List;
+import java.util.NavigableSet;
+import java.util.Set;
+import java.util.SortedSet;
 import java.util.concurrent.ConcurrentSkipListSet;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/SecurityAuthenticationApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/SecurityAuthenticationApi.java
index f7f37063..446e80e2 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/SecurityAuthenticationApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/SecurityAuthenticationApi.java
@@ -1,10 +1,13 @@
 package com.bbn.marti.network;
-import java.io.File;
-import java.util.Collection;
-import java.util.HashMap;
-
-
 
+import com.bbn.marti.config.CAType;
+import com.bbn.marti.cot.search.model.ApiResponse;
+import com.bbn.marti.remote.AuthenticationConfigInfo;
+import com.bbn.marti.remote.SecurityConfigInfo;
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import com.bbn.marti.remote.groups.GroupManager;
+import com.bbn.marti.remote.service.SecurityManager;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import org.apache.commons.io.FilenameUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -15,18 +18,13 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
-
-import com.bbn.marti.config.CAType;
-import com.bbn.marti.cot.search.model.ApiResponse;
-import com.bbn.marti.remote.AuthenticationConfigInfo;
-import com.bbn.marti.remote.groups.GroupManager;
-import com.bbn.marti.remote.service.SecurityManager;
-import com.bbn.marti.remote.SecurityConfigInfo;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-
 import tak.server.Constants;
 import tak.server.ignite.MessagingIgniteBroker;
 
+import java.io.File;
+import java.util.Collection;
+import java.util.HashMap;
+
 
 @RestController
 public class SecurityAuthenticationApi extends BaseRestController {
@@ -43,43 +41,44 @@ private static GroupManager getGroupManager() {
         }
 
         groupManager = SpringContextBeanForApi.getSpringContext().getBean(
-                com.bbn.marti.remote.groups.GroupManager.class);
+            com.bbn.marti.remote.groups.GroupManager.class);
         return groupManager;
     }
 
     @RequestMapping(value = "/authentication/config", method = RequestMethod.GET)
-    public ResponseEntity<ApiResponse<AuthenticationConfigInfo>> getAuthConfig(){
+    public ResponseEntity<ApiResponse<AuthenticationConfigInfo>> getAuthConfig() {
         try {
             AuthenticationConfigInfo info = MessagingIgniteBroker.brokerServiceCalls(service -> ((SecurityManager) service)
-            		.getAuthenticationConfig(), Constants.DISTRIBUTED_SECURITY_MANAGER, SecurityManager.class);
+                .getAuthenticationConfig(), Constants.DISTRIBUTED_SECURITY_MANAGER, SecurityManager.class);
 
-            if(info != null) {
-            	return new ResponseEntity<ApiResponse<AuthenticationConfigInfo>>(new ApiResponse<AuthenticationConfigInfo>(Constants.API_VERSION, AuthenticationConfigInfo.class.getName(), info), HttpStatus.OK);
-            }
-            else {
-            	return new ResponseEntity<ApiResponse<AuthenticationConfigInfo>>(new ApiResponse<AuthenticationConfigInfo>(Constants.API_VERSION, AuthenticationConfigInfo.class.getName(), null), HttpStatus.OK);
+            if (info != null) {
+                return new ResponseEntity<ApiResponse<AuthenticationConfigInfo>>(new ApiResponse<AuthenticationConfigInfo>(Constants.API_VERSION, AuthenticationConfigInfo.class.getName(), info), HttpStatus.OK);
+            } else {
+                return new ResponseEntity<ApiResponse<AuthenticationConfigInfo>>(new ApiResponse<AuthenticationConfigInfo>(Constants.API_VERSION, AuthenticationConfigInfo.class.getName(), null), HttpStatus.OK);
             }
-        }
-        catch (Exception e){
-        	logger.error("Error getting authentication config: " + e.toString());
+        } catch (Exception e) {
+            logger.error("Error getting authentication config: " + e.toString());
             return new ResponseEntity<ApiResponse<AuthenticationConfigInfo>>(new ApiResponse<AuthenticationConfigInfo>(Constants.API_VERSION, AuthenticationConfigInfo.class.getName(), null), HttpStatus.BAD_REQUEST);
         }
     }
 
     @RequestMapping(value = "/authentication/config", method = RequestMethod.PUT)
-    public ResponseEntity<ApiResponse<String>> modifyAuthConfig(@RequestBody AuthenticationConfigInfo info){
-        try{
-			MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((SecurityManager) service)
-					.modifyAuthenticationConfig(info), Constants.DISTRIBUTED_SECURITY_MANAGER, SecurityManager.class);
+    public ResponseEntity<ApiResponse<String>> modifyAuthConfig(@RequestBody AuthenticationConfigInfo info) {
+        try {
+            if (CoreConfigFacade.getInstance().isCluster()) {
+                CoreConfigFacade.getInstance().modifyAuthenticationConfig(info);
+            } else {
+                MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((SecurityManager) service)
+                    .modifyAuthenticationConfig(info), Constants.DISTRIBUTED_SECURITY_MANAGER, SecurityManager.class);
+            }
             return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, AuthenticationConfigInfo.class.getName(), "Successfully modified authentication config"), HttpStatus.OK);
-        }
-        catch (Exception e){
+        } catch (Exception e) {
             return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, AuthenticationConfigInfo.class.getName(), "Failed to modify authentication config"), HttpStatus.BAD_REQUEST);
         }
     }
 
     @RequestMapping(value = "/authentication/config", method = RequestMethod.POST)
-    public ResponseEntity<ApiResponse<String>> testAuthConfig(){
+    public ResponseEntity<ApiResponse<String>> testAuthConfig() {
 
         HttpStatus result = HttpStatus.INTERNAL_SERVER_ERROR;
 
@@ -87,46 +86,44 @@ public ResponseEntity<ApiResponse<String>> testAuthConfig(){
             if (getGroupManager().testLdap()) {
                 result = HttpStatus.OK;
             }
-        }
-        catch (Exception e){
+        } catch (Exception e) {
             logger.error("exception in testAuthConfig!", e);
         }
 
         return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(
-                Constants.API_VERSION, AuthenticationConfigInfo.class.getName(),
-                "Auth config testing " + (result == HttpStatus.OK ? "passed" : "failed")), result);
+            Constants.API_VERSION, AuthenticationConfigInfo.class.getName(),
+            "Auth config testing " + (result == HttpStatus.OK ? "passed" : "failed")), result);
     }
 
     @RequestMapping(value = "/security/config", method = RequestMethod.GET)
-    public ResponseEntity<ApiResponse<SecurityConfigInfo>> getSecConfig(){
+    public ResponseEntity<ApiResponse<SecurityConfigInfo>> getSecConfig() {
         try {
             SecurityConfigInfo info = securityManager.getSecurityConfig();
             return new ResponseEntity<ApiResponse<SecurityConfigInfo>>(new ApiResponse<SecurityConfigInfo>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), info), HttpStatus.OK);
-        }
-        catch (Exception e){
-        	logger.error("Error getting security config: " + e.toString());
+        } catch (Exception e) {
+            logger.error("Error getting security config: " + e.toString());
             return new ResponseEntity<ApiResponse<SecurityConfigInfo>>(new ApiResponse<SecurityConfigInfo>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), null), HttpStatus.BAD_REQUEST);
         }
     }
 
     @RequestMapping(value = "/security/config", method = RequestMethod.PUT)
-    public ResponseEntity<ApiResponse<String>> modifySecConfig(@RequestBody SecurityConfigInfo info){
+    public ResponseEntity<ApiResponse<String>> modifySecConfig(@RequestBody SecurityConfigInfo info) {
         try {
             File keystoreFileObj = new File(info.getKeystoreFile());
             File truststoreFileObj = new File(info.getTruststoreFile());
-            if(!keystoreFileObj.exists()) {
-            	return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), "Failed to modify config - Keystore File specified does not exist"), HttpStatus.BAD_REQUEST);
+            if (!keystoreFileObj.exists()) {
+                return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), "Failed to modify config - Keystore File specified does not exist"), HttpStatus.BAD_REQUEST);
             }
-            if(!truststoreFileObj.exists()) {
-             	return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), "Failed to modify config - Truststore File specified does not exist"), HttpStatus.BAD_REQUEST);
+            if (!truststoreFileObj.exists()) {
+                return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), "Failed to modify config - Truststore File specified does not exist"), HttpStatus.BAD_REQUEST);
             }
 
-            if(!FilenameUtils.getExtension(info.getKeystoreFile()).equals("jks")) {
-            	return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), "Failed to modify config - Keystore File specified is not a .jks file"), HttpStatus.BAD_REQUEST);
+            if (!FilenameUtils.getExtension(info.getKeystoreFile()).equals("jks")) {
+                return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), "Failed to modify config - Keystore File specified is not a .jks file"), HttpStatus.BAD_REQUEST);
             }
 
-            if(!FilenameUtils.getExtension(info.getTruststoreFile()).equals("jks")) {
-            	return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), "Failed to modify config - Truststore File specified is not a .jks file"), HttpStatus.BAD_REQUEST);
+            if (!FilenameUtils.getExtension(info.getTruststoreFile()).equals("jks")) {
+                return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), "Failed to modify config - Truststore File specified is not a .jks file"), HttpStatus.BAD_REQUEST);
             }
 
             if (info.isEnableEnrollment()) {
@@ -151,12 +148,18 @@ public ResponseEntity<ApiResponse<String>> modifySecConfig(@RequestBody Security
                 }
             }
 
-			MessagingIgniteBroker.brokerNonLocalVoidServiceCalls(service -> ((SecurityManager) service)
-					.modifySecurityConfig(info), Constants.DISTRIBUTED_SECURITY_MANAGER, SecurityManager.class);
+            // If changes are saved during activation of the change the nodes can hit a situation where
+            // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+            // the update which can lead to state consistency issues
+            if (CoreConfigFacade.getInstance().isCluster()) {
+                CoreConfigFacade.getInstance().modifySecurityConfig(info);
+            } else {
+                MessagingIgniteBroker.brokerNonLocalVoidServiceCalls(service -> ((SecurityManager) service)
+                    .modifySecurityConfig(info), Constants.DISTRIBUTED_SECURITY_MANAGER, SecurityManager.class);
+            }
 
             return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), "Successfully modified security config"), HttpStatus.OK);
-        }
-        catch (Exception e){
+        } catch (Exception e) {
             return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, SecurityConfigInfo.class.getName(), "Failed to modify security config"), HttpStatus.BAD_REQUEST);
         }
     }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/SubmissionApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/SubmissionApi.java
index ca6c4e21..820dfcc8 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/SubmissionApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/SubmissionApi.java
@@ -13,9 +13,10 @@
 import java.util.UUID;
 import java.util.concurrent.ConcurrentSkipListSet;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 import javax.sql.DataSource;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -62,121 +63,130 @@
  */
 @RestController
 public class SubmissionApi extends BaseRestController {
-	
-    private static final String CONTEXT = "SubmissionApi";
-    
-    Logger logger = LoggerFactory.getLogger(SubmissionApi.class);
 
-    @Autowired
-    private MartiValidator validator;
+	private static final String CONTEXT = "SubmissionApi";
 
-    @Autowired
-    ApplicationContext context;
+    private static String MASK_WORD_FOR_DISPLAY = "********";
 
-    @Autowired
-    private InputManager inputManager;
+	Logger logger = LoggerFactory.getLogger(SubmissionApi.class);
+
+	@Autowired
+	private MartiValidator validator;
+
+	@Autowired
+	ApplicationContext context;
+
+	@Autowired
+	private InputManager inputManager;
 
-    @Autowired
-	private CoreConfig coreConfig;
-    
 	@Autowired
 	private CommonUtil commonUtil;
 
-    @Autowired
-    private GroupManager groupManager;
-    
-    @Autowired
-    private RemoteUtil remoteUtil;
-	
-    @Autowired
-    DataFeedRepository dataFeedRepository;
-    
-    @Autowired
-    DataFeedService dfs;
-    
-    @Autowired
+	@Autowired
+	private GroupManager groupManager;
+
+	@Autowired
+	private RemoteUtil remoteUtil;
+
+	@Autowired
+	DataFeedRepository dataFeedRepository;
+
+	@Autowired
+	DataFeedService dfs;
+
+	@Autowired
 	DataSource ds;
-    
-    @RequestMapping(value = "/datafeeds/{name}", method = RequestMethod.GET)
-    public ResponseEntity<ApiResponse<DataFeed>> getDataFeed(@PathVariable("name") String name) {
-
-    	ResponseEntity<ApiResponse<DataFeed>> result = null;
-        try {
-            if (!getInputNameValidationErrors(name).isEmpty()) {
-                result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
-                		DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
-            } else {
-            	String groupVector = commonUtil.getGroupVectorBitString();
-                List<DataFeedDTO> dataFeeds = dataFeedRepository.getDataFeedByGroup(name, groupVector);
-                if (dataFeeds == null || dataFeeds.size() != 1) {
-                    result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
-                    		DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
-                } else {
+
+	@RequestMapping(value = "/datafeeds/{name}", method = RequestMethod.GET)
+	public ResponseEntity<ApiResponse<DataFeed>> getDataFeed(@PathVariable("name") String name) {
+
+		ResponseEntity<ApiResponse<DataFeed>> result = null;
+		try {
+			if (!getInputNameValidationErrors(name).isEmpty()) {
+				result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
+						DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
+			} else {
+				String groupVector = commonUtil.getGroupVectorBitString();
+				List<DataFeedDTO> dataFeeds = dataFeedRepository.getDataFeedByGroup(name, groupVector);
+				if (dataFeeds == null || dataFeeds.size() != 1) {
+					result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
+							DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
+				} else {
 					DataFeedDTO dataFeedDTO = dataFeeds.get(0);
-    				DataFeed returnDataFeed = dfs.adaptDataFeedDTOtoDataFeed(dataFeedDTO);
-    				result = new ResponseEntity<ApiResponse<DataFeed>>(
-    						new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), returnDataFeed),
-    						HttpStatus.OK);
-                }
-            }
-        } catch (Exception e) {
-            logger.error("Exception getting data feed.", e);
-        	result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
-        			HttpStatus.INTERNAL_SERVER_ERROR);
-        }
-
-    	return result;
-    }
-
-    @RequestMapping(value = "/datafeeds/{name}", method = RequestMethod.DELETE)
-    public ResponseEntity<ApiResponse<DataFeed>> deleteDataFeed(@PathVariable("name") String name) {
-
-    	ResponseEntity<ApiResponse<DataFeed>> result = null;
-    	String groupVector = commonUtil.getGroupVectorBitString();
-    	List<DataFeedDTO> dataFeeds = new ArrayList<>();
-
-    	// Verify correct groups before deleting from config file
-        try {
-            if (!getInputNameValidationErrors(name).isEmpty()) {
-                result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
-                		DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
-            } else {
-            	// only check groups if not admin
-            	if (!commonUtil.isAdmin()) {
-            		dataFeeds = dataFeedRepository.getDataFeedByGroup(name, groupVector);
-                    if (dataFeeds == null || dataFeeds.size() != 1) {
-                        result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
-        						DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
-                    }	
-            	} else {
-            		dataFeeds = dataFeedRepository.getDataFeedByName(name);
-            	}
-            }
-        } catch (Exception ex) {
-        	result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
-        			HttpStatus.INTERNAL_SERVER_ERROR);
-        }
-        
-        if (result != null) {
-        	return result;
-        }
-    	
-        try {
-            if (!getInputNameValidationErrors(name).isEmpty()) {
-                return new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
+					DataFeed returnDataFeed = dfs.adaptDataFeedDTOtoDataFeed(dataFeedDTO);
+					result = new ResponseEntity<ApiResponse<DataFeed>>(
+							new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), returnDataFeed),
+							HttpStatus.OK);
+				}
+			}
+		} catch (Exception e) {
+			logger.error("Exception getting data feed.", e);
+			result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
+					HttpStatus.INTERNAL_SERVER_ERROR);
+		}
+
+		return result;
+	}
+
+	@RequestMapping(value = "/datafeeds/{name}", method = RequestMethod.DELETE)
+	public ResponseEntity<ApiResponse<DataFeed>> deleteDataFeed(@PathVariable("name") String name) {
+
+		ResponseEntity<ApiResponse<DataFeed>> result = null;
+		String groupVector = commonUtil.getGroupVectorBitString();
+		List<DataFeedDTO> dataFeeds = new ArrayList<>();
+
+		// Verify correct groups before deleting from config file
+		try {
+			if (!getInputNameValidationErrors(name).isEmpty()) {
+				result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
+						DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
+			} else {
+				// only check groups if not admin
+				if (!commonUtil.isAdmin()) {
+					dataFeeds = dataFeedRepository.getDataFeedByGroup(name, groupVector);
+					if (dataFeeds == null || dataFeeds.size() != 1) {
+						result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
+								DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
+					}
+				} else {
+					dataFeeds = dataFeedRepository.getDataFeedByName(name);
+				}
+			}
+		} catch (Exception ex) {
+			result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
+					HttpStatus.INTERNAL_SERVER_ERROR);
+		}
+
+		if (result != null) {
+			return result;
+		}
+
+		try {
+			if (!getInputNameValidationErrors(name).isEmpty()) {
+				return new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
 						DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
 			} else {
 				// Delete from config file
+                // If changes are saved during activation of the change the nodes can hit a situation where
+                // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+                // the update which can lead to state consistency issues
+                if (CoreConfigFacade.getInstance().isCluster()) {
 				MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((InputManager) service)
-						.deleteDataFeed(name), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                        .deleteDataFeed(name, false), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                    CoreConfigFacade.getInstance().removeDataFeedAndSave(name);
+                } else {
+                    MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((InputManager) service)
+                        .deleteDataFeed(name, true), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                }
+
 			}
 		} catch (Exception e) {
 			logger.error("Exception deleting data feed from config file.", e);
 
 			// Shouldn't return error in case deleting from database is needed
-    	}
+		}
 
-        try {
+		try {
 			// Delete from database
 			if (dataFeeds.size() > 0 && dataFeeds.get(0) != null) {
 				Long dataFeedId = dataFeeds.get(0).getId();
@@ -188,574 +198,662 @@ public ResponseEntity<ApiResponse<DataFeed>> deleteDataFeed(@PathVariable("name"
 						new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
 						HttpStatus.OK);
 			} else {
-                result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
+				result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
 						DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
 			}
 
 
 		} catch (Exception e) {
 			logger.error("Exception deleting data feed from database.", e);
-        	result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
-        			HttpStatus.INTERNAL_SERVER_ERROR);
+			result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
+					HttpStatus.INTERNAL_SERVER_ERROR);
 		}
 
-        return result;
-    }
+		return result;
+	}
+
+	@RequestMapping(value = "/datafeeds/{name}", method = RequestMethod.PUT)
+	public ResponseEntity<ApiResponse<DataFeed>> modifyDataFeed(@PathVariable("name") String name,
+																@RequestBody com.bbn.marti.config.DataFeed dataFeed) {
+		ResponseEntity<ApiResponse<DataFeed>> result = null;
 
-    @RequestMapping(value = "/datafeeds/{name}", method = RequestMethod.PUT)
-    public ResponseEntity<ApiResponse<DataFeed>> modifyDataFeed(@PathVariable("name") String name,
-    		 @RequestBody com.bbn.marti.config.DataFeed dataFeed) {
-    	ResponseEntity<ApiResponse<DataFeed>> result = null;
-    	
-    	try {
-        	String groupVector = commonUtil.getGroupVectorBitString();
+		try {
+			String groupVector = commonUtil.getGroupVectorBitString();
 
-    		List<DataFeedDTO> dataFeeds = dataFeedRepository.getDataFeedByName(name);
+			List<DataFeedDTO> dataFeeds = dataFeedRepository.getDataFeedByName(name);
 			int type = DataFeedType.valueOf(dataFeed.getType()).ordinal();
 
-            if (!getInputNameValidationErrors(name).isEmpty() || dataFeeds == null || dataFeeds.size() != 1) {
-                result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
+			if (!getInputNameValidationErrors(name).isEmpty() || dataFeeds == null || dataFeeds.size() != 1) {
+				result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
 						DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
-			} else if (DataFeedType.valueOf(dataFeed.getType()) == DataFeedType.Federation){	
+			} else if (DataFeedType.valueOf(dataFeed.getType()) == DataFeedType.Federation){
 				// federation needs to be handled a little different. it does not have a core config entry, and only has a few editable attributes
 				dataFeedRepository.updateDataFeedWithGroupVector(dataFeed.getUuid(), dataFeed.getName(), type,
 						dataFeed.getAuth().toString(), dataFeed.getPort(), dataFeed.isAuthRequired(), dataFeed.getProtocol(),
 						dataFeed.getGroup(), dataFeed.getIface(), dataFeed.isArchive(), dataFeed.isAnongroup(),
 						dataFeed.isArchiveOnly(), dataFeed.getCoreVersion(), dataFeed.getCoreVersion2TlsVersions(),
 						dataFeed.isSync(), dataFeed.getSyncCacheRetentionSeconds(), groupVector, dataFeed.isFederated(), dataFeed.isBinaryPayloadWebsocketOnly(), null, null, null, null);
-				
+
 				inputManager.updateFederationDataFeed(dataFeed);
 
 			} else {
-	    		dataFeeds = dataFeedRepository.getDataFeedByGroup(name, groupVector);
-	    		if (dataFeeds == null || dataFeeds.size() != 1) {
-	    			return new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
+				dataFeeds = dataFeedRepository.getDataFeedByGroup(name, groupVector);
+				if (dataFeeds == null || dataFeeds.size() != 1) {
+					return new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
 							DataFeed.class.getName(), null), HttpStatus.BAD_REQUEST);
-	    		}
+				}
 
 				Long dataFeedId = dataFeeds.get(0).getId();
+
+                ConnectionModifyResult updateResult;
+
 				// Update config file
-				ConnectionModifyResult updateResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
-						.modifyInput(name, dataFeed), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                // If changes are saved during activation of the change the nodes can hit a situation where
+                // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+                // the update which can lead to state consistency issues
+                if (CoreConfigFacade.getInstance().isCluster()) {
+                    updateResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                        .modifyInput(name, dataFeed, false), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+
+                    if (updateResult.getHttpStatusCode() == ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
+                        updateResult = CoreConfigFacade.getInstance().updateInputGroupsNoSave(name, dataFeed.getFiltergroup().toArray(new String[dataFeed.getFiltergroup().size()]));
+                        if (updateResult.getHttpStatusCode() != ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
+                            return new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
+                                HttpStatus.INTERNAL_SERVER_ERROR);
+                        }
+
+                        CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
+
+                        CoreConfigFacade.getInstance().updateTagsNoSave(name, dataFeed.getTag());
+
+                        if (dataFeed.isSync() != dataFeed.isSync()) {
+                            ConnectionModifyResult commandResult = CoreConfigFacade.getInstance().setSyncFlagNoSave(name, dataFeed.isSync());
+                            if (commandResult.getHttpStatusCode() != ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
+                                return new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
+                                    HttpStatus.valueOf(commandResult.getHttpStatusCode()));
+                            }
+                        }
+                        CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
+                    }
+                } else {
+                    updateResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                        .modifyInput(name, dataFeed, true), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                }
+
 				if (updateResult.getHttpStatusCode() == ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
 					dataFeedRepository.updateDataFeedWithGroupVector(dataFeed.getUuid(), dataFeed.getName(), type,
 							dataFeed.getAuth().toString(), dataFeed.getPort(), dataFeed.isAuthRequired(), dataFeed.getProtocol(),
 							dataFeed.getGroup(), dataFeed.getIface(), dataFeed.isArchive(), dataFeed.isAnongroup(),
 							dataFeed.isArchiveOnly(), dataFeed.getCoreVersion(), dataFeed.getCoreVersion2TlsVersions(),
-											 //dataFeed.isSync(), 1, groupVector, dataFeed.isFederated());
+							//dataFeed.isSync(), 1, groupVector, dataFeed.isFederated());
 							dataFeed.isSync(), dataFeed.getSyncCacheRetentionSeconds(), groupVector, dataFeed.isFederated(), dataFeed.isBinaryPayloadWebsocketOnly(), null, null, null, null);
 
 					if (dataFeed.getTag() != null && dataFeed.getTag().size() > 0) {
 						dataFeedRepository.removeAllDataFeedTagsById(dataFeedId);
-						dataFeedRepository.addDataFeedTags(dataFeedId, dataFeed.getTag());
+						dataFeedRepository.addDataFeedTags(dataFeedId, dataFeed.getTag().toArray(String[]::new));
 					}
 
 					if (dataFeed.getFiltergroup() != null && dataFeed.getFiltergroup().size() > 0) {
 						dataFeedRepository.removeAllDataFeedFilterGroupsById(dataFeedId);
-						dataFeedRepository.addDataFeedFilterGroups(dataFeedId, dataFeed.getFiltergroup());
+						dataFeedRepository.addDataFeedFilterGroups(dataFeedId, dataFeed.getFiltergroup().toArray(String[]::new));
 					}
 
-	    			result = new ResponseEntity<ApiResponse<DataFeed>>(
-	    					new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
-	    					HttpStatus.OK);
+					result = new ResponseEntity<ApiResponse<DataFeed>>(
+							new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
+							HttpStatus.OK);
 
 				} else {
 					result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
-		        		HttpStatus.INTERNAL_SERVER_ERROR);
+							HttpStatus.INTERNAL_SERVER_ERROR);
 				}
 			}
-    	} catch (Exception e) {
-    		logger.error("Failed updating data feed", e);
-        	result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
-        			HttpStatus.INTERNAL_SERVER_ERROR);
-    	}
-
-    	return result;
-    }
-
-    @RequestMapping(value = "/datafeeds", method = RequestMethod.POST)
-    public ResponseEntity<ApiResponse<DataFeed>> createDataFeed(@RequestBody com.bbn.marti.config.DataFeed dataFeed) {
-
-    	ResponseEntity<ApiResponse<DataFeed>> result = null;
-    	DataFeed returnDataFeed = new DataFeed(dataFeed);
-        List<String> errors = new ArrayList<>();
-        
-        // Needed for permissions to access data feed
-        if (dataFeed.getFiltergroup().size() == 0) {
-        	dataFeed.getFiltergroup().add(Constants.ANON_GROUP);
-        }
-        
+		} catch (Exception e) {
+			logger.error("Failed updating data feed", e);
+			result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null),
+					HttpStatus.INTERNAL_SERVER_ERROR);
+		}
+
+		return result;
+	}
+
+	@RequestMapping(value = "/datafeeds", method = RequestMethod.POST)
+	public ResponseEntity<ApiResponse<DataFeed>> createDataFeed(@RequestBody com.bbn.marti.config.DataFeed dataFeed) {
+
+		ResponseEntity<ApiResponse<DataFeed>> result = null;
+		DataFeed returnDataFeed = new DataFeed(dataFeed);
+		List<String> errors = new ArrayList<>();
+
+		// Needed for permissions to access data feed
+		if (dataFeed.getFiltergroup().size() == 0) {
+			dataFeed.getFiltergroup().add(Constants.ANON_GROUP);
+		}
+
 		Set<Group> groups = groupManager.findGroups(dataFeed.getFiltergroup());
 		String groupVector = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
 
 		try {
-        	if (dataFeed.getUuid() == null) {
-        		dataFeed.setUuid(UUID.randomUUID().toString());
-        	}
+			if (dataFeed.getUuid() == null) {
+				dataFeed.setUuid(UUID.randomUUID().toString());
+			}
 
 			errors = getDataFeedValidationErrors(dataFeed);
 
-        	if (errors.isEmpty()) {
-            	// Add dataFeed to config file
-	            NetworkInputAddResult addResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
-	            		.createDataFeed(dataFeed), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
-	            
-	            if (addResult == NetworkInputAddResult.SUCCESS) {
-	        		// Add dataFeed to database
-	            	int type = DataFeedType.valueOf(dataFeed.getType()).ordinal();
-	            	String auth = dataFeed.getAuth().toString();
-
-	            	Long dataFeedId = dataFeedRepository.addDataFeed(dataFeed.getUuid(), dataFeed.getName(), type, auth, dataFeed.getPort(),
-	            			dataFeed.isAuthRequired(), dataFeed.getProtocol(), dataFeed.getGroup(), dataFeed.getIface(), dataFeed.isArchive(),
-	            			dataFeed.isAnongroup(), dataFeed.isArchiveOnly(), dataFeed.getCoreVersion(), dataFeed.getCoreVersion2TlsVersions(),
-	            			dataFeed.isSync(), dataFeed.getSyncCacheRetentionSeconds(), groupVector, dataFeed.isFederated(), dataFeed.isBinaryPayloadWebsocketOnly(), null, null, null, null);
-
-	            	if (dataFeed.getTag() != null && dataFeed.getTag().size() > 0) {
-	            		dataFeedRepository.addDataFeedTags(dataFeedId, dataFeed.getTag());
-	            	}
-	            	
+			if (errors.isEmpty()) {
+                NetworkInputAddResult addResult;
+				// Add dataFeed to config file
+                // If changes are saved during activation of the change the nodes can hit a situation where
+                // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+                // the update which can lead to state consistency issues
+                if (CoreConfigFacade.getInstance().isCluster()) {
+                    addResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                        .createDataFeed(dataFeed, false), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                    if (addResult == NetworkInputAddResult.SUCCESS) {
+                        if (dataFeed.getProtocol() == null || dataFeed.getType().equals("Plugin")) {
+                            CoreConfigFacade.getInstance().addInputAndSave(dataFeed);
+                        }
+                    }
+                } else {
+                    addResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                        .createDataFeed(dataFeed, true), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                }
+
+				if (addResult == NetworkInputAddResult.SUCCESS) {
+					// Add dataFeed to database
+					int type = DataFeedType.valueOf(dataFeed.getType()).ordinal();
+					String auth = dataFeed.getAuth().toString();
+
+					Long dataFeedId = dataFeedRepository.addDataFeed(dataFeed.getUuid(), dataFeed.getName(), type, auth, dataFeed.getPort(),
+							dataFeed.isAuthRequired(), dataFeed.getProtocol(), dataFeed.getGroup(), dataFeed.getIface(), dataFeed.isArchive(),
+							dataFeed.isAnongroup(), dataFeed.isArchiveOnly(), dataFeed.getCoreVersion(), dataFeed.getCoreVersion2TlsVersions(),
+							dataFeed.isSync(), dataFeed.getSyncCacheRetentionSeconds(), groupVector, dataFeed.isFederated(), dataFeed.isBinaryPayloadWebsocketOnly(), null, null, null, null);
+
+					if (dataFeed.getTag() != null && dataFeed.getTag().size() > 0) {
+						dataFeedRepository.addDataFeedTags(dataFeedId, dataFeed.getTag().toArray(String[]::new));
+					}
+
 					if (dataFeed.getFiltergroup() != null && dataFeed.getFiltergroup().size() > 0) {
-						dataFeedRepository.addDataFeedFilterGroups(dataFeedId, dataFeed.getFiltergroup());
+						dataFeedRepository.addDataFeedFilterGroups(dataFeedId, dataFeed.getFiltergroup().toArray(String[]::new));
 					}
-	            	
+
 					result = new ResponseEntity<ApiResponse<DataFeed>>(
 							new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), returnDataFeed),
 							HttpStatus.OK);
-	            } else {
-	            	logger.error("Error adding data feed to config file " + addResult.getDisplayMessage());
-	            	errors.add(addResult.getDisplayMessage());
-	            }
-            } else {
-	            result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
-	            		DataFeed.class.getName(), returnDataFeed, errors), HttpStatus.BAD_REQUEST);
-            }
-        } catch (Exception e) {
-            logger.error("Exception adding input.", e);
-            errors.add(e.getMessage());
-        }
-
-        if (result == null) {
-        	result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null, errors),
-        			HttpStatus.INTERNAL_SERVER_ERROR);
-        }
-
-        return result;
-    }
-    
-    @RequestMapping(value = "/inputs", method = RequestMethod.GET)
-    public ResponseEntity<ApiResponse<SortedSet<InputMetric>>> getInputMetrics(
-    		@RequestParam(value = "excludeDataFeeds", defaultValue = "false") boolean excludeDataFeeds, HttpServletResponse response) {
-
-    	setCacheHeaders(response);
-
-        SortedSet<InputMetric> metrics = null;
-
-        // sort metrics by input port number, then name
-        try {
-            metrics = new ConcurrentSkipListSet<InputMetric>(new Comparator<InputMetric>() {
-                @Override
-                public int compare(InputMetric thiz, InputMetric that) {
-                    return ComparisonChain.start()
-                            .compare(thiz.getInput().getPort(), that.getInput().getPort())
-                            .compare(thiz.getInput().getName(), that.getInput().getName())
-                            .result();
-                }
-            });
+				} else {
+					logger.error("Error adding data feed to config file " + addResult.getDisplayMessage());
+					errors.add(addResult.getDisplayMessage());
+				}
+			} else {
+				result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION,
+						DataFeed.class.getName(), returnDataFeed, errors), HttpStatus.BAD_REQUEST);
+			}
+		} catch (Exception e) {
+			logger.error("Exception adding input.", e);
+			errors.add(e.getMessage());
+		}
 
-            Collection<InputMetric> inputs = inputManager.getInputMetrics(excludeDataFeeds);
+		if (result == null) {
+			result = new ResponseEntity<ApiResponse<DataFeed>>(new ApiResponse<DataFeed>(Constants.API_VERSION, DataFeed.class.getName(), null, errors),
+					HttpStatus.INTERNAL_SERVER_ERROR);
+		}
 
-            if (logger.isDebugEnabled()) {
-            	logger.info("inputs: " + inputs);
-            }
+		return result;
+	}
 
-            metrics.addAll(inputs);
-        } catch (Exception e) {
-        	if (logger.isDebugEnabled()) {
-        		logger.debug("Exception getting input metrics", e);
-        	}
-        }
-
-        if (metrics != null) {
-            return new ResponseEntity<ApiResponse<SortedSet<InputMetric>>>(new ApiResponse<SortedSet<InputMetric>>(Constants.API_VERSION, InputMetric.class.getName(), metrics), HttpStatus.OK);
-        } else {
-        	//This would be an error condition (not an empty input list)
-            return new ResponseEntity<ApiResponse<SortedSet<InputMetric>>>(new ApiResponse<SortedSet<InputMetric>>(Constants.API_VERSION, InputMetric.class.getName(), null), HttpStatus.INTERNAL_SERVER_ERROR);
-        }
-    }
-
-    @RequestMapping(value = "/inputs/{name}", method = RequestMethod.DELETE)
-    public ResponseEntity<ApiResponse<Input>> deleteInput(@PathVariable("name") String name) {
-
-        //Not clear what the payload for the ApiResponse should be here (Integer number of inputs deleted, the input itself). We don't have either of these returned by service
-    	//layer for now, so just set payload to Input and set the value to null.
-    	ResponseEntity<ApiResponse<Input>> result = null;
-
-
-        try {
-            if (!getInputNameValidationErrors(name).isEmpty()) {
-                result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION,
-                		Input.class.getName(), null), HttpStatus.BAD_REQUEST);
-            } else {
-	        	if (inputManager != null) {
-	        		MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((InputManager) service).deleteInput(name), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
-		            
-	        		//Again, we're returning ok even if nothing was actually deleted, which is not ideal, but we need to change the
-		            //interface to return something besides void here
-		            result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION,
-		            		Input.class.getName(), null), HttpStatus.OK);
-	            }
-            }
-        } catch (Exception e) {
-            logger.error("Exception deleting input.", e);
-        }
+	@RequestMapping(value = "/inputs", method = RequestMethod.GET)
+	public ResponseEntity<ApiResponse<SortedSet<InputMetric>>> getInputMetrics(
+			@RequestParam(value = "excludeDataFeeds", defaultValue = "false") boolean excludeDataFeeds, HttpServletResponse response) {
 
-        if (result == null) {
-        	//This would be an error condition (not an empty input list or a bad request)
-        	result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION, Input.class.getName(), null),
-        			HttpStatus.INTERNAL_SERVER_ERROR);
-        }
+		setCacheHeaders(response);
 
-        return result;
-    }
+		SortedSet<InputMetric> metrics = null;
 
-    @RequestMapping(value = "/inputs/{id}", method = RequestMethod.PUT)
-    public ResponseEntity<ApiResponse<ConnectionModifyResult>> modifyInput(@PathVariable("id") String id, @RequestBody Input input) {
+		// sort metrics by input port number, then name
+		try {
+			metrics = new ConcurrentSkipListSet<InputMetric>(new Comparator<InputMetric>() {
+				@Override
+				public int compare(InputMetric thiz, InputMetric that) {
+					return ComparisonChain.start()
+							.compare(thiz.getInput().getPort(), that.getInput().getPort())
+							.compare(thiz.getInput().getName(), that.getInput().getName())
+							.result();
+				}
+			});
 
-    	ResponseEntity<ApiResponse<ConnectionModifyResult>> result = null;
+			Collection<InputMetric> inputs = inputManager.getInputMetrics(excludeDataFeeds);
 
-    	List<String> errors = new ArrayList<>();
+			if (logger.isDebugEnabled()) {
+				logger.info("inputs: " + inputs);
+			}
 
-    	try {
-    		ConnectionModifyResult updateResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
-    				.modifyInput(id, input), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+			metrics.addAll(inputs);
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("Exception getting input metrics", e);
+			}
+		}
 
-    		result = new ResponseEntity<ApiResponse<ConnectionModifyResult>>(new ApiResponse<ConnectionModifyResult>(Constants.API_VERSION,
-    				ConnectionModifyResult.class.getName(), updateResult), HttpStatus.valueOf(updateResult.getHttpStatusCode()));
+		if (metrics != null) {
+			return new ResponseEntity<ApiResponse<SortedSet<InputMetric>>>(new ApiResponse<SortedSet<InputMetric>>(Constants.API_VERSION, InputMetric.class.getName(), metrics), HttpStatus.OK);
+		} else {
+			//This would be an error condition (not an empty input list)
+			return new ResponseEntity<ApiResponse<SortedSet<InputMetric>>>(new ApiResponse<SortedSet<InputMetric>>(Constants.API_VERSION, InputMetric.class.getName(), null), HttpStatus.INTERNAL_SERVER_ERROR);
+		}
+	}
 
-    	} catch (Exception e) {
-    		logger.error("Exception updating input.", e);
-    		//In general, revealing raw exceptions to the user is not a good idea, but for now, as discussed,
-    		//we'll leave this in until more granular exceptions are thrown by the service layer.
-    		//The types of errors we'll see here concern missing cert files or lack of root access
-    		//for lower port numbers the user has provided.
-    		errors.add(e.getMessage());
-    	}
+	@RequestMapping(value = "/inputs/{name}", method = RequestMethod.DELETE)
+    public ResponseEntity<ApiResponse<Input>> deoleteInput(@PathVariable("name") String name) {
 
-    	if (result == null) {
-    		//This would be an error condition (not an empty input list or bad request)
-    		result = new ResponseEntity<ApiResponse<ConnectionModifyResult>>(new ApiResponse<ConnectionModifyResult>(Constants.API_VERSION,
-    				ConnectionModifyResult.class.getName(), new ConnectionModifyResult("Error: No response received from server.", HttpStatus.INTERNAL_SERVER_ERROR.value())),
-    				HttpStatus.INTERNAL_SERVER_ERROR);
-    	}
+		//Not clear what the payload for the ApiResponse should be here (Integer number of inputs deleted, the input itself). We don't have either of these returned by service
+		//layer for now, so just set payload to Input and set the value to null.
+		ResponseEntity<ApiResponse<Input>> result = null;
 
-    	return result;
-    }
 
-    @RequestMapping(value = "/inputs", method = RequestMethod.POST)
-    public ResponseEntity<ApiResponse<Input>> createInput(@RequestBody Input input) {
+		try {
+			if (!getInputNameValidationErrors(name).isEmpty()) {
+				result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION,
+						Input.class.getName(), null), HttpStatus.BAD_REQUEST);
+			} else {
+				if (inputManager != null) {
+                    // If changes are saved during activation of the change the nodes can hit a situation where
+                    // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+                    // the update which can lead to state consistency issues
+                    if (CoreConfigFacade.getInstance().isCluster()) {
+                        MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((InputManager) service).deleteInput(name, false), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                        CoreConfigFacade.getInstance().removeInputAndSave(name);
+                    } else {
+                        MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((InputManager) service).deleteInput(name, true), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                    }
+
+					//Again, we're returning ok even if nothing was actually deleted, which is not ideal, but we need to change the
+					//interface to return something besides void here
+					result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION,
+							Input.class.getName(), null), HttpStatus.OK);
+				}
+			}
+		} catch (Exception e) {
+			logger.error("Exception deleting input.", e);
+		}
 
-        ResponseEntity<ApiResponse<Input>> result = null;
+		if (result == null) {
+			//This would be an error condition (not an empty input list or a bad request)
+			result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION, Input.class.getName(), null),
+					HttpStatus.INTERNAL_SERVER_ERROR);
+		}
 
-        List<String> errors = null;
+		return result;
+	}
 
-        try {
-        	errors = getValidationErrors(input);
-            if (errors.isEmpty()) {
+	@RequestMapping(value = "/inputs/{id}", method = RequestMethod.PUT)
+	public ResponseEntity<ApiResponse<ConnectionModifyResult>> modifyInput(@PathVariable("id") String id, @RequestBody Input input) {
 
-	            NetworkInputAddResult addResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
-	            		.createInput(input), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+		ResponseEntity<ApiResponse<ConnectionModifyResult>> result = null;
 
-	            if (addResult == NetworkInputAddResult.SUCCESS) {
-		            result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION,
-		            		Input.class.getName(), input), HttpStatus.OK);
-	            } else {
-	            	logger.error("NetworkInputAddResult was " + addResult.getDisplayMessage());
-	            	errors.add(addResult.getDisplayMessage());
-	            }
-            } else {
-	            result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION,
-	            		Input.class.getName(), input, errors), HttpStatus.BAD_REQUEST);
-            }
-        } catch (Exception e) {
-            logger.error("Exception adding input.", e);
-            //In general, revealing raw exceptions to the user is not a good idea, but for now, as discussed,
-            //we'll leave this in until more granular exceptions are thrown by the service layer.
-            //The types of errors we'll see here concern missing cert files or lack of root access
-            //for lower port numbers the user has provided.
-            errors.add(e.getMessage());
-        }
-
-        if (result == null) {
-        	//This would be an error condition (not an empty input list or bad request)
-        	result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION, Input.class.getName(), null, errors),
-        			HttpStatus.INTERNAL_SERVER_ERROR);
-        }
-
-        return result;
-    }
-
-    @RequestMapping(value = "/inputs/{name}", method = RequestMethod.GET)
-    public ResponseEntity<ApiResponse<InputMetric>> getInputMetric(@PathVariable("name") String name, HttpServletResponse response) {
-
-    	setCacheHeaders(response);
-
-        //Really the way this function is used is to get an Input, not an InputMetric, but leave it as generic for CRUD purposes
-        InputMetric metric = null;
-        ResponseEntity<ApiResponse<InputMetric>> result = null;
-
-        try {
-            if (!getInputNameValidationErrors(name).isEmpty()) {
-                result = new ResponseEntity<ApiResponse<InputMetric>>(new ApiResponse<InputMetric>(Constants.API_VERSION,
-                		InputMetric.class.getName(), null), HttpStatus.BAD_REQUEST);
+		List<String> errors = new ArrayList<>();
+
+		try {
+            ConnectionModifyResult updateResult;
+            // If changes are saved during activation of the change the nodes can hit a situation where
+            // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+            // the update which can lead to state consistency issues
+            if (CoreConfigFacade.getInstance().isCluster()) {
+                updateResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                    .modifyInput(id, input, false), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+
+                if (updateResult.getHttpStatusCode() == ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
+                    updateResult = CoreConfigFacade.getInstance().updateInputGroupsNoSave(id, input.getFiltergroup().toArray(new String[input.getFiltergroup().size()]));
+                    if (updateResult.getHttpStatusCode() == ConnectionModifyResult.SUCCESS.getHttpStatusCode()) {
+                        CoreConfigFacade.getInstance().saveChangesAndUpdateCache();
+                    }
+                }
             } else {
-            	Collection<InputMetric> metrics = inputManager.getInputMetrics(false);
-            	if (metrics != null) {
-            		for (InputMetric m : metrics) {
-            			if (m.getInput().getName().equalsIgnoreCase(name)) {
-            				metric = m;
-            				break;
-            			}
-            		}
-            	}
-            	result = new ResponseEntity<ApiResponse<InputMetric>>(new ApiResponse<InputMetric>(Constants.API_VERSION,
-	            		InputMetric.class.getName(), metric), HttpStatus.OK);
+                updateResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                    .modifyInput(id, input, true), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
             }
-        } catch (Exception e) {
-        	if (logger.isDebugEnabled()) {
-        		logger.debug("Exception getting input metric", e);
-        	}
-        }
 
-        if (result == null) {
-        	//This would be an error condition (not an empty input list or bad request)
-        	result = new ResponseEntity<ApiResponse<InputMetric>>(new ApiResponse<InputMetric>(Constants.API_VERSION,
-            		InputMetric.class.getName(), null), HttpStatus.INTERNAL_SERVER_ERROR);
-        }
 
-        return result;
-    }
+			result = new ResponseEntity<ApiResponse<ConnectionModifyResult>>(new ApiResponse<ConnectionModifyResult>(Constants.API_VERSION,
+					ConnectionModifyResult.class.getName(), updateResult), HttpStatus.valueOf(updateResult.getHttpStatusCode()));
+
+		} catch (Exception e) {
+			logger.error("Exception updating input.", e);
+			//In general, revealing raw exceptions to the user is not a good idea, but for now, as discussed,
+			//we'll leave this in until more granular exceptions are thrown by the service layer.
+			//The types of errors we'll see here concern missing cert files or lack of root access
+			//for lower port numbers the user has provided.
+			errors.add(e.getMessage());
+		}
+
+		if (result == null) {
+			//This would be an error condition (not an empty input list or bad request)
+			result = new ResponseEntity<ApiResponse<ConnectionModifyResult>>(new ApiResponse<ConnectionModifyResult>(Constants.API_VERSION,
+					ConnectionModifyResult.class.getName(), new ConnectionModifyResult("Error: No response received from server.", HttpStatus.INTERNAL_SERVER_ERROR.value())),
+					HttpStatus.INTERNAL_SERVER_ERROR);
+		}
+
+		return result;
+	}
+
+	@RequestMapping(value = "/inputs", method = RequestMethod.POST)
+	public ResponseEntity<ApiResponse<Input>> createInput(@RequestBody Input input) {
+
+		ResponseEntity<ApiResponse<Input>> result = null;
+
+		List<String> errors = null;
+
+		try {
+			errors = getValidationErrors(input);
+			if (errors.isEmpty()) {
+                NetworkInputAddResult addResult;
+                // If changes are saved during activation of the change the nodes can hit a situation where
+                // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+                // the update which can lead to state consistency issues
+                if (CoreConfigFacade.getInstance().isCluster()) {
+                    addResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                        .createInput(input, false), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                    if (addResult == NetworkInputAddResult.SUCCESS) {
+                        CoreConfigFacade.getInstance().addInputAndSave(input);
+                    }
+                } else {
+                    addResult = MessagingIgniteBroker.brokerServiceCalls(service -> ((InputManager) service)
+                        .createInput(input, true), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+                }
+
+				if (addResult == NetworkInputAddResult.SUCCESS) {
+					result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION,
+							Input.class.getName(), input), HttpStatus.OK);
+				} else {
+					logger.error("NetworkInputAddResult was " + addResult.getDisplayMessage());
+					errors.add(addResult.getDisplayMessage());
+				}
+			} else {
+				result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION,
+						Input.class.getName(), input, errors), HttpStatus.BAD_REQUEST);
+			}
+		} catch (Exception e) {
+			logger.error("Exception adding input.", e);
+			//In general, revealing raw exceptions to the user is not a good idea, but for now, as discussed,
+			//we'll leave this in until more granular exceptions are thrown by the service layer.
+			//The types of errors we'll see here concern missing cert files or lack of root access
+			//for lower port numbers the user has provided.
+			errors.add(e.getMessage());
+		}
+
+		if (result == null) {
+			//This would be an error condition (not an empty input list or bad request)
+			result = new ResponseEntity<ApiResponse<Input>>(new ApiResponse<Input>(Constants.API_VERSION, Input.class.getName(), null, errors),
+					HttpStatus.INTERNAL_SERVER_ERROR);
+		}
 
-    @RequestMapping(value = "/inputs/config", method = RequestMethod.GET)
+		return result;
+	}
+
+	@RequestMapping(value = "/inputs/{name}", method = RequestMethod.GET)
+	public ResponseEntity<ApiResponse<InputMetric>> getInputMetric(@PathVariable("name") String name, HttpServletResponse response) {
+
+		setCacheHeaders(response);
+
+		//Really the way this function is used is to get an Input, not an InputMetric, but leave it as generic for CRUD purposes
+		InputMetric metric = null;
+		ResponseEntity<ApiResponse<InputMetric>> result = null;
+
+		try {
+			if (!getInputNameValidationErrors(name).isEmpty()) {
+				result = new ResponseEntity<ApiResponse<InputMetric>>(new ApiResponse<InputMetric>(Constants.API_VERSION,
+						InputMetric.class.getName(), null), HttpStatus.BAD_REQUEST);
+			} else {
+				Collection<InputMetric> metrics = inputManager.getInputMetrics(false);
+				if (metrics != null) {
+					for (InputMetric m : metrics) {
+						if (m.getInput().getName().equalsIgnoreCase(name)) {
+							metric = m;
+							break;
+						}
+					}
+				}
+				result = new ResponseEntity<ApiResponse<InputMetric>>(new ApiResponse<InputMetric>(Constants.API_VERSION,
+						InputMetric.class.getName(), metric), HttpStatus.OK);
+			}
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("Exception getting input metric", e);
+			}
+		}
+
+		if (result == null) {
+			//This would be an error condition (not an empty input list or bad request)
+			result = new ResponseEntity<ApiResponse<InputMetric>>(new ApiResponse<InputMetric>(Constants.API_VERSION,
+					InputMetric.class.getName(), null), HttpStatus.INTERNAL_SERVER_ERROR);
+		}
+
+		return result;
+	}
+
+	@RequestMapping(value = "/inputs/config", method = RequestMethod.GET)
 	public ResponseEntity<ApiResponse<MessagingConfigInfo>> getConfigInfo(){
-    	try{
-    		MessagingConfigInfo messagingConfigInfo = inputManager.getConfigInfo();
-    		return new ResponseEntity<ApiResponse<MessagingConfigInfo>>(new ApiResponse<MessagingConfigInfo>(Constants.API_VERSION, MessagingConfigInfo.class.getName(),
+		try{
+			MessagingConfigInfo messagingConfigInfo = inputManager.getConfigInfo();
+			return new ResponseEntity<ApiResponse<MessagingConfigInfo>>(new ApiResponse<MessagingConfigInfo>(Constants.API_VERSION, MessagingConfigInfo.class.getName(),
 					messagingConfigInfo), HttpStatus.OK);
-		}
-		catch(Exception e){
-    		logger.info("MessagingConfigInfo: " + e.getMessage());
-    		return new ResponseEntity<ApiResponse<MessagingConfigInfo>>(new ApiResponse<MessagingConfigInfo>(Constants.API_VERSION, MessagingConfigInfo.class.getName(),
-			null), HttpStatus.INTERNAL_SERVER_ERROR);
+        } catch (Exception e) {
+			logger.info("MessagingConfigInfo: " + e.getMessage());
+			return new ResponseEntity<ApiResponse<MessagingConfigInfo>>(new ApiResponse<MessagingConfigInfo>(Constants.API_VERSION, MessagingConfigInfo.class.getName(),
+					null), HttpStatus.INTERNAL_SERVER_ERROR);
 		}
 	}
 
 	@RequestMapping(value = "/inputs/config", method = RequestMethod.PUT)
 	public ResponseEntity<ApiResponse<String>> modifyConfigInfo(@RequestBody MessagingConfigInfo msgInfo){
-    	try{
-    	    //Validate username thats displayed to prevent XSS exploit
-    		validator.getValidInput(CONTEXT, msgInfo.getDbUsername(), "MartiSafeString", MartiValidatorConstants.DEFAULT_STRING_CHARS, false);
-
-    		MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((InputManager) service)
+		try{
+			//Validate username thats displayed to prevent XSS exploit
+			validator.getValidInput(CONTEXT, msgInfo.getDbUsername(), "MartiSafeString", MartiValidatorConstants.DEFAULT_STRING_CHARS, false);
+
+            // If changes are saved during activation of the change the nodes can hit a situation where
+            // the first node to complete triggers the CoreConfig update on other nodes before they apply 
+            // the update which can lead to state consistency issues
+            if (CoreConfigFacade.getInstance().isCluster()) {
+                CoreConfigFacade.getInstance().modifyMessagingConfig(msgInfo);
+            } else {
+			MessagingIgniteBroker.brokerVoidServiceCalls(service -> ((InputManager) service)
 					.modifyConfigInfo(msgInfo), Constants.DISTRIBUTED_INPUT_MANAGER, InputManager.class);
+            }
 
-    		return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, MessagingConfigInfo.class.getName(),
+			return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, MessagingConfigInfo.class.getName(),
 					"Successfully modified messaging config"), HttpStatus.OK);
-		}
-		catch (Exception e){
-    		return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, null, null), HttpStatus.BAD_REQUEST);
+        } catch (Exception e) {
+			return new ResponseEntity<ApiResponse<String>>(new ApiResponse<String>(Constants.API_VERSION, null, null), HttpStatus.BAD_REQUEST);
 		}
 	}
 
 	@RequestMapping(value = "/database/cotCount", method = RequestMethod.GET)
 	public ResponseEntity<ApiResponse<Map<String, Integer>>> getDatabaseCotCounts() {
-	    Map<String, Integer> cotCounts = new HashMap<String, Integer>();
-        try {
-            CotImageBean cotBean = context.getBean(CotImageBean.class);
-            cotCounts.put("cotEvents", cotBean.getCountOfCoT());
-            cotCounts.put("cotImages", cotBean.getCountOfImages());
-        } catch (Exception e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        }
-        return new ResponseEntity<ApiResponse<Map<String, Integer>>>(new ApiResponse<Map<String, Integer>>(Constants.API_VERSION, Map.class.getName(), cotCounts), HttpStatus.OK);
+		Map<String, Integer> cotCounts = new HashMap<String, Integer>();
+		try {
+			CotImageBean cotBean = context.getBean(CotImageBean.class);
+			cotCounts.put("cotEvents", cotBean.getCountOfCoT());
+			cotCounts.put("cotImages", cotBean.getCountOfImages());
+		} catch (Exception e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+		return new ResponseEntity<ApiResponse<Map<String, Integer>>>(new ApiResponse<Map<String, Integer>>(Constants.API_VERSION, Map.class.getName(), cotCounts), HttpStatus.OK);
 	}
 
 	@RequestMapping(value = "/inputs/storeForwardChat/enabled", method = RequestMethod.GET)
 	public boolean isStoreForwardChatEnabled() {
-		return coreConfig.getRemoteConfiguration().getBuffer().getQueue().isEnableStoreForwardChat();
+		return CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().isEnableStoreForwardChat();
 	}
 
 	@RequestMapping(value = "/inputs/storeForwardChat/enable", method = RequestMethod.PUT)
 	public void enableStoreForwardChat() {
-		coreConfig.setAndSaveStoreForwardChatEnabled(true);
+		CoreConfigFacade.getInstance().setAndSaveStoreForwardChatEnabled(true);
 	}
 
 	@RequestMapping(value = "/inputs/storeForwardChat/disable", method = RequestMethod.PUT)
 	public void disableStoreForwardChat() {
-		coreConfig.setAndSaveStoreForwardChatEnabled(false);
+		CoreConfigFacade.getInstance().setAndSaveStoreForwardChatEnabled(false);
 	}
 
-    /**
-     * Validates input name for both save and query REST endpoints.
-     *
-     * @param name
-     * @return
-     */
-    private List<String> getInputNameValidationErrors(String name) {
-
-    	List<String> errors = new ArrayList<String>();
-
-    	//Validate input name
-    	if (name == null || name.trim().length() == 0) {
-    		errors.add("Missing input name.");
-    	} else {
-    		name = name.trim();
-
-    		if (name.length() > INPUT_NAME_MAX_LENGTH) {
-    			errors.add("Invalid input name length.");
-    		} else {
-    			if (name.replaceFirst("^[A-Za-z0-9_\\s]+$", "").length() > 0) {
-    				errors.add("Invalid input name.");
-    			}
-    		}
-    	}
-
-    	return errors;
-    }
-
-
-    private List<String> getValidationErrors(Input input) {
-
-    	List<String> errors = new ArrayList<String>();
-
-    	if (input == null) {
-    		//Should not occur
-    		errors.add("Missing input definition.");
-    	} else {
-	    	//Validate auth type (required)
-	    	if (input.getAuth() == null) {
-	    		errors.add("Missing authentication type.");
-	    	}
-
-	    	//Validate input name
-	    	errors.addAll(getInputNameValidationErrors(input.getName()));
-	    	if (input.getName() != null) {
-	    		input.setName(input.getName().trim());
-	    	}
-
-	    	//Validate protocol
-	    	if (!PROTOCOLS.contains(input.getProtocol().toString().toLowerCase())) {
-	    		errors.add("Invalid protocol selection.");
-	    	} else {
-	    		input.setProtocol(input.getProtocol());
-	    	}
-
-	    	//Validate port
-	    	if (input.getPort() < PORT_RANGE_LOW || input.getPort() > PORT_RANGE_HIGH) {
-	    		errors.add("Invalid port value.");
-	    	}
-
-	    	//Validate multicast group
-	    	if (input.getGroup() != null && input.getGroup().trim().length() > 0) {
-	    		input.setGroup(input.getGroup().trim());
-	    		if (input.getGroup().replaceFirst("^([0-9]{1,3}\\.){3}[0-9]{1,3}$", "").length() > 0) {
-	    			errors.add("Invalid multicast group value.");
-	    		}
-	    	}
-
-	    	//Validate interface
-	    	if (input.getIface() != null && input.getIface().trim().length() > 0) {
-	    		input.setIface(input.getIface().trim());
-	    		if (input.getIface().replaceFirst("^[A-Za-z0-9]+$", "").length() > 0) {
-	    			errors.add("Invalid interface value.");
-	    		}
-	    	}
-
-	    	//Enforce (Anonymous <=> (tcp v udp))
-
-	    	//If protocol is tcp or udp, then auth type must be anonymous
-	    	if ((input.getProtocol().equals("tcp") || input.getProtocol().equals("udp") || input.getProtocol().equals("mcast") || input.getProtocol().equals("cotmcast") ) && input.getAuth() != AuthType.ANONYMOUS) {
-	    		errors.add("If Protocol is set to TCP, UDP or Multicast, then Authentication Type should be Anonymous.");
-	    	}
-
-	    	//Enforce (File v LDAP) <=> (stcp v tls v prototls v cottls))
-	    	//If auth type is file or ldap, then protocol must be stcp or tls
-	    	if ((input.getAuth() == AuthType.FILE || input.getAuth() == AuthType.LDAP) && !(input.getProtocol().equals("stcp") || input.getProtocol().equals("tls") || input.getProtocol().equals("prototls") || input.getProtocol().equals("cottls"))) {
-	    		errors.add("If Authentication Type is set to File or LDAP, then Protocol should be be Streaming TCP or Secure Streaming TCP.");
-	    	}
-
-	    	//If protocol is mcast, then multicast group must not be empty
-	    	if ((input.getProtocol().equals("mcast") || input.getProtocol().equals("cotmcast")) && (input.getGroup() == null || input.getGroup().trim().isEmpty())) {
-	    		errors.add("If Protocol is set to Multicast, then the Multicast Group must be provided.");
-	    	}
-
-	    	//If multicast group must is not empty, then protocol must be mcast
-	    	if (input.getGroup() != null && !input.getGroup().trim().isEmpty() && !input.getProtocol().equals("mcast") && !input.getProtocol().equals("cotmcast")) {
-	    		errors.add("If the Multicast Group is provided, then Protocol should be set to Multicast.");
-	    	}
-    	}
-
-    	return errors;
-    }
-    
-    private List<String> getDataFeedValidationErrors(com.bbn.marti.config.DataFeed dataFeed) {
-    	List<String> errors = new ArrayList<>();
-
-    	if (dataFeed == null) {
-    		//Should not occur
-    		errors.add("Missing data feed definition.");
-    	} else {
-
-	    	//Validate input name
-	    	errors.addAll(getInputNameValidationErrors(dataFeed.getName()));
-	    	if (dataFeed.getName() != null) {
-	    		dataFeed.setName(dataFeed.getName().trim());
-	    	}
-
-	    	//Validate feed type
+	/**
+	 * Validates input name for both save and query REST endpoints.
+	 *
+	 * @param name
+	 * @return
+	 */
+	private List<String> getInputNameValidationErrors(String name) {
+
+		List<String> errors = new ArrayList<String>();
+
+		//Validate input name
+		if (name == null || name.trim().length() == 0) {
+			errors.add("Missing input name.");
+		} else {
+			name = name.trim();
+
+			if (name.length() > INPUT_NAME_MAX_LENGTH) {
+				errors.add("Invalid input name length.");
+			} else {
+				if (name.replaceFirst("^[A-Za-z0-9_\\s]+$", "").length() > 0) {
+					errors.add("Invalid input name.");
+				}
+			}
+		}
+
+		return errors;
+	}
+
+
+	private List<String> getValidationErrors(Input input) {
+
+		List<String> errors = new ArrayList<String>();
+
+		if (input == null) {
+			//Should not occur
+			errors.add("Missing input definition.");
+		} else {
+			//Validate auth type (required)
+			if (input.getAuth() == null) {
+				errors.add("Missing authentication type.");
+			}
+
+			//Validate input name
+			errors.addAll(getInputNameValidationErrors(input.getName()));
+			if (input.getName() != null) {
+				input.setName(input.getName().trim());
+			}
+
+			//Validate protocol
+			if (!PROTOCOLS.contains(input.getProtocol().toString().toLowerCase())) {
+				errors.add("Invalid protocol selection.");
+			} else {
+				input.setProtocol(input.getProtocol());
+			}
+
+			//Validate port
+			if (input.getPort() < PORT_RANGE_LOW || input.getPort() > PORT_RANGE_HIGH) {
+				errors.add("Invalid port value.");
+			}
+
+			//Validate multicast group
+			if (input.getGroup() != null && input.getGroup().trim().length() > 0) {
+				input.setGroup(input.getGroup().trim());
+				if (input.getGroup().replaceFirst("^([0-9]{1,3}\\.){3}[0-9]{1,3}$", "").length() > 0) {
+					errors.add("Invalid multicast group value.");
+				}
+			}
+
+			//Validate interface
+			if (input.getIface() != null && input.getIface().trim().length() > 0) {
+				input.setIface(input.getIface().trim());
+				if (input.getIface().replaceFirst("^[A-Za-z0-9]+$", "").length() > 0) {
+					errors.add("Invalid interface value.");
+				}
+			}
+
+			//Enforce (Anonymous <=> (tcp v udp))
+
+			//If protocol is tcp or udp, then auth type must be anonymous
+			if ((input.getProtocol().equals("tcp") || input.getProtocol().equals("udp") || input.getProtocol().equals("mcast") || input.getProtocol().equals("cotmcast") ) && input.getAuth() != AuthType.ANONYMOUS) {
+				errors.add("If Protocol is set to TCP, UDP or Multicast, then Authentication Type should be Anonymous.");
+			}
+
+			//Enforce (File v LDAP) <=> (stcp v tls v prototls v cottls))
+			//If auth type is file or ldap, then protocol must be stcp or tls
+			if ((input.getAuth() == AuthType.FILE || input.getAuth() == AuthType.LDAP) && !(input.getProtocol().equals("stcp") || input.getProtocol().equals("tls") || input.getProtocol().equals("prototls") || input.getProtocol().equals("cottls"))) {
+				errors.add("If Authentication Type is set to File or LDAP, then Protocol should be be Streaming TCP or Secure Streaming TCP.");
+			}
+
+			//If protocol is mcast, then multicast group must not be empty
+			if ((input.getProtocol().equals("mcast") || input.getProtocol().equals("cotmcast")) && (input.getGroup() == null || input.getGroup().trim().isEmpty())) {
+				errors.add("If Protocol is set to Multicast, then the Multicast Group must be provided.");
+			}
+
+			//If multicast group must is not empty, then protocol must be mcast
+			if (input.getGroup() != null && !input.getGroup().trim().isEmpty() && !input.getProtocol().equals("mcast") && !input.getProtocol().equals("cotmcast")) {
+				errors.add("If the Multicast Group is provided, then Protocol should be set to Multicast.");
+			}
+		}
+
+		return errors;
+	}
+
+	private List<String> getDataFeedValidationErrors(com.bbn.marti.config.DataFeed dataFeed) {
+		List<String> errors = new ArrayList<>();
+
+		if (dataFeed == null) {
+			//Should not occur
+			errors.add("Missing data feed definition.");
+		} else {
+
+			//Validate input name
+			errors.addAll(getInputNameValidationErrors(dataFeed.getName()));
+			if (dataFeed.getName() != null) {
+				dataFeed.setName(dataFeed.getName().trim());
+			}
+
+			//Validate feed type
 			if (dataFeed.getType() == null) {
 				errors.add("Null data feed type provided");
 			}
 
-	    	//Validate multicast group
-	    	if (dataFeed.getGroup() != null && dataFeed.getGroup().trim().length() > 0) {
-	    		dataFeed.setGroup(dataFeed.getGroup().trim());
-	    		if (dataFeed.getGroup().replaceFirst("^([0-9]{1,3}\\.){3}[0-9]{1,3}$", "").length() > 0) {
-	    			errors.add("Invalid multicast group value.");
-	    		}
-	    	}
-
-	    	//Validate interface
-	    	if (dataFeed.getIface() != null && dataFeed.getIface().trim().length() > 0) {
-	    		dataFeed.setIface(dataFeed.getIface().trim());
-	    		if (dataFeed.getIface().replaceFirst("^[A-Za-z0-9]+$", "").length() > 0) {
-	    			errors.add("Invalid interface value.");
-	    		}
-	    	}
-
-	    	//Enforce (File v LDAP) <=> (stcp v tls v prototls v cottls))
-	    	//If auth type is file or ldap, then protocol must be stcp or tls
-	    	if ((dataFeed.getAuth() == AuthType.FILE || dataFeed.getAuth() == AuthType.LDAP) && !(dataFeed.getProtocol().equals("stcp") || dataFeed.getProtocol().equals("tls") || dataFeed.getProtocol().equals("prototls") || dataFeed.getProtocol().equals("cottls"))) {
-	    		errors.add("If Authentication Type is set to File or LDAP, then Protocol should be be Streaming TCP or Secure Streaming TCP.");
-	    	}
-
-	    	//If protocol is mcast, then multicast group must not be empty
-	    	if ((dataFeed.getProtocol().equals("mcast") || dataFeed.getProtocol().equals("cotmcast")) && (dataFeed.getGroup() == null || dataFeed.getGroup().trim().isEmpty())) {
-	    		errors.add("If Protocol is set to Multicast, then the Multicast Group must be provided.");
-	    	}
-
-	    	//If multicast group must is not empty, then protocol must be mcast
-	    	if (dataFeed.getGroup() != null && !dataFeed.getGroup().trim().isEmpty() && !dataFeed.getProtocol().equals("mcast") && !dataFeed.getProtocol().equals("cotmcast")) {
-	    		errors.add("If the Multicast Group is provided, then Protocol should be set to Multicast.");
-	    	}
-    	}
+			//Validate multicast group
+			if (dataFeed.getGroup() != null && dataFeed.getGroup().trim().length() > 0) {
+				dataFeed.setGroup(dataFeed.getGroup().trim());
+				if (dataFeed.getGroup().replaceFirst("^([0-9]{1,3}\\.){3}[0-9]{1,3}$", "").length() > 0) {
+					errors.add("Invalid multicast group value.");
+				}
+			}
+
+			//Validate interface
+			if (dataFeed.getIface() != null && dataFeed.getIface().trim().length() > 0) {
+				dataFeed.setIface(dataFeed.getIface().trim());
+				if (dataFeed.getIface().replaceFirst("^[A-Za-z0-9]+$", "").length() > 0) {
+					errors.add("Invalid interface value.");
+				}
+			}
+
+			//Enforce (File v LDAP) <=> (stcp v tls v prototls v cottls))
+			//If auth type is file or ldap, then protocol must be stcp or tls
+			if ((dataFeed.getAuth() == AuthType.FILE || dataFeed.getAuth() == AuthType.LDAP) && !(dataFeed.getProtocol().equals("stcp") || dataFeed.getProtocol().equals("tls") || dataFeed.getProtocol().equals("prototls") || dataFeed.getProtocol().equals("cottls"))) {
+				errors.add("If Authentication Type is set to File or LDAP, then Protocol should be be Streaming TCP or Secure Streaming TCP.");
+			}
+
+			//If protocol is mcast, then multicast group must not be empty
+			if ((dataFeed.getProtocol().equals("mcast") || dataFeed.getProtocol().equals("cotmcast")) && (dataFeed.getGroup() == null || dataFeed.getGroup().trim().isEmpty())) {
+				errors.add("If Protocol is set to Multicast, then the Multicast Group must be provided.");
+			}
+
+			//If multicast group must is not empty, then protocol must be mcast
+			if (dataFeed.getGroup() != null && !dataFeed.getGroup().trim().isEmpty() && !dataFeed.getProtocol().equals("mcast") && !dataFeed.getProtocol().equals("cotmcast")) {
+				errors.add("If the Multicast Group is provided, then Protocol should be set to Multicast.");
+			}
+		}
 		return errors;
-    }
-   
-    private static final int INPUT_NAME_MAX_LENGTH = 30;
-    private static final int PORT_RANGE_LOW = 1;
-    private static final int PORT_RANGE_HIGH = 65535;
-
-    //As discussed with team, this will go into an enum in a future release; ok for now
-    public static final List<String> PROTOCOLS = Collections.unmodifiableList(Arrays.asList("tcp", "udp", "stcp", "tls", "mcast", "cotmcast", "prototls", "cottls"));
+	}
+
+	private static final int INPUT_NAME_MAX_LENGTH = 30;
+	private static final int PORT_RANGE_LOW = 1;
+	private static final int PORT_RANGE_HIGH = 65535;
+
+	//As discussed with team, this will go into an enum in a future release; ok for now
+	public static final List<String> PROTOCOLS = Collections.unmodifiableList(Arrays.asList("tcp", "udp", "stcp", "tls", "mcast", "cotmcast", "prototls", "cottls", "quic", "grpc"));
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/UIDSearchApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/UIDSearchApi.java
index 4c8db7aa..ff0ddf18 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/UIDSearchApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/network/UIDSearchApi.java
@@ -7,7 +7,7 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/AccessTokenResolver.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/AccessTokenResolver.java
new file mode 100644
index 00000000..e06cd2e4
--- /dev/null
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/AccessTokenResolver.java
@@ -0,0 +1,163 @@
+package com.bbn.marti.oauth;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.resource.BearerTokenError;
+import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
+import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
+import org.springframework.util.StringUtils;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class AccessTokenResolver implements BearerTokenResolver {
+
+    private static final String ACCESS_TOKEN_PARAMETER_NAME = "access_token";
+
+    private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?<token>[a-zA-Z0-9-._~+/]+=*)$",
+            Pattern.CASE_INSENSITIVE);
+
+    private boolean allowFormEncodedBodyParameter = false;
+
+    private boolean allowUriQueryParameter = false;
+
+    private String bearerTokenHeaderName = HttpHeaders.AUTHORIZATION;
+
+    @Override
+    public String resolve(final HttpServletRequest request) {
+
+        // TAK - only look for tokens on the oauth port (skip mission tokens on 8443)
+        if (request.getLocalPort() != 8446) {
+            return null;
+        }
+
+        final String authorizationHeaderToken = resolveFromAuthorizationHeader(request);
+        final String parameterToken = isParameterTokenSupportedForRequest(request)
+                ? resolveFromRequestParameters(request) : null;
+        if (authorizationHeaderToken != null) {
+            if (parameterToken != null) {
+                final BearerTokenError error = BearerTokenErrors
+                        .invalidRequest("Found multiple bearer tokens in the request");
+                throw new OAuth2AuthenticationException(error);
+            }
+            return authorizationHeaderToken;
+        }
+        if (parameterToken != null && isParameterTokenEnabledForRequest(request)) {
+            return parameterToken;
+        }
+
+        // TAK - check for access token cookie
+        String accessTokenCookie = extractCookieToken(request);
+        if (accessTokenCookie != null) {
+            return accessTokenCookie;
+        }
+
+        return null;
+    }
+
+
+    protected String extractCookieToken(HttpServletRequest request) {
+        Cookie[] cookies = request.getCookies();
+        if (cookies == null) {
+            return null;
+        }
+
+        for (Cookie cookie : cookies) {
+            if (cookie.getName().compareToIgnoreCase(OAuth2TokenType.ACCESS_TOKEN.getValue()) == 0) {
+                return cookie.getValue();
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * Set if transport of access token using form-encoded body parameter is supported.
+     * Defaults to {@code false}.
+     * @param allowFormEncodedBodyParameter if the form-encoded body parameter is
+     * supported
+     */
+    public void setAllowFormEncodedBodyParameter(boolean allowFormEncodedBodyParameter) {
+        this.allowFormEncodedBodyParameter = allowFormEncodedBodyParameter;
+    }
+
+    /**
+     * Set if transport of access token using URI query parameter is supported. Defaults
+     * to {@code false}.
+     *
+     * The spec recommends against using this mechanism for sending bearer tokens, and
+     * even goes as far as stating that it was only included for completeness.
+     * @param allowUriQueryParameter if the URI query parameter is supported
+     */
+    public void setAllowUriQueryParameter(boolean allowUriQueryParameter) {
+        this.allowUriQueryParameter = allowUriQueryParameter;
+    }
+
+    /**
+     * Set this value to configure what header is checked when resolving a Bearer Token.
+     * This value is defaulted to {@link HttpHeaders#AUTHORIZATION}.
+     *
+     * This allows other headers to be used as the Bearer Token source such as
+     * {@link HttpHeaders#PROXY_AUTHORIZATION}
+     * @param bearerTokenHeaderName the header to check when retrieving the Bearer Token.
+     * @since 5.4
+     */
+    public void setBearerTokenHeaderName(String bearerTokenHeaderName) {
+        this.bearerTokenHeaderName = bearerTokenHeaderName;
+    }
+
+    private String resolveFromAuthorizationHeader(HttpServletRequest request) {
+        String authorization = request.getHeader(this.bearerTokenHeaderName);
+        if (!StringUtils.startsWithIgnoreCase(authorization, "bearer")) {
+            return null;
+        }
+        Matcher matcher = authorizationPattern.matcher(authorization);
+        if (!matcher.matches()) {
+            BearerTokenError error = BearerTokenErrors.invalidToken("Bearer token is malformed");
+            throw new OAuth2AuthenticationException(error);
+        }
+        return matcher.group("token");
+    }
+
+    private static String resolveFromRequestParameters(HttpServletRequest request) {
+        String[] values = request.getParameterValues(ACCESS_TOKEN_PARAMETER_NAME);
+        if (values == null || values.length == 0) {
+            return null;
+        }
+        if (values.length == 1) {
+            return values[0];
+        }
+        BearerTokenError error = BearerTokenErrors.invalidRequest("Found multiple bearer tokens in the request");
+        throw new OAuth2AuthenticationException(error);
+    }
+
+    private boolean isParameterTokenSupportedForRequest(final HttpServletRequest request) {
+        return isFormEncodedRequest(request) || isGetRequest(request);
+    }
+
+    private static boolean isGetRequest(HttpServletRequest request) {
+        return HttpMethod.GET.name().equals(request.getMethod());
+    }
+
+    private static boolean isFormEncodedRequest(HttpServletRequest request) {
+        return MediaType.APPLICATION_FORM_URLENCODED_VALUE.equals(request.getContentType());
+    }
+
+    private static boolean hasAccessTokenInQueryString(HttpServletRequest request) {
+        return (request.getQueryString() != null) && request.getQueryString().contains(ACCESS_TOKEN_PARAMETER_NAME);
+    }
+
+    private boolean isParameterTokenEnabledForRequest(HttpServletRequest request) {
+        return ((this.allowFormEncodedBodyParameter && isFormEncodedRequest(request) && !isGetRequest(request)
+                && !hasAccessTokenInQueryString(request)) || (this.allowUriQueryParameter && isGetRequest(request)));
+    }
+
+}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/AuthCookieUtils.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/AuthCookieUtils.java
index 271efd80..9697dd28 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/AuthCookieUtils.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/AuthCookieUtils.java
@@ -1,17 +1,16 @@
 package com.bbn.marti.oauth;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.ValidationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseCookie;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
 
 import com.bbn.security.web.MartiValidator;
 import com.bbn.security.web.MartiValidatorConstants;
@@ -23,7 +22,11 @@ public class AuthCookieUtils {
     private static final Logger logger = LoggerFactory.getLogger(AuthCookieUtils.class);
     private static final int MAX_NAME_VALUE_SIZE = 4096;
 
-    public static ResponseCookie createCookie(final String name, final String value, int maxAge, boolean sameSiteStrict, String path) {
+    public enum SameSite {
+        Strict, Lax, None
+    };
+
+    public static ResponseCookie createCookie(final String name, final String value, int maxAge, SameSite sameSite, String path) {
 
         String validatedName;
         String validatedValue;
@@ -44,18 +47,24 @@ public static ResponseCookie createCookie(final String name, final String value,
                 .path(path)
                 .maxAge(maxAge);
 
-        if (sameSiteStrict) {
-            responseCookieBuilder = responseCookieBuilder.sameSite("Strict");
-        }
+        responseCookieBuilder = responseCookieBuilder.sameSite(sameSite.name());
 
         return responseCookieBuilder.build();
     }
 
     public static ResponseCookie createCookie(final String name, final String value, int maxAge, boolean sameSiteStrict) {
-        return createCookie(name, value, maxAge, sameSiteStrict, "/");
+        SameSite sameSite = SameSite.Lax;
+        if (sameSiteStrict) {
+            sameSite = SameSite.Strict;
+        }
+        return createCookie(name, value, maxAge, sameSite, "/");
+    }
+
+    public static ResponseCookie createCookie(final String name, final String value, int maxAge, SameSite sameSite) {
+        return createCookie(name, value, maxAge, sameSite, "/");
     }
 
-    public static void logout(HttpServletRequest request, HttpServletResponse response, DefaultTokenServices defaultTokenServices) {
+    public static void logout(HttpServletRequest request, HttpServletResponse response) {
         Cookie[] cookies = request.getCookies();
         if (cookies == null) {
             return;
@@ -67,19 +76,15 @@ public static void logout(HttpServletRequest request, HttpServletResponse respon
         }
 
         for (Cookie cookie : cookies) {
-            if (cookie.getName().compareToIgnoreCase(OAuth2AccessToken.ACCESS_TOKEN) == 0) {
+            if (cookie.getName().compareToIgnoreCase(OAuth2TokenType.ACCESS_TOKEN.getValue()) == 0) {
 
                 String token = cookie.getValue();
 
-                if (defaultTokenServices != null) {
-                    defaultTokenServices.revokeToken(token);
-                }
-
                 response.setHeader("Location", "/webtak/index.html");
                 response.setHeader("Cache-Control", "no-store");
                 response.setHeader("Pragma", "no-cache");
                 response.setHeader(HttpHeaders.SET_COOKIE, createCookie(
-                        OAuth2AccessToken.ACCESS_TOKEN, token, 0, true).toString());
+                        OAuth2TokenType.ACCESS_TOKEN.getValue(), token, 0, true).toString());
 
                 response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
                 return;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/BearerTokenAuthenticationFailureHandler.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/BearerTokenAuthenticationFailureHandler.java
new file mode 100644
index 00000000..68bf3b42
--- /dev/null
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/BearerTokenAuthenticationFailureHandler.java
@@ -0,0 +1,43 @@
+package com.bbn.marti.oauth;
+
+import io.jsonwebtoken.ExpiredJwtException;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpHeaders;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import java.io.IOException;
+
+
+public class BearerTokenAuthenticationFailureHandler
+        implements org.springframework.security.web.authentication.AuthenticationFailureHandler {
+
+    protected static final Logger logger = LoggerFactory.getLogger(BearerTokenAuthenticationFailureHandler.class);
+
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+                                 AuthenticationException exception) throws IOException, ServletException {
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("onAuthenticationFailure", exception.getCause());
+        }
+
+        if (exception.getCause() instanceof ExpiredJwtException) {
+            response.setHeader(HttpHeaders.SET_COOKIE, AuthCookieUtils.createCookie(
+                    OAuth2TokenType.ACCESS_TOKEN.getValue(), null, 0, true).toString());
+            response.setHeader("Pragma", "no-cache");
+            response.setHeader("Cache-Control", "must-revalidate, max-age=0, no-cache, no-store");
+            response.setDateHeader("Expires", 0);
+            response.setHeader("Location", "/login/refresh");
+            response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
+        } else if (exception.getCause() instanceof AuthenticationException) {
+            SecurityContextHolder.clearContext();
+            AuthCookieUtils.logout(request, response);
+            throw exception;
+        }
+    }
+
+}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/OAuthApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/OAuthApi.java
index 29c14d98..de760a34 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/OAuthApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/OAuthApi.java
@@ -9,10 +9,11 @@
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.bbn.marti.config.Tls;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.google.common.base.Strings;
 import okhttp3.OkHttpClient;
 
@@ -23,14 +24,23 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.*;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.http.client.OkHttp3ClientHttpRequestFactory;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.CookieValue;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.view.InternalResourceView;
@@ -38,7 +48,7 @@
 
 import com.bbn.marti.config.Oauth;
 import com.bbn.marti.cot.search.model.ApiResponse;
-import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.util.spring.MartiSocketUserDetailsImpl;
 import com.bbn.security.web.MartiValidatorConstants;
 import tak.server.Constants;
 
@@ -48,9 +58,6 @@ public class OAuthApi {
 
     protected static final Logger logger = LoggerFactory.getLogger(OAuthApi.class);
 
-    @Autowired
-    CoreConfig coreConfig;
-
     @Autowired
     private Validator validator;
 
@@ -129,7 +136,7 @@ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                     }
             };
 
-            Tls tlsConfig = coreConfig.getRemoteConfiguration().getSecurity().getTls();
+            Tls tlsConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity().getTls();
             SSLContext sslContext = SSLContext.getInstance(tlsConfig.getContext());
             sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
 
@@ -164,7 +171,7 @@ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
         // store the access token in a cookie
         String access_token = (String)tokenJson.get(authServer.getAccessTokenName());
         response.addHeader(HttpHeaders.SET_COOKIE, AuthCookieUtils.createCookie(
-                OAuth2AccessToken.ACCESS_TOKEN, access_token, -1, true).toString());
+                OAuth2TokenType.ACCESS_TOKEN.getValue(), access_token, -1, true).toString());
 
         // store the refresh token in the session, if we have one
         if (tokenJson.containsKey(authServer.getRefreshTokenName())) {
@@ -238,28 +245,25 @@ public ModelAndView handleRedirect(
     public ModelAndView handleRefresh(
             HttpServletRequest request, HttpServletResponse response) {
         try {
-            // get the auth server config
             Oauth.AuthServer authServer = getAuthServerConfig();
-            if (authServer == null) {
-                throw new IllegalStateException("missing auth server config");
+            if (authServer != null) {
+                String refreshToken = (String) request.getSession().getAttribute(authServer.getRefreshTokenName());
+                if (Strings.isNullOrEmpty(refreshToken)) {
+                    SecurityContextHolder.clearContext();
+                    AuthCookieUtils.logout(request, response);
+                    return new ModelAndView(new InternalResourceView("/Marti/login/redirect.html"));
+                }
+
+                // build up the parameters for the token request
+                MultiValueMap<String, String> requestBody = new LinkedMultiValueMap<String, String>();
+                requestBody.add("grant_type", "refresh_token");
+                requestBody.add("refresh_token", refreshToken);
+                requestBody.add("client_id", authServer.getClientId());
+                requestBody.add("client_secret", authServer.getSecret());
+
+                processAuthServerRequest(requestBody, request, response);
             }
 
-            String refreshToken = (String) request.getSession().getAttribute(authServer.getRefreshTokenName());
-            if (Strings.isNullOrEmpty(refreshToken)) {
-                SecurityContextHolder.clearContext();
-                AuthCookieUtils.logout(request, response, null);
-                return new ModelAndView(new InternalResourceView("/Marti/login/redirect.html"));
-            }
-
-            // build up the parameters for the token request
-            MultiValueMap<String, String> requestBody = new LinkedMultiValueMap<String, String>();
-            requestBody.add("grant_type", "refresh_token");
-            requestBody.add("refresh_token", refreshToken);
-            requestBody.add("client_id", authServer.getClientId());
-            requestBody.add("client_secret", authServer.getSecret());
-
-            processAuthServerRequest(requestBody, request, response);
-
             return new ModelAndView(new InternalResourceView("/Marti/login/redirect.html"));
 
         } catch (Exception e) {
@@ -285,14 +289,31 @@ public ResponseEntity<ApiResponse<String>> getAuthServerName() {
                 new ApiResponse<String>(Constants.API_VERSION, String.class.getName(), name), status);
     }
 
+    @RequestMapping(value = "/logout", method = { RequestMethod.GET, RequestMethod.POST })
+    public void logout(HttpServletRequest request, HttpServletResponse response) {
+        AuthCookieUtils.logout(request, response);
+    }
+
+    @RequestMapping(value = "/token/access", method = RequestMethod.GET)
+    public ApiResponse<String> getAccessToken(HttpServletRequest request) {
+        if (logger.isDebugEnabled()) {
+            logger.debug("in getAccessToken");
+        }
+
+        String token = ((MartiSocketUserDetailsImpl)SecurityContextHolder.getContext()
+                .getAuthentication().getPrincipal()).getToken();
+
+        return new ApiResponse<String>(Constants.API_VERSION, String.class.getSimpleName(), token);
+    }
+
     private Oauth.AuthServer getAuthServerConfig() {
-        if (coreConfig != null &&
-                coreConfig.getRemoteConfiguration() != null &&
-                coreConfig.getRemoteConfiguration().getAuth() != null &&
-                coreConfig.getRemoteConfiguration().getAuth().getOauth() != null &&
-                coreConfig.getRemoteConfiguration().getAuth().getOauth().getAuthServer() != null &&
-                !coreConfig.getRemoteConfiguration().getAuth().getOauth().getAuthServer().isEmpty()) {
-            return coreConfig.getRemoteConfiguration().getAuth().getOauth().getAuthServer().get(0);
+        if (CoreConfigFacade.getInstance() != null &&
+                CoreConfigFacade.getInstance().getRemoteConfiguration() != null &&
+                CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth() != null &&
+                CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getOauth() != null &&
+                CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getOauth().getAuthServer() != null &&
+                !CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getOauth().getAuthServer().isEmpty()) {
+            return CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getOauth().getAuthServer().get(0);
         }
         return null;
     }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/PasswordGrantAuthenticationConverter.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/PasswordGrantAuthenticationConverter.java
new file mode 100644
index 00000000..a0c36b90
--- /dev/null
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/PasswordGrantAuthenticationConverter.java
@@ -0,0 +1,87 @@
+package com.bbn.marti.oauth;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import com.google.common.base.Strings;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.lang.Nullable;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.oidc.OidcScopes;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
+import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
+import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
+import org.springframework.security.web.authentication.AuthenticationConverter;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+
+import java.time.Duration;
+import java.util.Map;
+import java.util.UUID;
+
+
+public class PasswordGrantAuthenticationConverter implements AuthenticationConverter {
+    @Nullable
+    @Override
+    public Authentication convert(HttpServletRequest request) {
+        // grant_type (REQUIRED)
+        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
+        if (!OAuth2ParameterNames.PASSWORD.equals(grantType)) {
+            return null;
+        }
+
+        MultiValueMap<String, String> parameters = getParameters(request);
+
+        // username (REQUIRED)
+        String username = parameters.getFirst(OAuth2ParameterNames.USERNAME);
+        if (Strings.isNullOrEmpty(username)) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_REQUEST);
+        }
+
+        // password (REQUIRED)
+        String password = parameters.getFirst(OAuth2ParameterNames.PASSWORD);
+        if (Strings.isNullOrEmpty(password)) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_REQUEST);
+        }
+
+        TokenSettings tokenSettings = TokenSettings.builder()
+                .accessTokenFormat(OAuth2TokenFormat.SELF_CONTAINED)
+                .accessTokenTimeToLive(Duration.ofMinutes(
+                        CoreConfigFacade.getInstance().getRemoteConfiguration()
+                                .getNetwork().getHttpSessionTimeoutMinutes()))
+                .build();
+
+        RegisteredClient loginClient = RegisteredClient.withId(UUID.randomUUID().toString())
+                .clientId(username)
+                .clientSecret(password)
+                .clientAuthenticationMethod(ClientAuthenticationMethod.NONE)
+                .authorizationGrantType(AuthorizationGrantType.PASSWORD)
+                .scope(OidcScopes.OPENID)
+                .scope(OidcScopes.PROFILE)
+                .tokenSettings(tokenSettings)
+                .clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
+                .build();
+
+        return new OAuth2ClientAuthenticationToken(
+                loginClient, ClientAuthenticationMethod.NONE, password);
+    }
+
+    private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
+        Map<String, String[]> parameterMap = request.getParameterMap();
+        MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
+        parameterMap.forEach((key, values) -> {
+            if (values.length > 0) {
+                for (String value : values) {
+                    parameters.add(key, value);
+                }
+            }
+        });
+        return parameters;
+    }
+
+}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/PasswordGrantAuthenticationProvider.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/PasswordGrantAuthenticationProvider.java
new file mode 100644
index 00000000..e60121ab
--- /dev/null
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/PasswordGrantAuthenticationProvider.java
@@ -0,0 +1,95 @@
+package com.bbn.marti.oauth;
+
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.core.*;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
+import org.springframework.util.Assert;
+
+public class PasswordGrantAuthenticationProvider implements AuthenticationProvider {
+
+    private final OAuth2AuthorizationService authorizationService;
+    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
+
+    private AuthenticationProvider authenticationProvider;
+
+    public PasswordGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService,
+                                                 OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
+        Assert.notNull(authorizationService, "authorizationService cannot be null");
+        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
+        this.authorizationService = authorizationService;
+        this.tokenGenerator = tokenGenerator;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        OAuth2ClientAuthenticationToken  oAuth2ClientAuthenticationToken =
+                (OAuth2ClientAuthenticationToken) authentication;
+
+        // Ensure the client is authenticated
+        authenticationProvider.authenticate(authentication);
+
+        OAuth2ClientAuthenticationToken clientPrincipal = (OAuth2ClientAuthenticationToken)authentication;
+        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
+
+        // Generate the access token
+        OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
+                .registeredClient(registeredClient)
+                .principal(clientPrincipal)
+                //.authorizationServerContext(AuthorizationServerContextHolder.getContext())
+                .tokenType(OAuth2TokenType.ACCESS_TOKEN)
+                .authorizationGrantType(AuthorizationGrantType.PASSWORD)
+                .authorizationGrant(authentication)
+                .build();
+
+        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
+        if (generatedAccessToken == null) {
+            OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
+                    "The token generator failed to generate the access token.", null);
+            throw new OAuth2AuthenticationException(error);
+        }
+        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+                generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
+                generatedAccessToken.getExpiresAt(), null);
+
+        // Initialize the OAuth2Authorization
+        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
+                .principalName(clientPrincipal.getName())
+                .authorizationGrantType(AuthorizationGrantType.PASSWORD);
+        if (generatedAccessToken instanceof ClaimAccessor) {
+            authorizationBuilder.token(accessToken, (metadata) ->
+                    metadata.put(
+                            OAuth2Authorization.Token.CLAIMS_METADATA_NAME,
+                            ((ClaimAccessor) generatedAccessToken).getClaims())
+            );
+        } else {
+            authorizationBuilder.accessToken(accessToken);
+        }
+        OAuth2Authorization authorization = authorizationBuilder.build();
+
+        // Save the OAuth2Authorization
+        this.authorizationService.save(authorization);
+
+        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken);
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+    public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
+        this.authenticationProvider = authenticationProvider;
+    }
+}
+
+
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/PasswordGrantAuthenticationSuccessHandler.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/PasswordGrantAuthenticationSuccessHandler.java
new file mode 100644
index 00000000..10a409f0
--- /dev/null
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/PasswordGrantAuthenticationSuccessHandler.java
@@ -0,0 +1,69 @@
+package com.bbn.marti.oauth;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.server.ServletServerHttpResponse;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.OAuth2RefreshToken;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
+import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.util.CollectionUtils;
+
+import java.io.IOException;
+import java.time.temporal.ChronoUnit;
+import java.util.Map;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
+
+
+public class PasswordGrantAuthenticationSuccessHandler
+        implements org.springframework.security.web.authentication.AuthenticationSuccessHandler {
+
+    private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter =
+            new OAuth2AccessTokenResponseHttpMessageConverter();
+
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+                                 Authentication authentication) throws IOException, ServletException {
+
+        OAuth2AccessTokenAuthenticationToken accessTokenAuthentication =
+                (OAuth2AccessTokenAuthenticationToken) authentication;
+
+        OAuth2AccessToken accessToken = accessTokenAuthentication.getAccessToken();
+        OAuth2RefreshToken refreshToken = accessTokenAuthentication.getRefreshToken();
+        Map<String, Object> additionalParameters = accessTokenAuthentication.getAdditionalParameters();
+
+        OAuth2AccessTokenResponse.Builder builder =
+                OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue())
+                        .tokenType(accessToken.getTokenType())
+                        .scopes(accessToken.getScopes());
+        if (accessToken.getIssuedAt() != null && accessToken.getExpiresAt() != null) {
+            builder.expiresIn(ChronoUnit.SECONDS.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()));
+        }
+        if (refreshToken != null) {
+            builder.refreshToken(refreshToken.getTokenValue());
+        }
+        if (!CollectionUtils.isEmpty(additionalParameters)) {
+            builder.additionalParameters(additionalParameters);
+        }
+        OAuth2AccessTokenResponse accessTokenResponse = builder.build();
+        ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response);
+
+        AuthCookieUtils.SameSite sameSite = AuthCookieUtils.SameSite.Strict;
+        if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isAllowCredentials()) {
+            sameSite = AuthCookieUtils.SameSite.None;
+        }
+
+        final ResponseCookie cookieToken = AuthCookieUtils.createCookie(
+                OAuth2TokenType.ACCESS_TOKEN.getValue(), accessTokenResponse.getAccessToken().getTokenValue(), -1, sameSite);
+        response.setHeader(HttpHeaders.SET_COOKIE, cookieToken.toString());
+
+        this.accessTokenHttpResponseConverter.write(accessTokenResponse, null, httpResponse);
+    }
+}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKAuthenticationKeyGenerator.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKAuthenticationKeyGenerator.java
deleted file mode 100644
index a268640b..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKAuthenticationKeyGenerator.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package com.bbn.marti.oauth;
-
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator;
-
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.UUID;
-
-public class TAKAuthenticationKeyGenerator extends DefaultAuthenticationKeyGenerator {
-
-    private final String KEY = "key";
-    private final String NONCE = "nonce";
-
-    @Override
-    public String extractKey(final OAuth2Authentication authentication) {
-        final Map<String, String> values = new LinkedHashMap<>(2);
-        values.put(KEY, super.extractKey(authentication));
-        values.put(NONCE, UUID.randomUUID().toString());
-        return generateKey(values);
-    }
-}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKClientDetailsService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKClientDetailsService.java
deleted file mode 100644
index 319e122b..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKClientDetailsService.java
+++ /dev/null
@@ -1,105 +0,0 @@
-package com.bbn.marti.oauth;
-
-import com.bbn.marti.config.Oauth;
-import com.bbn.marti.remote.CoreConfig;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.security.oauth2.provider.ClientRegistrationException;
-import org.springframework.security.oauth2.provider.client.BaseClientDetails;
-
-
-public class TAKClientDetailsService implements ClientDetailsService {
-
-
-    public final static String defaultClientId = "TAK";
-    private final String defaultScope = "rw"; // not checking for scope yet but need value
-    private final String defaultResourceIds = "";
-    private final String defaultRedirectUri = "";
-    private final String defaultSecret = "";
-    private final String defaultAuthorities = "ROLE_ANONYMOUS";
-    private final int defaultAccessTokenValiditySeconds = 86400; // 24 hrs
-    private final int defaultRefreshTokenValiditySeconds = 86400; // 24 hrs
-    private final String defaultGrantTypes = "password,client_credentials";
-    private CoreConfig coreConfig;
-
-    @Override
-    public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
-
-        String scope = defaultScope;
-        String resourceIds = defaultResourceIds;
-        String redirectUri = defaultRedirectUri;
-        String secret = defaultSecret;
-        String authorities = defaultAuthorities;
-        String grantTypes = defaultGrantTypes;
-        int accessTokenValiditySeconds = defaultAccessTokenValiditySeconds;
-		int refreshTokenValiditySeconds = accessTokenValiditySeconds;
-
-        Oauth.Client clientConfig = loadClientFromConfig(clientId);
-        if (clientConfig != null) {
-            if (clientConfig.getScope() != null) { scope = clientConfig.getScope(); }
-            if (clientConfig.getResourceIds() != null) { resourceIds = clientConfig.getResourceIds(); }
-            if (clientConfig.getRedirectUri() != null) { redirectUri = clientConfig.getRedirectUri(); }
-            if (clientConfig.getSecret() != null) { secret = clientConfig.getSecret(); }
-            if (clientConfig.getAuthorities() != null) { authorities = clientConfig.getAuthorities(); }
-            if (clientConfig.getRefreshTokenValidity() != null) { refreshTokenValiditySeconds = clientConfig.getRefreshTokenValidity(); }
-            if (clientConfig.getAuthorizedGrantTypes() != null) { grantTypes = clientConfig.getAuthorizedGrantTypes(); }
-        } else {
-            clientId = defaultClientId;
-        }
-		
-		if (coreConfig() != null && coreConfig().getRemoteConfiguration() != null) {
-			accessTokenValiditySeconds = coreConfig().getRemoteConfiguration().getNetwork().getHttpSessionTimeoutMinutes() * 60;
-			refreshTokenValiditySeconds = accessTokenValiditySeconds;
-		}
-
-        BaseClientDetails clientDetails = new BaseClientDetails(
-                clientId, resourceIds, scope, grantTypes,authorities, redirectUri);
-        clientDetails.setClientSecret(secret);
-        clientDetails.setAccessTokenValiditySeconds(accessTokenValiditySeconds);
-        clientDetails.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds);
-
-        return clientDetails;
-    }
-
-    private Oauth.Client loadClientFromConfig(String clientId) {
-        if (oauthConfig() == null || oauthConfig().getClient() == null) {
-            return null;
-        }
-
-        for (Oauth.Client client : oauthConfig().getClient()) {
-            if (clientId.compareTo(client.getClientId()) == 0) {
-                return client;
-            }
-        }
-
-        return null;
-    }
-
-    private Oauth oauthConfig() {
-        if (coreConfig() == null ||
-            coreConfig().getRemoteConfiguration() == null ||
-            coreConfig().getRemoteConfiguration().getAuth()  == null ||
-            coreConfig().getRemoteConfiguration().getAuth().getOauth() == null) {
-            return null;
-        }
-
-        return coreConfig().getRemoteConfiguration().getAuth().getOauth();
-    }
-
-    private CoreConfig coreConfig() {
-        if (coreConfig != null) {
-            return coreConfig;
-        }
-        try {
-            synchronized (this) {
-                if (SpringContextBeanForApi.getSpringContext() != null) {
-                    coreConfig = SpringContextBeanForApi.getSpringContext().getBean(CoreConfig.class);
-                }
-                return coreConfig;
-            }
-        } catch (Exception e) {
-            return null;
-        }
-    }
-}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKJwtAccessTokenConverter.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKJwtAccessTokenConverter.java
deleted file mode 100644
index 50e72258..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKJwtAccessTokenConverter.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package com.bbn.marti.oauth;
-
-import com.bbn.marti.jwt.JwtUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
-
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-public class TAKJwtAccessTokenConverter extends JwtAccessTokenConverter {
-
-    private static final Logger logger = LoggerFactory.getLogger(TAKJwtAccessTokenConverter.class);
-
-    public TAKJwtAccessTokenConverter() {
-        try {
-            PublicKey publicKey = JwtUtils.getInstance().getPublicKey();
-            PrivateKey privateKey = JwtUtils.getInstance().getPrivateKey();
-            setKeyPair(new KeyPair(publicKey, privateKey));
-        } catch (Exception e) {
-            logger.error("exception in TAKJwtAccessTokenConverter!", e);
-        }
-    }
-
-}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKTokenStore.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKTokenStore.java
deleted file mode 100644
index dbca706d..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TAKTokenStore.java
+++ /dev/null
@@ -1,109 +0,0 @@
-package com.bbn.marti.oauth;
-
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.OAuth2RefreshToken;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.token.TokenStore;
-import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
-import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
-
-import javax.sql.DataSource;
-import java.sql.SQLException;
-import java.util.Collection;
-
-
-public class TAKTokenStore implements TokenStore {
-
-    private static TokenStore tokenStore;
-
-    private static TokenStore tokenStore() {
-        if (tokenStore != null) {
-            return tokenStore;
-        }
-
-        boolean connected = true;
-
-        DataSource dataSource = SpringContextBeanForApi.getSpringContext().getBean(DataSource.class);
-        try {
-            dataSource.getConnection();
-        } catch (SQLException e) {
-            connected = false;
-        }
-
-        if (connected) {
-            tokenStore = new JdbcTokenStore(dataSource);
-            ((JdbcTokenStore)tokenStore).setAuthenticationKeyGenerator(new TAKAuthenticationKeyGenerator());
-        } else {
-            tokenStore = new InMemoryTokenStore();
-            ((InMemoryTokenStore)tokenStore).setAuthenticationKeyGenerator(new TAKAuthenticationKeyGenerator());
-        }
-
-        return tokenStore;
-    }
-
-    @Override
-    public OAuth2Authentication readAuthentication(OAuth2AccessToken token) {
-        return tokenStore().readAuthentication(token);
-    }
-
-    @Override
-    public OAuth2Authentication readAuthentication(String token) {
-        return tokenStore().readAuthentication(token);
-    }
-
-    @Override
-    public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
-        tokenStore().storeAccessToken(token, authentication);
-    }
-
-    @Override
-    public OAuth2AccessToken readAccessToken(String tokenValue) {
-        return tokenStore().readAccessToken(tokenValue);
-    }
-
-    @Override
-    public void removeAccessToken(OAuth2AccessToken token) {
-        tokenStore().removeAccessToken(token);
-    }
-
-    @Override
-    public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
-        tokenStore().storeRefreshToken(refreshToken, authentication);
-    }
-
-    @Override
-    public OAuth2RefreshToken readRefreshToken(String tokenValue) {
-        return tokenStore().readRefreshToken(tokenValue);
-    }
-
-    @Override
-    public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) {
-        return tokenStore().readAuthenticationForRefreshToken(token);
-    }
-
-    @Override
-    public void removeRefreshToken(OAuth2RefreshToken token) {
-        tokenStore().removeRefreshToken(token);
-    }
-
-    @Override
-    public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken) {
-        tokenStore().removeAccessTokenUsingRefreshToken(refreshToken);
-    }
-
-    @Override
-    public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
-        return tokenStore().getAccessToken(authentication);
-    }
-
-    @Override
-    public Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String clientId, String userName) {
-        return tokenStore().findTokensByClientIdAndUserName(clientId, userName);
-    }
-
-    @Override
-    public Collection<OAuth2AccessToken> findTokensByClientId(String clientId) {
-        return tokenStore().findTokensByClientId(clientId);
-    }
-}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TokenApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TokenApi.java
deleted file mode 100644
index dfa32ffb..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/oauth/TokenApi.java
+++ /dev/null
@@ -1,176 +0,0 @@
-package com.bbn.marti.oauth;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.List;
-import javax.servlet.http.HttpServletRequest;
-
-import com.fasterxml.jackson.annotation.JsonFormat;
-import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.SignatureAlgorithm;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
-import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
-import org.springframework.web.bind.annotation.*;
-
-import com.bbn.marti.config.Oauth;
-import com.bbn.marti.cot.search.model.ApiResponse;
-import com.bbn.marti.jwt.JwtUtils;
-import com.bbn.marti.network.BaseRestController;
-import com.bbn.marti.remote.CoreConfig;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-import tak.server.Constants;
-
-
-@RestController
-public class TokenApi extends BaseRestController {
-
-    public static final Logger logger = LoggerFactory.getLogger(TokenApi.class);
-
-    @Autowired
-    private TAKTokenStore takTokenStore;
-
-    @Autowired
-    DefaultTokenServices defaultTokenServices;
-
-    private CoreConfig coreConfig;
-
-    public class TokenResult implements Serializable {
-        private String clientId;
-        private String token;
-        private String username;
-        private Date expires;
-
-        public String getClientId() { return clientId; }
-        public void setClientId(String clientId) { this.clientId = clientId; }
-
-        public String getToken() { return token; }
-        public void setToken(String token) { this.token = token; }
-
-        public String getUsername() { return username; }
-        public void setUsername(String username) { this.username = username; }
-
-        @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = Constants.COT_DATE_FORMAT)
-        public Date getExpires() { return expires; }
-        public void setExpires(Date expires) { this.expires = expires; }
-    }
-
-    private Oauth oauthConfig() {
-        if (coreConfig() == null ||
-                coreConfig().getRemoteConfiguration() == null ||
-                coreConfig().getRemoteConfiguration().getAuth()  == null ||
-                coreConfig().getRemoteConfiguration().getAuth().getOauth() == null) {
-            return null;
-        }
-
-        return coreConfig().getRemoteConfiguration().getAuth().getOauth();
-    }
-
-    private CoreConfig coreConfig() {
-        if (coreConfig != null) {
-            return coreConfig;
-        }
-        try {
-            synchronized (this) {
-                if (SpringContextBeanForApi.getSpringContext() != null) {
-                    coreConfig = SpringContextBeanForApi.getSpringContext().getBean(CoreConfig.class);
-                }
-                return coreConfig;
-            }
-        } catch (Exception e) {
-            return null;
-        }
-    }
-
-    private List<String> loadClientIdsFromConfig() {
-        List<String> results = new ArrayList<>();
-        if (oauthConfig() == null || oauthConfig().getClient() == null) {
-            return null;
-        }
-
-        for (Oauth.Client client : oauthConfig().getClient()) {
-            results.add(client.getClientId());
-        }
-
-        return results;
-    }
-
-    @RequestMapping(value = "/token/access", method = RequestMethod.GET)
-    public ApiResponse<String> getAccessToken(HttpServletRequest request) {
-        if (logger.isDebugEnabled()) {
-            logger.debug("in getAccessToken");
-        }
-
-        String token = null;
-        if (SecurityContextHolder.getContext().getAuthentication().getDetails()
-                instanceof OAuth2AuthenticationDetails) {
-            token = ((OAuth2AuthenticationDetails)SecurityContextHolder.getContext().
-                    getAuthentication().getDetails()).getTokenValue();
-        }
-
-        return new ApiResponse<String>(Constants.API_VERSION, String.class.getSimpleName(), token);
-    }
-
-    @RequestMapping(value = "/token", method = RequestMethod.GET)
-    public ApiResponse<List<TokenResult>> getAll(
-            @RequestParam(value = "expired", defaultValue = "false") boolean expired)  {
-
-        List<TokenResult> results = new ArrayList<>();
-        List<String> clientIds = new ArrayList<>(Arrays.asList(TAKClientDetailsService.defaultClientId));
-        List<String> clientIdsFromConfig = loadClientIdsFromConfig();
-        if (clientIdsFromConfig != null) {
-            clientIds.addAll(clientIdsFromConfig);
-        }
-
-        for (String clientId : clientIds) {
-
-            List<OAuth2AccessToken> tokens = new ArrayList<>(takTokenStore.findTokensByClientId(clientId));
-            for (OAuth2AccessToken token : tokens) {
-
-                if (token.isExpired() && !expired) {
-                    continue;
-                }
-
-                Claims claims = JwtUtils.getInstance().parseClaims(token.getValue(), SignatureAlgorithm.RS256);
-
-                TokenResult result = new TokenResult();
-                result.setClientId(clientId);
-                result.setUsername((String) claims.get("user_name"));
-                result.setToken(token.getValue());
-                result.setExpires(token.getExpiration());
-
-                results.add(result);
-            }
-        }
-
-        return new ApiResponse<List<TokenResult>>(Constants.API_VERSION, TokenResult.class.getSimpleName(), results);
-    }
-
-    @RequestMapping(value = "/token/{token}", method = RequestMethod.DELETE)
-    public void revokeToken(@PathVariable("token") String token) {
-        try {
-            defaultTokenServices.revokeToken(token);
-        } catch (Exception e) {
-            logger.error("exception in revokeToken!", e);
-        }
-    }
-
-    @RequestMapping(value = "/token/revoke/{tokens}", method = RequestMethod.DELETE)
-    public void revokeTokens(
-            @PathVariable("tokens") String tokens) throws IOException {
-        try {
-            for (String token : Arrays.asList(tokens.split(","))) {
-                defaultTokenServices.revokeToken(token);
-            }
-        } catch (Exception e) {
-            logger.error("exception in revokeTokens!", e);
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/service/kml/AbstractKmlIconStrategy.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/service/kml/AbstractKmlIconStrategy.java
index 95fbd589..a960aca7 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/service/kml/AbstractKmlIconStrategy.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/service/kml/AbstractKmlIconStrategy.java
@@ -147,14 +147,14 @@ protected Association<String, String> assignIcon2525B(CotElement qr) {
 
         String detailText = qr.detailtext;
 
-        if(detailText != null && detailText.contains("_medevac_")) {
+        if (detailText != null && detailText.contains("_medevac_")) {
             styleUrl = "medevac";
             
             medevac = true;
-        } else if(detailText != null && detailText.contains("__group")) {
+        } else if (detailText != null && detailText.contains("__group")) {
            try {
             DetailElement detailElem = new Persister().read(DetailElement.class, detailText);
-            if(detailElem != null && detailElem.group != null && detailElem.group.name != null) {
+            if (detailElem != null && detailElem.group != null && detailElem.group.name != null) {
                 
                styleUrl = detailElem.group.name.toLowerCase();
                
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/service/kml/KmlIconStrategyJaxb.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/service/kml/KmlIconStrategyJaxb.java
index b454fb48..f3a82edc 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/service/kml/KmlIconStrategyJaxb.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/service/kml/KmlIconStrategyJaxb.java
@@ -2,12 +2,12 @@
 
 package com.bbn.marti.service.kml;
 
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBException;
+import jakarta.xml.bind.Unmarshaller;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
 
 import org.springframework.context.annotation.Primary;
 import org.springframework.stereotype.Component;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/swaggerconfig/SwaggerAuthorizationFilter.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/swaggerconfig/SwaggerAuthorizationFilter.java
index 7c7a5a97..f4f179cd 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/swaggerconfig/SwaggerAuthorizationFilter.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/swaggerconfig/SwaggerAuthorizationFilter.java
@@ -2,21 +2,20 @@
 
 import com.bbn.marti.config.Docs;
 import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.remote.exception.UnauthorizedException;
 import com.bbn.marti.util.CommonUtil;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 public class SwaggerAuthorizationFilter extends OncePerRequestFilter {
 
-    CoreConfig coreConfig;
     CommonUtil martiUtil;
 
     @Override
@@ -32,11 +31,11 @@ protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res,
 
     public synchronized boolean adminOnly() {
 
-        if (coreConfig() == null) {
+        if (CoreConfigFacade.getInstance() == null) {
             return true;
         }
 
-        Docs docs = coreConfig().getRemoteConfiguration().getDocs();
+        Docs docs = CoreConfigFacade.getInstance().getRemoteConfiguration().getDocs();
 
         if (docs == null) {
             return true;
@@ -45,19 +44,6 @@ public synchronized boolean adminOnly() {
         return docs.isAdminOnly();
     }
 
-    private CoreConfig coreConfig() {
-        if (coreConfig == null) {
-            synchronized(this) {
-                if (coreConfig == null) {
-                    if (SpringContextBeanForApi.getSpringContext() != null) {
-                        coreConfig = SpringContextBeanForApi.getSpringContext().getBean(CoreConfig.class);
-                    }
-                }
-            }
-        }
-        return coreConfig;
-    }
-
     private CommonUtil martiUtil() {
         if (martiUtil == null) {
             synchronized(this) {
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/ContentServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/ContentServlet.java
index 7480e9b6..20ee3153 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/ContentServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/ContentServlet.java
@@ -11,12 +11,12 @@
 import java.util.logging.Logger;
 
 import javax.naming.NamingException;
-import javax.servlet.AsyncContext;
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.AsyncContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang3.StringUtils;
 import org.owasp.esapi.errors.IntrusionException;
@@ -125,7 +125,7 @@ private void getResource(AsyncContext async, HttpMethod method) throws ServletEx
 			}
 
 			String mimeType = match.getFirst(Metadata.Field.MIMEType);
-			if(validator != null && validator.isValidInput("MIME Type", mimeType, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false)) {
+			if (validator != null && validator.isValidInput("MIME Type", mimeType, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false)) {
 				// Set MIME type of HTTP response
 				if (response.containsHeader("Content-Type")) {
 					response.setHeader("Content-Type", mimeType);
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/DeleteServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/DeleteServlet.java
index e001a886..b041658c 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/DeleteServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/DeleteServlet.java
@@ -13,9 +13,9 @@
 import java.util.logging.Logger;
 
 import javax.naming.NamingException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang3.StringUtils;
 import org.owasp.esapi.errors.IntrusionException;
@@ -136,7 +136,7 @@ protected void doDelete(HttpServletRequest request, HttpServletResponse response
 				    // delete by primary key
 				    enterpriseSyncService.delete(toDelete, groupVector);
 				} else {
-					if(log.isLoggable(Level.FINEST)) {
+					if (log.isLoggable(Level.FINEST)) {
 						log.finest("delete by hash" + StringUtils.normalizeSpace(hash));
 					}
 				    // delete by hash
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/EnterpriseSyncCacheHelper.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/EnterpriseSyncCacheHelper.java
index c89a66cf..f09feab3 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/EnterpriseSyncCacheHelper.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/EnterpriseSyncCacheHelper.java
@@ -9,6 +9,7 @@
 
 import javax.sql.DataSource;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -32,9 +33,6 @@ public class EnterpriseSyncCacheHelper {
 
 	private com.github.benmanes.caffeine.cache.Cache<String, FileWrapper> caffeineFileCache = null;
 
-	@Autowired
-	private CoreConfig config;
-
 	private org.springframework.cache.Cache springFileCache = null;
 
 	@Autowired
@@ -55,13 +53,13 @@ public class EnterpriseSyncCacheHelper {
 	@EventListener({ContextRefreshedEvent.class})
 	public void init() {
 
-		clusterConfig = config.getRemoteConfiguration().getCluster();
+		clusterConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster();
 
 		// 0 means false, disable esync cache
-		if (config.getRemoteConfiguration().getNetwork().getEsyncEnableCache() == 0) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEsyncEnableCache() == 0) {
 			esyncEnableCache = false;
 			logger.info("file cache explicity disabled.");
-		} else if (config.getRemoteConfiguration().getNetwork().getEsyncEnableCache() > 0) {
+		} else if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEsyncEnableCache() > 0) {
 			// positive value means true, enable cache
 			esyncEnableCache = true;
 			logger.info("file cache explicity enabled.");
@@ -78,11 +76,12 @@ public void init() {
 			springFileCache = cacheManager.getCache(Constants.ENTERPRISE_SYNC_CACHE_NAME);
 		} else {
 			caffeineFileCache = Caffeine.newBuilder()
-					.expireAfterWrite(config.getCachedConfiguration().getBuffer().getQueue().getCaffeineFileCacheSeconds(), TimeUnit.SECONDS)
+					.expireAfterWrite(CoreConfigFacade.getInstance().getCachedConfiguration().getBuffer().getQueue().getCaffeineFileCacheSeconds(), TimeUnit.SECONDS)
 					.build();
 		}
 
-		logger.info("Initialzed EnterpriseSyncCacheHelper with file cache TTL {} seconds. Implementation: {}", String.valueOf(config.getCachedConfiguration().getBuffer().getQueue().getCaffeineFileCacheSeconds()), isCacheSpring() ? "ignite" : "caffeine");
+		logger.info("Initialzed EnterpriseSyncCacheHelper with file cache TTL {} seconds. Implementation: {}",
+				String.valueOf(CoreConfigFacade.getInstance().getCachedConfiguration().getBuffer().getQueue().getCaffeineFileCacheSeconds()), isCacheSpring() ? "ignite" : "caffeine");
 	}
 
 	// get file. If not found, query the database to fetch it.
@@ -108,7 +107,7 @@ public FileWrapper getFileByHash(String hash) {
 		}
 
 		Semaphore lock = null;
-		
+
 		try {
 			// only lock on cache miss. block to acquire semaphore.
 			lock = getResourceLock(hash);
@@ -150,7 +149,7 @@ public FileWrapper getFileByHash(String hash) {
 
 	// get from cache, if miss return null
 	private FileWrapper getFileFromCache(String hash) {
-		
+
 		// spring (ignite) cache 
 		if (isCacheSpring()) {
 			ValueWrapper valueWrapper = springFileCache.get(hash);
@@ -163,7 +162,7 @@ private FileWrapper getFileFromCache(String hash) {
 
 			if (value instanceof FileWrapper) {
 				return (FileWrapper) value;
-			} 
+			}
 
 			throw new IllegalArgumentException("invalid cached object type " + value.getClass().toString());
 		}
@@ -182,7 +181,7 @@ private FileWrapper getFileFromDB(String hash) {
 
 		try (Connection connection = dataSource.getConnection(); PreparedStatement query = queryHelper.prepareStatement(
 				"SELECT data, groups FROM resource r WHERE hash = ? ORDER BY submissionTime;", connection)) {
-			
+
 			query.setString(1, hash.toLowerCase());
 			logger.debug("getFileFromDB Executing SQL: {}",  query.toString());
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/EnterpriseSyncServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/EnterpriseSyncServlet.java
index a0273fd2..69f4695f 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/EnterpriseSyncServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/EnterpriseSyncServlet.java
@@ -2,8 +2,8 @@
 
 package com.bbn.marti.sync;
 
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletConfig;
+import jakarta.servlet.ServletException;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/FileList.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/FileList.java
index e54f7443..d5024731 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/FileList.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/FileList.java
@@ -11,7 +11,7 @@
 import java.util.Map;
 
 import javax.naming.NamingException;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.errors.IntrusionException;
@@ -23,7 +23,7 @@
 import com.bbn.marti.dao.kml.JDBCCachingKMLDao;
 import com.bbn.marti.sync.Metadata.Field;
 import com.bbn.marti.util.CommonUtil;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.google.common.base.Strings;
 
 // used by EnterpriseSync.jsp
@@ -148,11 +148,11 @@ public void writeFilesHtml(Writer out, HttpServletRequest request) {
 					if (size == null ) {
 						out.write("Unknown");
 					} else {
-						if(size < 1024) {
+						if (size < 1024) {
 							out.write(size + "B");
-                        } else if(size < MBYTES) {
+                        } else if (size < MBYTES) {
 							out.write((size/KBYTES) + "kB");
-                        } else if(size < GBYTES) {
+                        } else if (size < GBYTES) {
 							out.write(size/MBYTES + "MB");
                         } else {
 							out.write(size/GBYTES + "GB");
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/JDBCEnterpriseSyncService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/JDBCEnterpriseSyncService.java
index 408473bd..dc0e8923 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/JDBCEnterpriseSyncService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/JDBCEnterpriseSyncService.java
@@ -36,6 +36,7 @@
 import javax.naming.NamingException;
 import javax.sql.DataSource;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.commons.lang.StringUtils;
 import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.IntrusionException;
@@ -81,14 +82,11 @@ public class JDBCEnterpriseSyncService implements EnterpriseSyncService {
 	@Autowired
 	private CacheManager cacheManager;
 
-	@Autowired
-	private CoreConfig coreConfig;
-
 	@Autowired
 	private CommonUtil commonUtil;
 
 	private Cluster clusterConfig;
-	
+
 	@Autowired
 	private RemoteUtil remoteUtil;
 
@@ -96,19 +94,19 @@ public class JDBCEnterpriseSyncService implements EnterpriseSyncService {
 
 	@Autowired(required = false)
 	private RetentionPolicyConfig retentionPolicyConfig;
-	
+
 	@Autowired
-	private EnterpriseSyncCacheHelper enterpriseSyncCacheHelper; 
+	private EnterpriseSyncCacheHelper enterpriseSyncCacheHelper;
 
 	@EventListener({ContextRefreshedEvent.class})
 	public void init() throws RemoteException {
-		clusterConfig = coreConfig.getRemoteConfiguration().getCluster();
+		clusterConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster();
 
 		// 0 means false, disable esync cache
-		if (coreConfig.getRemoteConfiguration().getNetwork().getEsyncEnableCache() == 0) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEsyncEnableCache() == 0) {
 			esyncEnableCache = false;
 			logger.info("file cache explicity disabled.");
-		} else if (coreConfig.getRemoteConfiguration().getNetwork().getEsyncEnableCache() > 0) {
+		} else if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEsyncEnableCache() > 0) {
 			// positive value means true, enable cache
 			esyncEnableCache = true;
 			logger.info("file cache explicity enabled.");
@@ -144,7 +142,7 @@ public enum Column {
 		octet_length(StoredType.integer),
 		creatoruid(StoredType.string),
 		tool(StoredType.string),
-	    expiration(StoredType.integer);
+		expiration(StoredType.integer);
 
 		public final StoredType type;
 
@@ -335,10 +333,10 @@ public Metadata insertResource(Metadata metadata, byte[] content, String groupVe
 			content = validator.getValidFileContent("Storing resource content to DB", content, content.length, false);
 		}
 
-		if (coreConfig.getRemoteConfiguration().getNetwork().isEsyncEnableCotFilter()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isEsyncEnableCotFilter()) {
 			try {
 				if (Arrays.asList(metadata.getKeywords()).contains("missionpackage")) {
-					String cotFilter = coreConfig.getRemoteConfiguration().getNetwork().getEsyncCotFilter();
+					String cotFilter = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEsyncCotFilter();
 					if (!Strings.isNullOrEmpty(cotFilter)) {
 						content = DataPackageFileBlocker.blockCoT(metadata, content, cotFilter);
 						if (content == null) {
@@ -351,7 +349,7 @@ public Metadata insertResource(Metadata metadata, byte[] content, String groupVe
 			}
 		}
 
-		if(metadata.getHash().isEmpty()) {
+		if (metadata.getHash().isEmpty()) {
 			log.fine("No Hash provided, generating one.");
 			// Compute the SHA-256 hash
 			MessageDigest msgDigest = null;
@@ -460,69 +458,69 @@ public Metadata insertResourceStreamUID(Metadata metadata, InputStream contentSt
 				int columnIndex = 2;
 				for (TypeValuePair toStore : metadataColumns) {
 					switch (toStore.type) {
-					case decimal:
-						if (toStore.value == null) {
-							statement.setNull(columnIndex, java.sql.Types.DECIMAL);
-						} else {
-							double number = Double.parseDouble(((String[])toStore.value)[0]);
-							statement.setDouble(columnIndex, number);
-						}
-						break;
-					case geometry:
-						// Should not be present in columnToFieldMap, so forget it
-						break;
-					case integer:
-						if (toStore.value == null) {
-							statement.setNull(columnIndex, java.sql.Types.INTEGER);
-						} else {
-							statement.setInt(columnIndex, Integer.parseInt(((String[])toStore.value)[0]));
-						}
-						break;
-					case string:
-						if (toStore.value == null) {
-							statement.setNull(columnIndex, java.sql.Types.VARCHAR);
-						} else {
-							statement.setString(columnIndex, ((String[])toStore.value)[0]);
-						}
-						break;
-					case stringArray:
-						if (toStore.value == null) {
-							statement.setNull(columnIndex, java.sql.Types.ARRAY);
-						} else {
-							statement.setArray(columnIndex,
-									queryHelper.createArrayOf("varchar", (String[])toStore.value, connection));
-						}
-						break;
-					case timestamp:
-						if (toStore.value == null) {
-							statement.setNull(columnIndex, java.sql.Types.TIMESTAMP);
-						} else {
+						case decimal:
+							if (toStore.value == null) {
+								statement.setNull(columnIndex, java.sql.Types.DECIMAL);
+							} else {
+								double number = Double.parseDouble(((String[])toStore.value)[0]);
+								statement.setDouble(columnIndex, number);
+							}
+							break;
+						case geometry:
+							// Should not be present in columnToFieldMap, so forget it
+							break;
+						case integer:
+							if (toStore.value == null) {
+								statement.setNull(columnIndex, java.sql.Types.INTEGER);
+							} else {
+								statement.setInt(columnIndex, Integer.parseInt(((String[])toStore.value)[0]));
+							}
+							break;
+						case string:
+							if (toStore.value == null) {
+								statement.setNull(columnIndex, java.sql.Types.VARCHAR);
+							} else {
+								statement.setString(columnIndex, ((String[])toStore.value)[0]);
+							}
+							break;
+						case stringArray:
+							if (toStore.value == null) {
+								statement.setNull(columnIndex, java.sql.Types.ARRAY);
+							} else {
+								statement.setArray(columnIndex,
+										queryHelper.createArrayOf("varchar", (String[])toStore.value, connection));
+							}
+							break;
+						case timestamp:
+							if (toStore.value == null) {
+								statement.setNull(columnIndex, java.sql.Types.TIMESTAMP);
+							} else {
 
-							SimpleDateFormat sdf = new SimpleDateFormat(Constants.COT_DATE_FORMAT);
+								SimpleDateFormat sdf = new SimpleDateFormat(Constants.COT_DATE_FORMAT);
 
-							sdf.setTimeZone(new SimpleTimeZone(0, "UTC"));
+								sdf.setTimeZone(new SimpleTimeZone(0, "UTC"));
 
-							try {
+								try {
 
-								if (logger.isDebugEnabled()) {
-									logger.debug("timestamp type " + toStore.value.getClass().getName() + " value: " + toStore.value);
-								}
+									if (logger.isDebugEnabled()) {
+										logger.debug("timestamp type " + toStore.value.getClass().getName() + " value: " + toStore.value);
+									}
 
-								String submissionTime = ((String[]) toStore.value)[0];
+									String submissionTime = ((String[]) toStore.value)[0];
 
-								if (!Strings.isNullOrEmpty(submissionTime)) {
+									if (!Strings.isNullOrEmpty(submissionTime)) {
 
-									Timestamp ts = new Timestamp(sdf.parse(submissionTime).getTime());
+										Timestamp ts = new Timestamp(sdf.parse(submissionTime).getTime());
 
-									statement.setTimestamp(columnIndex, ts);
+										statement.setTimestamp(columnIndex, ts);
+									}
+								} catch (Exception e) {
+									log.fine("exception storing timestamp " + e.getMessage());
 								}
-							} catch (Exception e) {
-								log.fine("exception storing timestamp " + e.getMessage());
 							}
-						}
-						break;
-					default:
-						throw new IllegalArgumentException("Cannot store type " + toStore.type.toString());
+							break;
+						default:
+							throw new IllegalArgumentException("Cannot store type " + toStore.type.toString());
 					}
 					columnIndex++;
 				}
@@ -649,7 +647,7 @@ private Metadata insertResource(Metadata metadata, InputStream contentStream, lo
 		}
 
 		commonUtil.validateMetadata(metadata);
-		
+
 		try {
 			StringBuilder queryBuilder = new StringBuilder();
 			List<TypeValuePair> metadataColumns = new LinkedList<TypeValuePair>();
@@ -1075,7 +1073,7 @@ public SortedMap<String, List<Metadata>> search(Double minimumAltitude,
 				if (spatialConstraints != null) {
 					if (atleastOne) {
 						sqlQuery.append("AND ");
-                    }
+					}
 					if (spatialConstraints instanceof PGbox) {
 						PGpoint[] points = ((PGbox) spatialConstraints).point;
 						sqlQuery.append("ST_SetSRID(ST_MakeBox2D(ST_Point(");
@@ -1333,16 +1331,16 @@ public byte[] getContentByHash(String hash, String groupVector) throws SQLExcept
 		if (Strings.isNullOrEmpty(groupVector)) {
 			throw new IllegalArgumentException("empty group vector");
 		}
-		
+
 		FileWrapper file = enterpriseSyncCacheHelper.getFileByHash(hash);
-		
+
 		logger.debug("get file {} {} ", hash, (file == null || file.getContents() == null) ? "not found" : (file.getContents().length + " bytes"));
-		
+
 		// not found
 		if (file == null || file.getContents() == null) {
 			return null;
 		}
-		
+
 		if (Strings.isNullOrEmpty(file.getGroupVector())) {
 			throw new IllegalArgumentException("empty group vector in file for hash " + hash);
 		}
@@ -1351,11 +1349,11 @@ public byte[] getContentByHash(String hash, String groupVector) throws SQLExcept
 			// not allowed
 			return null;
 		}
-		
+
 		// found and allowed
 		return file.getContents();
 	}
-	
+
 	/**
 	 * Gets the content of an Enterprise Sync object. This searches the full resource table vs the latest resource
 	 * view. Latest resource is used to back the getContentByHash function and will only return a match for a hash
@@ -1658,5 +1656,5 @@ public boolean updateExpiration(String hash, Long expiration) throws
 	private boolean isCacheEsync() {
 		return esyncEnableCache || (clusterConfig.isEnabled() && clusterConfig.isKubernetes());
 	}
-	
+
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MetadataApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MetadataApi.java
index 207b6214..7c62bebb 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MetadataApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MetadataApi.java
@@ -2,7 +2,7 @@
 
 import java.rmi.RemoteException;
 import java.util.List;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.jetbrains.annotations.NotNull;
 import org.owasp.esapi.Validator;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MetadataServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MetadataServlet.java
index 5e0925a6..2690b729 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MetadataServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MetadataServlet.java
@@ -14,16 +14,17 @@
 import java.util.logging.Logger;
 
 import javax.naming.NamingException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang3.StringUtils;
 import org.owasp.esapi.errors.IntrusionException;
 import org.owasp.esapi.errors.ValidationException;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import com.bbn.marti.ValidatorUtils;
 import com.bbn.marti.util.CommonUtil;
 import com.bbn.security.web.SecurityUtils;
 
@@ -74,9 +75,13 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
     			for (RequestParameters parameter : RequestParameters.values()) {
     				optionalParameters.add(parameter.toString());
     			}
-    			validator.assertValidHTTPRequestParameterSet("MetadataServlet parameters", request, 
+//    			validator.assertValidHTTPRequestParameterSet("MetadataServlet parameters", request, 
+//    					new HashSet<String>(), // No required parameters
+//    					optionalParameters); // optional parameters // FIXME
+    			
+    			ValidatorUtils.assertValidHTTPRequestParameterSet("MetadataServlet parameters", request.getParameterMap().keySet(), 
     					new HashSet<String>(), // No required parameters
-    					optionalParameters); // optional parameters
+    					optionalParameters, validator); // optional parameters
     		}
     		
     		String requestHost = request.getRemoteHost();
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageCreatorServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageCreatorServlet.java
index 773500b5..26bca0b3 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageCreatorServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageCreatorServlet.java
@@ -17,12 +17,13 @@
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
 
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.Part;
+import jakarta.servlet.ServletConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Part;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.util.CommonUtil;
 import org.apache.commons.io.IOUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -35,26 +36,23 @@
 
 /**
  * Servlet that accepts POST requests (only) to upload mission packages to the
- * Enterprise Sync database. 
+ * Enterprise Sync database.
  *
  * Requires the parameters "senderuid", "hash", and "filename".
  */
 public class MissionPackageCreatorServlet extends EnterpriseSyncServlet {
 	public static final String SIZE_LIMIT_VARIABLE_NAME = "EnterpriseSyncSizeLimitMB";
 	private static final long serialVersionUID = -1782550124681449153L;
-	private static final String TAG = "Mission Package Creator Servlet: ";	
+	private static final String TAG = "Mission Package Creator Servlet: ";
 	private final static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(MissionPackageCreatorServlet.class);
 
-	@Autowired
-	private CoreConfig coreConfig;
-
 	@Autowired
 	private SubmissionInterface submission;
 
 	/**
 	 * Required parameter enum for posting a mission package.
 	 * the parameter string is the expected URL argument. The metadata field is where the parameter gets mapped to.
-	 * 
+	 *
 	 * A request is queried by iterating over all of the parameter strings in the enum, and emplacing the param value into the metadata field.
 	 * @note One of the parameters MUST map to a metdata uid field - getUid() is used to query the database for potential collisions.
 	 */
@@ -64,7 +62,7 @@ private static enum PostParameter {
 		private final String param; // string value of the param
 		private final Metadata.Field field; // metadata field that this param is entered into
 		private final boolean comp; // flag for indicating whether the param is to be used for distinguishing db-entries
-		private final String defaultValue; // value to be used for the db entry if a parameter is not given 
+		private final String defaultValue; // value to be used for the db entry if a parameter is not given
 
 		// protected constructor
 		PostParameter(String paramName, Metadata.Field metaField, boolean dbComparisonKey, String defaultValue) {
@@ -101,7 +99,7 @@ protected String getDefault() {
 	@Override
 	public void init(final ServletConfig config) throws ServletException {
 		super.init(config);
-		uploadSizeLimitMB = coreConfig.getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
+		uploadSizeLimitMB = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
 	}
 
 	@Override
@@ -117,7 +115,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
 	}
 
 	private static String ensureEndsIn(final String str, final String end) {
-		if(!str.endsWith(end))
+		if (!str.endsWith(end))
 			return str + end;
 		return str;
 	}
@@ -149,10 +147,10 @@ public static String getFileNameFromPart(final Part part) {
 	private static String[] getContacts(HttpServletRequest request) throws IOException, ServletException {
 		// Get the list of people to send an advertisement to (OPTIONAL)
 		String[] contacts = request.getParameterValues("contacts");
-		if(contacts == null || contacts.length == 0) {
+		if (contacts == null || contacts.length == 0) {
 			List<String> contactList = new LinkedList<String>();
 			for(Part part : request.getParts()) {
-				if(part.getName().equalsIgnoreCase("contacts")) {
+				if (part.getName().equalsIgnoreCase("contacts")) {
 					try(InputStream in = part.getInputStream()) {
 						StringWriter writer = new StringWriter();
 						IOUtils.copy(in, writer);
@@ -166,8 +164,8 @@ private static String[] getContacts(HttpServletRequest request) throws IOExcepti
 	}
 
 	@Override
-	public void doPost(HttpServletRequest request, HttpServletResponse response) 
-			throws ServletException, IOException 
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException
 	{
 
 		String groupVector = null;
@@ -196,13 +194,13 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
 			logger.debug("Uploading multi-part content with " + parts.size() + " parts.");
 			String firstFilename = null;
 			for(Part part : parts) {
-				if("assetfile".equalsIgnoreCase(part.getName()) ||
+				if ("assetfile".equalsIgnoreCase(part.getName()) ||
 						"resource".equalsIgnoreCase(part.getName()))
 				{
 					try (InputStream payloadIn = part.getInputStream()){
 						String filename = getFileNameFromPart(part);
-						if(firstFilename == null) firstFilename = filename;
-						if(filename != null && filename.length() > 0 && payloadIn != null) {
+						if (firstFilename == null) firstFilename = filename;
+						if (filename != null && filename.length() > 0 && payloadIn != null) {
 							zip.putNextEntry(new ZipEntry(filename));
 							IOUtils.copy(payloadIn, zip);
 							payloadIn.close();
@@ -257,7 +255,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
 
 			// Make sure the ZIP file ends in .zip
 			String zipFileName = toStore.getFirst(Metadata.Field.Name);
-			if(zipFileName == null || zipFileName.isEmpty()) {
+			if (zipFileName == null || zipFileName.isEmpty()) {
 				zipFileName = firstFilename + ".zip";
 			}
 			zipFileName = ensureEndsIn(zipFileName, ".zip");
@@ -276,7 +274,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
 			// Get contacts to send to
 			String[] contacts = getContacts(request);
 
-			if(contacts != null && contacts.length > 0) {
+			if (contacts != null && contacts.length > 0) {
 				logger.debug("Sending to the following contacts: " );
 				for(String contact : contacts) {
 					logger.debug(" `- " + contact);
@@ -285,9 +283,9 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
 				// Generate the CoT message
 				String cotMessage = CommonUtil.getFileTransferCotMessage(
 						/*String uid*/ shaHash, // yes: set the UID to be the hash, this makes it consistent with ATAK-generated mission packages
-						/*String shaHash*/ shaHash, 
+						/*String shaHash*/ shaHash,
 						/*String callsign*/  SecurityContextHolder.getContext().getAuthentication().getName(),
-						/*String filename*/ uploadedMetadata.getFirst(Metadata.Field.Name), 
+						/*String filename*/ uploadedMetadata.getFirst(Metadata.Field.Name),
 						/*String url*/ url,
 						/*long sizeInBytes*/ zippedBytes.length,
 						/*String[] contacts*/ contacts);
@@ -301,7 +299,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
 
 					logger.error("error submitting mission package announce message " + exi.getMessage());
 
-					response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, 
+					response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 							"Could not connect to Marti Core to send Mission Package to desired contacts.");
 					exi.printStackTrace();
 					return;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageQueryServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageQueryServlet.java
index 61f9e8fa..5cfb39bf 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageQueryServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageQueryServlet.java
@@ -15,16 +15,17 @@
 import java.util.logging.Logger;
 
 import javax.naming.NamingException;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.annotation.MultipartConfig;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.MultipartConfig;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.jetbrains.annotations.NotNull;
 import org.owasp.esapi.errors.ValidationException;
 
+import com.bbn.marti.ValidatorUtils;
 import com.google.common.base.Strings;
 
 /**
@@ -121,9 +122,8 @@ private void processRequest(HttpServletRequest request, HttpServletResponse resp
 		    
 			// validate all parameters -- enforces required/optional parameter presence, throws an exception if invalid
     		if (validator != null) {
-    			validator.assertValidHTTPRequestParameterSet("Mission package query", request,
-    					requiredParameters,
-    					optionalParameters);
+    			ValidatorUtils.assertValidHTTPRequestParameterSet("Mission package query", request.getParameterMap().keySet(), requiredParameters,
+    					optionalParameters, validator);
     		}
 
     		// map post parameters to metadata field entries
@@ -213,7 +213,7 @@ public static String getBaseUrl(@NotNull HttpServletRequest request) throws URIS
         String url = request.getRequestURL().toString();
         URI uri = new URI(url);
         baseUrl = uri.getScheme() + "://" + uri.getHost() + ":";
-        if(uri.getPort() == 8444) {
+        if (uri.getPort() == 8444) {
             baseUrl += 8443;
         } else {
             baseUrl += uri.getPort();
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageUploadServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageUploadServlet.java
index 49ea16fe..28c154ae 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageUploadServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/MissionPackageUploadServlet.java
@@ -14,26 +14,28 @@
 import java.util.logging.Logger;
 
 import javax.naming.NamingException;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.Part;
-
+import jakarta.servlet.ServletConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletInputStream;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Part;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.owasp.esapi.errors.ValidationException;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import com.bbn.marti.ValidatorUtils;
 import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.sync.Metadata.Field;
 import com.google.common.base.Strings;
 
 /**
  * Servlet that accepts POST requests (only) to upload mission packages to the
- * Enterprise Sync database. 
- * 
+ * Enterprise Sync database.
+ *
  * path: /Marti/sync/missionupload
  *
  */
@@ -41,28 +43,29 @@ public class MissionPackageUploadServlet extends UploadServlet {
 	public static final String SIZE_LIMIT_VARIABLE_NAME = "EnterpriseSyncSizeLimitMB";
 	private static final long serialVersionUID = -1782550124681449153L;
 	private static final String MISSION_PACKAGE_KEYWORD = "missionpackage";
-	private static final String TAG = "Mission Package Upload Servlet: ";	
+	private static final String TAG = "Mission Package Upload Servlet: ";
 	private static Set<String> optionalParameters = new HashSet<String>();
 	private static Set<String> requiredParameters = new HashSet<String>();
 
-	@Autowired
-	private CoreConfig coreConfig;
 
 	private static final org.slf4j.Logger logger = LoggerFactory.getLogger(MissionPackageUploadServlet.class);
 
 	static {
 		// static initializer for all required parameters
 		requiredParameters = new HashSet<String>(PostParameter.values().length);
-		requiredParameters.add("filename");
-
-		optionalParameters.add(Metadata.Field.CreatorUid.toString());
-		optionalParameters.add(Metadata.Field.Tool.toString());
-		optionalParameters.add(Metadata.Field.Hash.toString());
+		requiredParameters.add(PostParameter.FILENAME.getParameterString());
+
+		// clients may send a locally computed hash value that is ignored by TAK server
+		optionalParameters.add("hash");
+		optionalParameters.add(PostParameter.MIMETYPE.getParameterString());
+		optionalParameters.add(PostParameter.KEYWORD.getParameterString());
+		optionalParameters.add(PostParameter.TOOL.getParameterString());
+		optionalParameters.add(PostParameter.CREATORUID.getParameterString());
 	}
 	/**
 	 * Required parameter enum for posting a mission package.
 	 * the parameter string is the expected URL argument. The metadata field is where the parameter gets mapped to.
-	 * 
+	 *
 	 * A request is queried by iterating over all of the parameter strings in the enum, and emplacing the param value into the metadata field.
 	 * @note One of the parameters MUST map to a metdata uid field - getUid() is used to query the database for potential collisions.
 	 */
@@ -76,7 +79,7 @@ private static enum PostParameter {
 		private final String param; // string value of the param
 		private final Metadata.Field field; // metadata field that this param is entered into
 		private final boolean comp; // flag for indicating whether the param is to be used for distinguishing db-entries
-		private final String defaultValue; // value to be used for the db entry if a parameter is not given 
+		private final String defaultValue; // value to be used for the db entry if a parameter is not given
 
 		// protected constructor
 		PostParameter(String paramName, Metadata.Field metaField, boolean dbComparisonKey, String defaultValue) {
@@ -114,7 +117,7 @@ protected String getDefault() {
 	public void init(final ServletConfig config) throws ServletException {
 		super.init(config);
 
-		uploadSizeLimitMB = coreConfig.getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
+		uploadSizeLimitMB = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
 
 		logger.info("Enterprise Sync upload limit is " + uploadSizeLimitMB + " MB");
 
@@ -133,7 +136,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
 	}
 
 	@Override
-	public void doPost(HttpServletRequest request, HttpServletResponse response) 
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
 			throws ServletException, IOException {
 
 		String groupVector = null;
@@ -157,9 +160,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
 
 			// validate all parameters -- enforces required/optional parameter presence, throws an exception if invalid
 			if (validator != null) {
-				validator.assertValidHTTPRequestParameterSet("Mission package upload", request,
-						requiredParameters,
-						optionalParameters);
+				ValidatorUtils.assertValidHTTPRequestParameterSet("Mission package upload", request.getParameterMap().keySet(), requiredParameters,
+						optionalParameters, validator);
 			}
 
 			InputStream payloadInputStream = null ;
@@ -237,17 +239,23 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
 
 			// insert row in resource as stream, and use hash as uid (calculated by database)
 			metadataResult = enterpriseSyncService.insertResourceStreamUID(requestMetadata, payloadInputStream, groupVector, false);
-			
+
 			if (logger.isDebugEnabled()) {
 				logger.debug("result hash: " + metadataResult.getHash() + " uid: " + metadataResult.getUid());
 			}
-			
-			// if plugin classname is set, notify the plugin with the file upload event. The notification event will include the Metadata object and will not include the full byte[] payload.
-			String pluginClassnames[] = paramsMap.get(Metadata.Field.PluginClassName.name());
-			if (pluginClassnames != null) {
-				String pluginClassname = pluginClassnames[0]; // To be consistent with UploadServlet where we allow only 1 pluginClassname
-				logger.info("Notifying the plugin {} with file upload event", pluginClassname);
-				pluginManager.onFileUpload(pluginClassname, requestMetadata);
+
+			try {
+				// Notify plugins about the file upload event. The notification event will include the Metadata object and will not include the full byte[] payload.
+				String pluginClassname = null;
+				String pluginClassnames[] = paramsMap.get(Metadata.Field.PluginClassName.name());
+				if (pluginClassnames != null) {
+					pluginClassname = pluginClassnames[0];
+					logger.info("Notifying the plugin {} with file upload event", pluginClassname);
+				}
+
+				pluginManager.onFileUpload(pluginClassname, metadataResult);
+			} catch (Exception e) {
+				logger.error("exception calling pluginManager.onFileUpload", e);
 			}
 
 			// retrieve host name from request
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/SearchServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/SearchServlet.java
index 8524495e..94949079 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/SearchServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/SearchServlet.java
@@ -19,10 +19,10 @@
 import java.util.logging.Logger;
 
 import javax.naming.NamingException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang3.StringUtils;
 import org.json.simple.JSONArray;
@@ -34,6 +34,7 @@
 import org.postgresql.util.PGobject;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import com.bbn.marti.ValidatorUtils;
 import com.bbn.marti.util.CommonUtil;
 import com.bbn.marti.util.KmlUtils;
 import com.bbn.security.web.MartiValidatorConstants;
@@ -143,9 +144,10 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
 						"MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
 			}
  
-			validator.assertValidHTTPRequestParameterSet(context, request, 
+			ValidatorUtils.assertValidHTTPRequestParameterSet(context, request.getParameterMap().keySet(),
 					new HashSet<String>(), // no required parameters
-					optionalParameters);
+					optionalParameters, validator);
+			
 			for (String parameterName : request.getParameterMap().keySet()) {
 				for (String parameterValue : request.getParameterValues(parameterName)) {
 					RequestParameters recognizedParameter = RequestParameters.fromString(parameterName);
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/UploadServlet.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/UploadServlet.java
index d8d259a1..aa29e609 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/UploadServlet.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/UploadServlet.java
@@ -6,6 +6,7 @@
 import java.io.InputStream;
 import java.io.PrintWriter;
 import java.sql.SQLException;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -15,20 +16,21 @@
 import java.util.logging.Logger;
 
 import javax.naming.NamingException;
-import javax.servlet.AsyncContext;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.Part;
-
+import jakarta.servlet.AsyncContext;
+import jakarta.servlet.ServletConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Part;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.owasp.esapi.errors.IntrusionException;
 import org.owasp.esapi.errors.ValidationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.ValidatorUtils;
 import com.bbn.marti.sync.Metadata.Field;
 import com.google.common.base.Strings;
 
@@ -45,13 +47,10 @@ public class UploadServlet extends EnterpriseSyncServlet {
 	private static final long serialVersionUID = -8151782550681449153L;
 	private static final int DEFAULT_PARAMETER_LENGTH = 1024;
 	private static Set<String> optionalParameters;
-	
+
 	private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(UploadServlet.class);
 
-	@Autowired
-	private CoreConfig coreConfig;
-	
-	@Autowired(required = false)	
+	@Autowired(required = false)
 	protected PluginManager pluginManager;
 
 	private int uploadSizeLimitMB;
@@ -65,6 +64,7 @@ public class UploadServlet extends EnterpriseSyncServlet {
 		}
 		// Add the alias MIME => MIMEType to support the name ATAK uses
 		optionalParameters.add("MIME");
+		optionalParameters.add("name");
 	}
 
 	@Override
@@ -72,12 +72,12 @@ public void init(final ServletConfig config) throws ServletException {
 		super.init(config);
 
 
-		uploadSizeLimitMB = coreConfig.getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
-		
+		uploadSizeLimitMB = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEnterpriseSyncSizeLimitMB();
+
 		if (uploadSizeLimitMB > 550) {
 			throw new IllegalArgumentException("Invalid configuration in CoreConfig for EnterpriseSyncSizeLimitMB. Must be 550MB or less");
 		}
-		
+
 		logger.info("Enterprise Sync upload limit is " + uploadSizeLimitMB + " MB");
 
 
@@ -87,12 +87,12 @@ public void init(final ServletConfig config) throws ServletException {
 	 * Always returns HttpServletResponse.SC_METHOD_NOT_ALLOWED. GET is not
 	 * supported. This servet is for uploading resources to the Enterprise Sync
 	 * database.
-	 * 
+	 *
 	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
 	 *      response)
 	 * @see MetadataServlet
 	 */
-	
+
 	@Override
 	public void doGet(HttpServletRequest request, HttpServletResponse response)
 			throws ServletException, IOException {
@@ -105,7 +105,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
 	 * one is provided, it must not already be present in the database. Use PUT
 	 * request to update a resource that already exists. HTTP parameter names
 	 * mtch the values in the eum <code>Metadata.Field</code>.
-	 * 
+	 *
 	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
 	 *      response)
 	 * @see <code>Metadata.Field</code>
@@ -121,11 +121,11 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 
 		try {
 			async.start(() -> {
-				
+
 				try {
-					
+
 					HttpServletRequest request = (HttpServletRequest) async.getRequest();
-					
+
 					String groupVector = null;
 
 					try {
@@ -140,7 +140,7 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 
 					if (Strings.isNullOrEmpty(groupVector)) {
 						throw new IllegalStateException("empty group vector");
-					}  
+					}
 
 					if (async.getRequest() instanceof HttpServletRequest) {
 						initAuditLog((HttpServletRequest) async.getRequest());
@@ -155,15 +155,16 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 					try {
 						String requestHost = request.getRemoteHost();
 						if (requestHost != null && validator != null) {
-							remoteHost = validator.getValidInput("HttpServletRequest.getRemoteHost()", requestHost, 
+							remoteHost = validator.getValidInput("HttpServletRequest.getRemoteHost()", requestHost,
 									"MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
 						}
 						badRequestPrefix = "Bad upload request from " + remoteHost + ": ";
 
 						if (validator != null) {
-							validator.assertValidHTTPRequestParameterSet(context, request, 
+
+							ValidatorUtils.assertValidHTTPRequestParameterSet(context, request.getParameterMap().keySet(),
 									new HashSet<String>(),
-									optionalParameters);
+									optionalParameters, validator);
 						}
 
 						Map<String, String[]> httpParameters = request.getParameterMap();
@@ -172,8 +173,8 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 							Metadata.Field field = Metadata.Field.fromString(key);
 							if (field == null ) {
 								if (validator != null) {
-									response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Unrecognized parameter " + 
-											validator.getValidInput(context, key, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, 
+									response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Unrecognized parameter " +
+											validator.getValidInput(context, key, "MartiSafeString", DEFAULT_PARAMETER_LENGTH,
 													false));
 									return;
 								} else {
@@ -192,7 +193,7 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 								}
 								if (validator != null) {
 									for (String value : values) {
-										validator.getValidInput(context, value, field.validationType.name(), 
+										validator.getValidInput(context, value, field.validationType.name(),
 												field.maximumLength, true);
 									}
 								}
@@ -232,7 +233,7 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 						// assign random to resource if not specified in request
 						if (toStore.getUid() == null || toStore.getUid().isEmpty()) {
 							toStore.set(Metadata.Field.UID, new String[] {UUID.randomUUID().toString()});
-						} 
+						}
 
 						String mimeType = request.getHeader("Content-Type");
 
@@ -301,7 +302,7 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 								String filename = pieces[0].substring(0, pieces[0].length() - 1);
 								if (validator != null) {
 									filename = validator.getValidInput(context, filename,
-											Metadata.Field.DownloadPath.validationType.name(), 
+											Metadata.Field.DownloadPath.validationType.name(),
 											Metadata.Field.DownloadPath.maximumLength, true);
 								}
 
@@ -309,9 +310,9 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 								if (toStore.getFirstSafely(Field.Name).isEmpty()) {
 									toStore.set(Metadata.Field.Name, new String[] {filename});
 								}
-							} 
+							}
 							mimeType = part.getHeader("content-type");
-						} 
+						}
 
 						// TODO: Set the name
 
@@ -321,7 +322,7 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 						// Get the user ID from the request
 						String userName = SecurityContextHolder.getContext().getAuthentication().getName();
 						if (validator != null) {
-							userName = validator.getValidInput(context, userName, 
+							userName = validator.getValidInput(context, userName,
 									Metadata.Field.SubmissionUser.validationType.name(),
 									Metadata.Field.SubmissionUser.maximumLength, true);
 						}
@@ -335,13 +336,15 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 
 						inputStream.close();
 
-						// if plugin classname is set, notify the plugin with the file upload event. The notification event will include the Metadata object and will not include the full byte[] payload.
-						if (toStore.getPluginClassName() != null) {
-
-							logger.info("Notifying the plugin {} with file upload event", toStore.getPluginClassName());
-							pluginManager.onFileUpload(toStore.getPluginClassName(), toStore);
-
-						} 
+						try {
+							// Notify plugins about the file upload event. The notification event will include the Metadata object and will not include the full byte[] payload.
+							if (uploadedMetadata.getPluginClassName() != null) {
+								logger.info("Notifying the plugin {} with file upload event", uploadedMetadata.getPluginClassName());
+							}
+							pluginManager.onFileUpload(uploadedMetadata.getPluginClassName(), uploadedMetadata);
+						} catch (Exception e) {
+							logger.error("exception calling pluginManager.onFileUpload", e);
+						}
 
 					} catch (NamingException|SQLException ex) {
 						String msg = "Enterprise Sync database failed to process write operation.";
@@ -383,10 +386,10 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 
 					} catch (ValidationException ex) {
 						if (logger.isWarnEnabled()) {
-							logger.warn(badRequestPrefix + ex.getLogMessage());
+							logger.warn("ValidationException: {}", badRequestPrefix + ex.getLogMessage(), ex);
 						}
-						response.sendError(HttpServletResponse.SC_BAD_REQUEST, 
-								"Illegal characters detected. Accents and most punctuation characters are not allowed for security.");
+						response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+								"Illegal parameters or characters detected. Accents and most punctuation characters are not allowed for security.");
 						return;
 					} catch (IntrusionException evilException) {
 						if (logger.isErrorEnabled()) {
@@ -413,13 +416,13 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) throws
 					response.setStatus(HttpServletResponse.SC_OK);
 				} catch (Exception e) {
 					logger.error("error processing getResource", e);
-				} finally { 
+				} finally {
 					async.complete();
 				}
 			});
 		} catch (Exception e) {
 			logger.error("error uploading file", e);
-		} 
+		}
 	}
 
 	@Override
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/ClassificationApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/ClassificationApi.java
deleted file mode 100644
index 421b8020..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/ClassificationApi.java
+++ /dev/null
@@ -1,126 +0,0 @@
-package com.bbn.marti.sync.api;
-
-import java.util.List;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RestController;
-
-import com.bbn.marti.cot.search.model.ApiResponse;
-import com.bbn.marti.network.BaseRestController;
-import com.bbn.marti.sync.model.Caveat;
-import com.bbn.marti.sync.model.Classification;
-import com.bbn.marti.sync.repository.CaveatRepository;
-import com.bbn.marti.sync.repository.ClassificationRepository;
-import tak.server.Constants;
-
-
-@RestController
-public class ClassificationApi extends BaseRestController {
-	
-	private static final Logger logger = LoggerFactory.getLogger(ClassificationApi.class);
-
-    @Autowired
-    private ClassificationRepository classificationRepository;
-    
-    @Autowired
-    private CaveatRepository caveatRepository;
-	
-    @RequestMapping(value = "/classification", method = RequestMethod.GET)
-    ApiResponse<List<Classification>> getAllClassifications() {
-        return new ApiResponse<List<Classification>>(Constants.API_VERSION,
-                Classification.class.getSimpleName(), classificationRepository.findAll());
-    }
-    
-    @RequestMapping(value = "/classification/{level}", method = RequestMethod.GET)
-    ApiResponse<Classification> getClassificationForLevel(@PathVariable("level") String level) {
-        return new ApiResponse<Classification>(Constants.API_VERSION,
-                Classification.class.getSimpleName(), classificationRepository.findByLevel(level));
-    }
-    
-    @RequestMapping(value = "/classification", method = RequestMethod.PUT)
-    ApiResponse<Classification> setCaveatsForClassification(@RequestBody Classification classification) throws Exception{
-    	logger.debug("Set caveats for Classification level {}", classification.getLevel());
-    	try {
-    		Classification dbClassification = classificationRepository.findByLevel(classification.getLevel());
-    		Long classification_id = dbClassification.getId();
-    		logger.debug("Found classification_id {} for Classification level {}", classification_id, classification.getLevel());
-    		
-    		classificationRepository.unlinkAllCaveats(classification_id);
-    		logger.debug("Unlinked all caveats for classification_id {}", classification_id);
-    		
-    		for (Caveat caveat: classification.getCaveats()) {
-    			Caveat dbCaveat = caveatRepository.findByName(caveat.getName());
-    			Long caveat_id = dbCaveat.getId();
-    			classificationRepository.linkCaveat(classification_id, caveat_id);
-    			logger.info("Linked caveat {} to classification_id {}", caveat_id, classification_id);
-    		}
-    		
-        	logger.info("Successfully set caveats for classification level {}", classification.getLevel());
-
-            return new ApiResponse<Classification>(Constants.API_VERSION,
-                    Classification.class.getSimpleName(), classification);
-            
-    	}catch (Exception e) {
-    		logger.error( "Error in setCaveatsForClassification",e );
-    		throw new Exception("Server error: " + e.getLocalizedMessage());
-    	}
-
-    }
-    
-    @RequestMapping(value = "/classification/{level}", method = RequestMethod.POST)
-    ApiResponse<Classification> newClassification(@PathVariable("level") String level) {
-    	Classification classification = new Classification(level);
-    	classificationRepository.save(classification);
-        return new ApiResponse<Classification>(Constants.API_VERSION,
-                Classification.class.getSimpleName(), classification);
-    }
-    
-    @RequestMapping(value = "/classification/{level}", method = RequestMethod.DELETE)
-    ApiResponse<Long> deleteClassification(@PathVariable("level") String level)  throws Exception{
-    	Classification dbClassification = classificationRepository.findByLevel(level);
-    	if (dbClassification == null) {
-    		throw new Exception("Classification not found");
-    	}
-    	classificationRepository.unlinkAllCaveats(dbClassification.getId());
-
-    	classificationRepository.deleteClassificationOnly(dbClassification.getId());
-
-        return new ApiResponse<Long>(Constants.API_VERSION,
-        		Long.class.getSimpleName(), 0L);
-    }
-    
-    @RequestMapping(value = "/caveat", method = RequestMethod.GET)
-    ApiResponse<List<Caveat>> getAllCaveat() {
-    	 return new ApiResponse<List<Caveat>>(Constants.API_VERSION,
-    			 Caveat.class.getSimpleName(), caveatRepository.findAll());
-    }
-    
-    @RequestMapping(value = "/caveat/{name}", method = RequestMethod.POST)
-    ApiResponse<Caveat> newCaveat(@PathVariable("name") String name) {
-    	Caveat caveat = new Caveat(name);
-    	caveatRepository.save(caveat);
-        return new ApiResponse<Caveat>(Constants.API_VERSION,
-                Classification.class.getSimpleName(), caveat);
-    }
-    
-    @RequestMapping(value = "/caveat/{name}", method = RequestMethod.DELETE)
-    ApiResponse<Long> deleteCaveat(@PathVariable("name") String name) throws Exception{
-    	
-    	Caveat dbCaveat = caveatRepository.findByName(name);
-    	if (dbCaveat == null) {
-    		throw new Exception("Caveat not found");
-    	}
-    	caveatRepository.unlinkAllClassifications(dbCaveat.getId());
-    	
-    	long re = caveatRepository.deleteByName(name);
-        return new ApiResponse<Long>(Constants.API_VERSION,
-        		Long.class.getSimpleName(), re);
-    }
-    
-}
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/ContactsApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/ContactsApi.java
index 0091241e..b8fcd276 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/ContactsApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/ContactsApi.java
@@ -8,8 +8,9 @@
 import java.util.Set;
 import java.util.concurrent.ConcurrentSkipListSet;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -60,9 +61,6 @@ public class ContactsApi extends BaseRestController {
 
 	@Autowired
 	private CommonUtil martiUtil;
-	
-	@Autowired
-	CoreConfig coreConfig;
 
 	// GET all subscriptions
 	@RequestMapping(value = "/contacts/all", method = RequestMethod.GET)
@@ -82,8 +80,8 @@ ResponseEntity<List<RemoteSubscription>> getAllContacts(
 			Set<Group> groups = martiUtil.getGroupsFromActiveRequest();
 			
 			if (groups != null) {
-				if (!coreConfig.getRemoteConfiguration().getFilter().getContactApi().isEmpty()) {
-					for (ContactApi filter : coreConfig.getRemoteConfiguration().getFilter().getContactApi()) {
+				if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter().getContactApi().isEmpty()) {
+					for (ContactApi filter : CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter().getContactApi()) {
 						if (filter.isWriteOnly() && !Strings.isNullOrEmpty(filter.getGroupName())) {
 							if (martiUtil.hasAccessWriteOnly(groups, filter.getGroupName())) {
 								inWriteOnlyFilteredGroups.add(new Group(filter.getGroupName(), Direction.IN));
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/CopViewApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/CopViewApi.java
index b360e7e3..2010f0ae 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/CopViewApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/CopViewApi.java
@@ -6,9 +6,10 @@
 import java.util.NavigableSet;
 import java.util.Set;
 import java.util.concurrent.Callable;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.owasp.esapi.errors.IntrusionException;
 import org.owasp.esapi.errors.ValidationException;
 import org.slf4j.Logger;
@@ -56,8 +57,6 @@ public class CopViewApi extends BaseRestController {
 	@Autowired
 	private CommonUtil martiUtil;
 
-	@Autowired
-	private CoreConfig config;
 
 	private static String mcsCopTool = "";
 
@@ -125,7 +124,7 @@ public ApiResponse<Set<CopHierarchyNode>> getHierarchy(HttpServletRequest reques
 	public String getDefaultMcsTool() {
 		if (Strings.isNullOrEmpty(mcsCopTool)) {
 			try {
-				Configuration conf = config.getRemoteConfiguration();
+				Configuration conf = CoreConfigFacade.getInstance().getRemoteConfiguration();
 				mcsCopTool = conf.getNetwork().getMissionCopTool();
 			} catch(Exception ex) {
 				logger.info("Failed to get default mission cop tool. Using \"vbm\"");
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/MissionApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/MissionApi.java
index d7f60a50..e4b8115a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/MissionApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/MissionApi.java
@@ -29,8 +29,8 @@
 import java.util.concurrent.ConcurrentSkipListSet;
 import java.util.stream.Collectors;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import org.apache.commons.io.IOUtils;
@@ -74,6 +74,7 @@
 import com.bbn.marti.remote.RemoteSubscription;
 import com.bbn.marti.remote.SubmissionInterface;
 import com.bbn.marti.remote.SubscriptionManagerLite;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.remote.exception.ForbiddenException;
 import com.bbn.marti.remote.exception.MissionDeletedException;
 import com.bbn.marti.remote.exception.NotFoundException;
@@ -90,14 +91,12 @@
 import com.bbn.marti.sync.model.LogEntry;
 import com.bbn.marti.sync.model.Mission;
 import com.bbn.marti.sync.model.MissionChange;
-import com.bbn.marti.sync.model.MissionChangeUtils;
 import com.bbn.marti.sync.model.MissionFeed;
 import com.bbn.marti.sync.model.MissionInvitation;
 import com.bbn.marti.sync.model.MissionLayer;
 import com.bbn.marti.sync.model.MissionPermission;
 import com.bbn.marti.sync.model.MissionRole;
 import com.bbn.marti.sync.model.MissionSubscription;
-import com.bbn.marti.sync.model.MissionUtils;
 import com.bbn.marti.sync.model.Resource;
 import com.bbn.marti.sync.model.ResourceUtils;
 import com.bbn.marti.sync.repository.LogEntryRepository;
@@ -125,592 +124,573 @@
 import tak.server.ignite.grid.SubscriptionManagerProxyHandler;
 
 /*
- * 
+ *
  * REST API for data sync missions
- * 
+ *
  */
 @RestController
 public class MissionApi extends BaseRestController {
 
-    private static final Logger logger = LoggerFactory.getLogger(MissionApi.class);
-    
-    private static final Logger cacheLogger = LoggerFactory.getLogger("missioncache");
+	private static final Logger logger = LoggerFactory.getLogger(MissionApi.class);
 
-    // keep a reference to the currently active request
-    @Autowired
-    private HttpServletRequest request;
+	private static final Logger cacheLogger = LoggerFactory.getLogger("missioncache");
 
-    @Autowired
-    private HttpServletResponse response;
+	// keep a reference to the currently active request
+	@Autowired
+	private HttpServletRequest request;
+
+	@Autowired
+	private HttpServletResponse response;
 
-    @Autowired
-    private MissionRepository missionRepository;
+	@Autowired
+	private MissionRepository missionRepository;
 
-    @Autowired
-    private SubscriptionManagerLite subscriptionManager;
+	@Autowired
+	private SubscriptionManagerLite subscriptionManager;
 
-    @Autowired
-    private SubscriptionManagerProxyHandler subscriptionManagerProxy;
+	@Autowired
+	private SubscriptionManagerProxyHandler subscriptionManagerProxy;
 
-    @Autowired
-    private LogEntryRepository logEntryRepository;
+	@Autowired
+	private LogEntryRepository logEntryRepository;
 
-    @Autowired
-    private MissionService missionService;
+	@Autowired
+	private MissionService missionService;
 
-    @Autowired
-    private GroupManager groupManager;
+	@Autowired
+	private GroupManager groupManager;
 
-    @Autowired
-    private CommonUtil martiUtil;
+	@Autowired
+	private CommonUtil martiUtil;
 
-    @Autowired
-    private RemoteUtil remoteUtil;
+	@Autowired
+	private RemoteUtil remoteUtil;
 
-    @Autowired
-    private Validator validator;
+	@Autowired
+	private Validator validator;
 
-    @Autowired
-    private EnterpriseSyncService syncStore;
+	@Autowired
+	private EnterpriseSyncService syncStore;
 
-    @Autowired
-    private SubmissionInterface submission;
+	@Autowired
+	private SubmissionInterface submission;
 
-    @Autowired
-    private MissionRoleRepository missionRoleRepository;
+	@Autowired
+	private MissionRoleRepository missionRoleRepository;
 
-    @Autowired
-    private MissionSubscriptionRepository missionSubscriptionRepository;
+	@Autowired
+	private MissionSubscriptionRepository missionSubscriptionRepository;
 
 	@Autowired
-    private RequestHolderBean requestHolderBean;
+	private RequestHolderBean requestHolderBean;
 
 	@Autowired(required = false)
 	private RetentionPolicyConfig retentionPolicyConfig;
-	
+
 	@Autowired(required = false)
 	private DataFeedCotService dataFeedCotService;
 
-	@Autowired
-	private CoreConfig config;
-
-    /*
-     * get all missions
-     */
-    @RequestMapping(value = "/missions", method = RequestMethod.GET)
-    Callable<ApiResponse<List<Mission>>> getAllMissions(
-    		@RequestParam(value = "passwordProtected", defaultValue = "false") boolean passwordProtected,
-    		@RequestParam(value = "defaultRole", defaultValue = "false") boolean defaultRole,
-    		@RequestParam(value = "tool", required = false) String tool) throws RemoteException {
-
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("mission API getAllMissions");
-    	}
-
-    	final NavigableSet<Group> groups = martiUtil.getGroupsFromRequest(request);
+
+	/*
+	 * get all missions
+	 */
+	@RequestMapping(value = "/missions", method = RequestMethod.GET)
+	Callable<ApiResponse<List<Mission>>> getAllMissions(
+			@RequestParam(value = "passwordProtected", defaultValue = "false") boolean passwordProtected,
+			@RequestParam(value = "defaultRole", defaultValue = "false") boolean defaultRole,
+			@RequestParam(value = "tool", required = false) String tool) throws RemoteException {
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("mission API getAllMissions");
+		}
+
+		final NavigableSet<Group> groups = martiUtil.getGroupsFromRequest(request);
 		final String username = SecurityContextHolder.getContext().getAuthentication().getName();
-		final HttpServletRequest freq = request;
-    	
-    	return () -> {
+//		final HttpServletRequest freq = request;
+
+		return () -> {
+
+			List<Mission> missions = null;
+
+			try {
+				CoreConfig config = CoreConfigFacade.getInstance();
+
+				if (tool != null) {
+					missions = missionService.getAllMissions(passwordProtected, defaultRole, tool, groups);
+				} else {
+					missions = missionService.getAllMissions(passwordProtected, defaultRole, "public", groups);
+					if (config.getRemoteConfiguration().getVbm() != null &&
+							config.getRemoteConfiguration().getVbm().isEnabled() &&
+							config.getRemoteConfiguration().getVbm().isReturnCopsWithPublicMissions()) {
+
+						missions.addAll(missionService.getAllMissions(passwordProtected, defaultRole,
+								config.getRemoteConfiguration().getNetwork().getMissionCopTool(), groups));
+
+						// include any COPs the current user was invited to
+						missions.addAll(missionService.getInviteOnlyMissions(username,
+								config.getRemoteConfiguration().getNetwork().getMissionCopTool(), groups));
+					}
+				}
+
+				if (config.getRemoteConfiguration().getVbm().isEnabled()) {
+					missions = missionService.validateAccess(missions, request);
+				}
 
-    		List<Mission> missions = null;
+			} catch (Exception e) {
+				logger.error("exception getting all missions", e);
+			}
 
-    		try {
+			return new ApiResponse<List<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), missions);
 
-    			if (tool != null) {
-    				missions = missionService.getAllMissions(passwordProtected, defaultRole, tool, groups);
-    			} else {
-    				missions = missionService.getAllMissions(passwordProtected, defaultRole, "public", groups);
-    				if (config.getRemoteConfiguration().getVbm() != null &&
-    						config.getRemoteConfiguration().getVbm().isEnabled() &&
-    						config.getRemoteConfiguration().getVbm().isReturnCopsWithPublicMissions()) {
+		};
+	}
 
-    					missions.addAll(missionService.getAllMissions(passwordProtected, defaultRole,
-    							config.getRemoteConfiguration().getNetwork().getMissionCopTool(), groups));
+	/*
+	 * Get a mission by name.
+	 */
+	@RequestMapping(value = "/missions/{name:.+}", method = RequestMethod.GET)
+	Callable<ApiResponse<Set<Mission>>> getMission(
+			@PathVariable("name") @NotNull String name,
+			@RequestParam(value = "password", defaultValue = "") String password,
+			@RequestParam(value = "changes", defaultValue = "false") boolean changes,
+			@RequestParam(value = "logs", defaultValue = "false") boolean logs,
+			@RequestParam(value = "secago", required = false) Long secago,
+			@RequestParam(value = "start", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
+			@RequestParam(value = "end", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end) {
 
-    					// include any COPs the current user was invited to
+		final HttpServletRequest request = requestHolderBean.getRequest();
 
-    					missions.addAll(missionService.getInviteOnlyMissions(username,
-    							config.getRemoteConfiguration().getNetwork().getMissionCopTool(), groups));
-    				}
-    			}
+		final String sessionId = requestHolderBean.sessionId();
 
-    			if (config.getRemoteConfiguration().getVbm().isEnabled()) {
-    				missions = missionService.validateAccess(missions, request);
-    			}
+		if (logger.isDebugEnabled()) {
+			logger.debug("session id: " + requestHolderBean.sessionId());
+		}
 
-    			for (Mission mission: missions) {
-    				MissionUtils.findAndSetTransientValuesForMission(mission);
-    			}
+		if (logger.isDebugEnabled()) {
+			logger.debug("request: " + request);
+		}
 
+		final String groupVector = martiUtil.getGroupVectorBitString(sessionId);
+		final NavigableSet<Group> userGroups = martiUtil.getUserGroups(sessionId);
 
-    		} catch (Exception e) {
-    			logger.error("exception getting all missions", e);
-    		}
+		return () -> {
 
-    		return new ApiResponse<List<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), missions);
+			if (Strings.isNullOrEmpty(name)) {
+				throw new IllegalArgumentException("empty 'name' path parameter");
+			}
 
-    	};
-    }
+			String missionName = missionService.trimName(name);
 
-    /*
-     * Get a mission by name.
-     */
-    @RequestMapping(value = "/missions/{name:.+}", method = RequestMethod.GET)
-    Callable<ApiResponse<Set<Mission>>> getMission(
-    		@PathVariable("name") @NotNull String name,
-    		@RequestParam(value = "password", defaultValue = "") String password,
-    		@RequestParam(value = "changes", defaultValue = "false") boolean changes,
-    		@RequestParam(value = "logs", defaultValue = "false") boolean logs,
-    		@RequestParam(value = "secago", required = false) Long secago,
-    		@RequestParam(value = "start", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
-    		@RequestParam(value = "end", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("getMission " + missionName);
+			}
 
-    	final HttpServletRequest request = requestHolderBean.getRequest();
+			Mission mission = missionService.getMission(missionName, groupVector);
 
-    	final String sessionId = requestHolderBean.sessionId();
+			try {
+				if (!Strings.isNullOrEmpty(password)) {
+					missionService.validatePassword(mission, password);
 
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("session id: " + requestHolderBean.sessionId());
-    	}
+					String token = missionService.generateToken(
+							UUID.randomUUID().toString(), missionName, MissionTokenUtils.TokenType.ACCESS, -1);
+					mission.setToken(token);
 
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("request: " + request);
-    	}
+				} else if (!missionService.validatePermission(MissionPermission.Permission.MISSION_READ, request)) {
+					throw new ForbiddenException("Illegal attempt to access mission! Request did not have read access.");
+				}
 
-    	final String groupVector = martiUtil.getGroupVectorBitString(sessionId);
-    	final NavigableSet<Group> userGroups = martiUtil.getUserGroups(sessionId);
+				if (changes) {
+					Set<MissionChange> missionChanges = missionService.getMissionChanges(
+							mission.getName(), groupVector, secago, start, end, false);
+					mission.setMissionChanges(missionChanges);
+				}
 
-    	return () -> {
+				if (logs) {
+					List<LogEntry> missionLogs = missionService.getLogEntriesForMission(mission, secago, start, end);
+					mission.setLogs(missionLogs);
+				}
 
-    		if (Strings.isNullOrEmpty(name)) {
-    			throw new IllegalArgumentException("empty 'name' path parameter");
-    		}
+				mission.setGroups(RemoteUtil.getInstance().getGroupNamesForBitVectorString(
+						mission.getGroupVector(), userGroups));
 
-    		String missionName = missionService.trimName(name);
+			} catch (ForbiddenException e) {
+				if (missionService.getApiVersionNumberFromRequest(request) <= 2) {
+					throw e;
+				}
 
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("getMission " + missionName);
-    		}
+				mission.clear();
+			}
 
-    		Mission mission = missionService.getMission(missionName, groupVector);
+			Set<Mission> result = new HashSet<>();
+			result.add(mission);
 
-    		try {
-    			if (!Strings.isNullOrEmpty(password)) {
-    				missionService.validatePassword(mission, password);
+			if (logger.isDebugEnabled()) {
+				logger.debug("GET mission: " + result);
+			}
 
-    				String token = missionService.generateToken(
-    						UUID.randomUUID().toString(), missionName, MissionTokenUtils.TokenType.ACCESS, -1);
-    				mission.setToken(token);
+			return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), result);
+		};
+	}
 
-    			} else if (!missionService.validatePermission(MissionPermission.Permission.MISSION_READ, request)) {
-    				throw new ForbiddenException("Illegal attempt to access mission! Request did not have read access.");
-    			}
+	/*
+	 * Get a mission by guid.
+	 */
+	@RequestMapping(value = "/missions/guid/{guid:.+}", method = RequestMethod.GET)
+	Callable<ApiResponse<Set<Mission>>> getMissionByGuid(
+			@PathVariable("guid") String guid,
+			@RequestParam(value = "password", defaultValue = "") String password,
+			@RequestParam(value = "changes", defaultValue = "false") boolean changes,
+			@RequestParam(value = "logs", defaultValue = "false") boolean logs,
+			@RequestParam(value = "secago", required = false) Long secago,
+			@RequestParam(value = "start", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
+			@RequestParam(value = "end", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end) {
 
-    			if (changes) {
-    				Set<MissionChange> missionChanges = missionService.getMissionChanges(
-    						mission.getName(), groupVector, secago, start, end, false);
-    				mission.setMissionChanges(missionChanges);
-    			}
+		final HttpServletRequest request = requestHolderBean.getRequest();
 
-    			if (logs) {
-    				List<LogEntry> missionLogs = missionService.getLogEntriesForMission(mission, secago, start, end);
-    				mission.setLogs(missionLogs);
-    			}
+		final String sessionId = requestHolderBean.sessionId();
 
-    			mission.setGroups(RemoteUtil.getInstance().getGroupNamesForBitVectorString(
-    					mission.getGroupVector(), userGroups));
+		logger.debug("MissionApi.getMissionByGuid {}", guid);
 
-    		} catch (ForbiddenException e) {
-    			if (missionService.getApiVersionNumberFromRequest(request) <= 2) {
-    				throw e;
-    			}
+		final String groupVector = martiUtil.getGroupVectorBitString(sessionId);
+		final NavigableSet<Group> userGroups = martiUtil.getUserGroups(sessionId);
 
-    			mission.clear();
-    		}
+		return () -> {
 
-    		MissionUtils.findAndSetTransientValuesForMission(mission);
+			try {
 
-    		Set<Mission> result = new HashSet<>();
-    		result.add(mission);
+				if (Strings.isNullOrEmpty(guid)) {
+					throw new IllegalArgumentException("empty 'guid' path parameter");
+				}
 
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("GET mission: " + result);
-    		}
+				UUID missionUuid = null;
+				try {
+					missionUuid = UUID.fromString(guid);
+				} catch (Exception e) {
+					logger.error("invalid guid {}", guid);
+				}
 
-    		return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), result);
-    	};
-    }
-    
-    /*
-     * Get a mission by guid.
-     */
-    @RequestMapping(value = "/missions/guid/{guid:.+}", method = RequestMethod.GET)
-    Callable<ApiResponse<Set<Mission>>> getMissionByGuid(
-    		@PathVariable("guid") String guid,
-    		@RequestParam(value = "password", defaultValue = "") String password,
-    		@RequestParam(value = "changes", defaultValue = "false") boolean changes,
-    		@RequestParam(value = "logs", defaultValue = "false") boolean logs,
-    		@RequestParam(value = "secago", required = false) Long secago,
-    		@RequestParam(value = "start", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
-    		@RequestParam(value = "end", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end) {
+				Mission mission = missionService.getMissionByGuid(missionUuid, groupVector);
 
-    	final HttpServletRequest request = requestHolderBean.getRequest();
+				try {
+					if (!Strings.isNullOrEmpty(password)) {
+						missionService.validatePassword(mission, password);
 
-    	final String sessionId = requestHolderBean.sessionId();
+						// using guid instead of mission name in token claim
+						String token = missionService.generateToken(
+								UUID.randomUUID().toString(), missionUuid.toString(), MissionTokenUtils.TokenType.ACCESS, -1);
+						mission.setToken(token);
 
-    	logger.debug("MissionApi.getMissionByGuid {}", guid);
-    	
-    	final String groupVector = martiUtil.getGroupVectorBitString(sessionId);
-    	final NavigableSet<Group> userGroups = martiUtil.getUserGroups(sessionId);
+					} else if (!missionService.validatePermission(MissionPermission.Permission.MISSION_READ, request)) {
+						throw new ForbiddenException("Illegal attempt to access mission! Request did not have read access.");
+					}
 
-    	return () -> {
+					if (changes) {
+						Set<MissionChange> missionChanges = missionService.getMissionChangesByGuid(missionUuid, groupVector, secago, start, end, false);
+						mission.setMissionChanges(missionChanges);
+					}
 
-    		try {
+					if (logs) {
+						List<LogEntry> missionLogs = missionService.getLogEntriesForMission(mission, secago, start, end);
+						mission.setLogs(missionLogs);
+					}
 
-    			if (Strings.isNullOrEmpty(guid)) {
-    				throw new IllegalArgumentException("empty 'guid' path parameter");
-    			}
+					mission.setGroups(RemoteUtil.getInstance().getGroupNamesForBitVectorString(mission.getGroupVector(), userGroups));
 
-    			UUID missionUuid = null;
-    			try {
-    				missionUuid = UUID.fromString(guid);
-    			} catch (Exception e) {
-    				logger.error("invalid guid {}", guid);
-    			}
+				} catch (ForbiddenException e) {
+					if (missionService.getApiVersionNumberFromRequest(request) <= 2) {
+						throw e;
+					}
 
-    			Mission mission = missionService.getMissionByGuid(missionUuid, groupVector);
+					mission.clear();
+				}
+
+				Set<Mission> result = new HashSet<>();
+				result.add(mission);
+
+				if (logger.isDebugEnabled()) {
+					logger.debug("GET mission: " + result);
+				}
+
+				return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), result);
 
-    			try {
-    				if (!Strings.isNullOrEmpty(password)) {
-    					missionService.validatePassword(mission, password);
+			} catch (Exception e) {
+				logger.error("exception fetching mission by guid", e); // make sure exception doesn't get swallowed
+				throw e;
+			}
+		};
+	}
 
-    					// using guid instead of mission name in token claim
-    					String token = missionService.generateToken(
-    							UUID.randomUUID().toString(), missionUuid.toString(), MissionTokenUtils.TokenType.ACCESS, -1);
-    					mission.setToken(token);
 
-    				} else if (!missionService.validatePermission(MissionPermission.Permission.MISSION_READ, request)) {
-    					throw new ForbiddenException("Illegal attempt to access mission! Request did not have read access.");
-    				}
+	/*
+	 * create a new mission.
+	 *
+	 * If the mission already exists, respond with 409 Conflict and duplicate error message.
+	 *
+	 */
+	@RequestMapping(value = "/missions/{name:.+}", method = RequestMethod.PUT)
+	public Callable<ApiResponse<Set<Mission>>> createMission(@PathVariable("name") @NotNull String nameParam,
+															 @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUidParam,
+															 @RequestParam(value = "group", defaultValue = "__ANON__") @ValidatedBy("MartiSafeString") String[] groupNamesParam,
+															 @RequestParam(value = "description", defaultValue = "") @ValidatedBy("MartiSafeString") String descriptionParam,
+															 @RequestParam(value = "chatRoom", defaultValue = "") @ValidatedBy("MartiSafeString") String chatRoomParam,
+															 @RequestParam(value = "baseLayer", defaultValue = "") @ValidatedBy("MartiSafeString") String baseLayerParam,
+															 @RequestParam(value = "bbox", defaultValue = "") @ValidatedBy("MartiSafeString") String bboxParam,
+															 @RequestParam(value = "boundingPolygon", defaultValue = "") @ValidatedBy("MartiSafeString") List<String> boundingPolygonParam,
+															 @RequestParam(value = "path", defaultValue = "") @ValidatedBy("MartiSafeString") String pathParam,
+															 @RequestParam(value = "classification", defaultValue = "") @ValidatedBy("MartiSafeString") String classificationParam,
+															 @RequestParam(value = "tool", defaultValue = "public") @ValidatedBy("MartiSafeString") String toolParam,
+															 @RequestParam(value = "password", required = false) @ValidatedBy("MartiSafeString") String passwordParam,
+															 @RequestParam(value = "defaultRole", required = false) @ValidatedBy("MartiSafeString") MissionRole.Role roleParam,
+															 @RequestParam(value = "expiration", required = false) Long expirationParam,
+															 @RequestParam(value = "inviteOnly", defaultValue = "false") Boolean inviteOnlyParam,
+															 @RequestParam(value = "allowGroupChange", defaultValue = "false") Boolean allowGroupChange,
+															 @RequestBody(required = false) byte[] requestBody)
+			throws ValidationException, IntrusionException, RemoteException {
 
-    				if (changes) {
-    					Set<MissionChange> missionChanges = missionService.getMissionChangesByGuid(missionUuid, groupVector, secago, start, end, false);
-    					mission.setMissionChanges(missionChanges);
-    				}
+		if (Strings.isNullOrEmpty(nameParam)) {
+			throw new IllegalArgumentException("empty 'name' path parameter");
+		}
 
-    				if (logs) {
-    					List<LogEntry> missionLogs = missionService.getLogEntriesForMission(mission, secago, start, end);
-    					mission.setLogs(missionLogs);
-    				}
+		final HttpServletRequest request = requestHolderBean.getRequest();
 
-    				mission.setGroups(RemoteUtil.getInstance().getGroupNamesForBitVectorString(mission.getGroupVector(), userGroups));
+		final String sessionId = requestHolderBean.sessionId();
 
-    			} catch (ForbiddenException e) {
-    				if (missionService.getApiVersionNumberFromRequest(request) <= 2) {
-    					throw e;
-    				}
+		if (logger.isDebugEnabled()) {
+			logger.debug("session id: " + requestHolderBean.sessionId());
+		}
 
-    				mission.clear();
-    			}
+		if (logger.isDebugEnabled()) {
+			logger.debug("request: " + request);
+		}
 
-    			MissionUtils.findAndSetTransientValuesForMission(mission);
+		final String groupVectorUser = martiUtil.getGroupVectorBitString(sessionId);
 
-    			Set<Mission> result = new HashSet<>();
-    			result.add(mission);
+		final MissionRole adminRole = martiUtil.isAdmin() ?
+				missionRoleRepository.findFirstByRole(MissionRole.Role.MISSION_OWNER) : null;
 
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("GET mission: " + result);
-    			}
+		final String username = SecurityContextHolder.getContext().getAuthentication().getName();
 
-    			return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), result);
+		String name = missionService.trimName(nameParam);
+		try {
+			Mission mission = missionService.getMission(name, groupVectorUser);
+
+			String[] groupNames = groupNamesParam;
+
+			Mission reqMission = null;
+			String contentType = request.getHeader("content-type");
+			if (contentType != null && contentType.toLowerCase().contains("application/json")) {
+				try {
+					ObjectMapper objectMapper = new ObjectMapper().configure(
+							DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+					reqMission = objectMapper.readValue(new String(requestBody), Mission.class);
+					if (reqMission != null) {
+						groupNames = reqMission.getGroups() != null ? reqMission.getGroups().toArray(new String[0]) : groupNamesParam;
+					}
+				} catch (JsonProcessingException e) {
+					throw new IllegalArgumentException("exception parsing mission json!");
+				}
+			}
 
-    		} catch (Exception e) {
-    			logger.error("exception fetching mission by guid", e); // make sure exception doesn't get swallowed
-    			throw e;
-    		}
-    	};
-    }
-
-    
-    /*
-     * create a new mission.
-     *
-     * If the mission already exists, respond with 409 Conflict and duplicate error message.
-     *
-     */
-    @RequestMapping(value = "/missions/{name:.+}", method = RequestMethod.PUT)
-    public Callable<ApiResponse<Set<Mission>>> createMission(@PathVariable("name") @NotNull String nameParam,
-    		@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUidParam,
-    		@RequestParam(value = "group", defaultValue = "__ANON__") @ValidatedBy("MartiSafeString") String[] groupNamesParam,
-    		@RequestParam(value = "description", defaultValue = "") @ValidatedBy("MartiSafeString") String descriptionParam,
-    		@RequestParam(value = "chatRoom", defaultValue = "") @ValidatedBy("MartiSafeString") String chatRoomParam,
-    		@RequestParam(value = "baseLayer", defaultValue = "") @ValidatedBy("MartiSafeString") String baseLayerParam,
-    		@RequestParam(value = "bbox", defaultValue = "") @ValidatedBy("MartiSafeString") String bboxParam,
-    		@RequestParam(value = "boundingPolygon", defaultValue = "") @ValidatedBy("MartiSafeString") List<String> boundingPolygonParam,
-    		@RequestParam(value = "path", defaultValue = "") @ValidatedBy("MartiSafeString") String pathParam,
-    		@RequestParam(value = "classification", defaultValue = "") @ValidatedBy("MartiSafeString") String classificationParam,
-    		@RequestParam(value = "tool", defaultValue = "public") @ValidatedBy("MartiSafeString") String toolParam,
-    		@RequestParam(value = "password", required = false) @ValidatedBy("MartiSafeString") String passwordParam,
-    		@RequestParam(value = "defaultRole", required = false) @ValidatedBy("MartiSafeString") MissionRole.Role roleParam,
-    		@RequestParam(value = "expiration", required = false) Long expirationParam,
-    		@RequestParam(value = "inviteOnly", defaultValue = "false") Boolean inviteOnlyParam,
-    		@RequestParam(value = "allowGroupChange", defaultValue = "false") Boolean allowGroupChange,
-    		@RequestBody(required = false) byte[] requestBody)
-    				throws ValidationException, IntrusionException, RemoteException {
-
-    	if (Strings.isNullOrEmpty(nameParam)) {
-    		throw new IllegalArgumentException("empty 'name' path parameter");
-    	}
-
-    	final HttpServletRequest request = requestHolderBean.getRequest();
-
-    	final String sessionId = requestHolderBean.sessionId();
-
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("session id: " + requestHolderBean.sessionId());
-    	}
-
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("request: " + request);
-    	}
-
-    	final String groupVectorUser = martiUtil.getGroupVectorBitString(sessionId);
-
-    	final MissionRole adminRole = martiUtil.isAdmin() ?
-    			missionRoleRepository.findFirstByRole(MissionRole.Role.MISSION_OWNER) : null;
-
-    	final String username = SecurityContextHolder.getContext().getAuthentication().getName();
-    	
-    	String name = missionService.trimName(nameParam);
-    	try {
-    		Mission mission = missionService.getMission(name, groupVectorUser);
-
-    		String[] groupNames = groupNamesParam;
-    		
-    		Mission reqMission = null;
-    		String contentType = request.getHeader("content-type");
-    		if (contentType != null && contentType.toLowerCase().contains("application/json")) {
-    			try {
-    				ObjectMapper objectMapper = new ObjectMapper().configure(
-    						DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-    				reqMission = objectMapper.readValue(new String(requestBody), Mission.class);
-    				if (reqMission != null) {
-    					groupNames = reqMission.getGroups() != null ? reqMission.getGroups().toArray(new String[0]) : groupNamesParam;
-    				}
-    			} catch (JsonProcessingException e) {
-    				throw new IllegalArgumentException("exception parsing mission json!");
-    			}
-    		}
-    		
-    		// mission exists, get groups to check if they changed
-    		Set<Group> groups = groupManager.findGroups(Arrays.asList(groupNames));
-    		String groupVectorMission = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
+			// mission exists, get groups to check if they changed
+			Set<Group> groups = groupManager.findGroups(Arrays.asList(groupNames));
+			String groupVectorMission = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
 			MissionRole roleForRequest = missionService.getRoleForRequest(mission, request);
-			
+
 			// if the groups changed
-    		if (mission.getGroupVector().compareTo(groupVectorMission) != 0) {
-    			boolean userAllowedToChangeGroups = martiUtil.isAdmin() || roleForRequest.getRole() == MissionRole.Role.MISSION_OWNER;
-    			// user isn't an admin or mission owner, bad request
-    			if (!userAllowedToChangeGroups || !allowGroupChange)
-    				throw new ForbiddenException("Illegal attempt to change Mission groups!");
+			if (mission.getGroupVector().compareTo(groupVectorMission) != 0) {
+				boolean userAllowedToChangeGroups = martiUtil.isAdmin() || roleForRequest.getRole() == MissionRole.Role.MISSION_OWNER;
+				// user isn't an admin or mission owner, bad request
+				if (!userAllowedToChangeGroups || !allowGroupChange)
+					throw new ForbiddenException("Illegal attempt to change Mission groups!");
 			}
 		} catch (MissionDeletedException | NotFoundException e) {
 			// no mission found, proceed with doCreateMissionAllowDupe
 		}
-    	
-    	return () -> doCreateMissionAllowDupe(nameParam,
-    			creatorUidParam,
-    			groupNamesParam,
-    			descriptionParam,
-    			chatRoomParam,
-    			baseLayerParam,
-    			bboxParam,
-    			boundingPolygonParam,
-    			pathParam,
-    			classificationParam,
-    			toolParam,
-    			passwordParam,
-    			roleParam,
-    			expirationParam,
-    			inviteOnlyParam,
-    			false,
-    			requestBody,
-    			request,
-    			sessionId,
-    			groupVectorUser,
-    			adminRole,
-    			username);
-    }
-
-    /*
-     * Create a new mission. This POST method allows creation of a mission with a duplicate name if 'allowDupe' flag is set.
-     *
-     * If the mission already exists, respond with 409 Conflict and duplicate error message.
-     *
-     */
-    @RequestMapping(value = "/missions/{name:.+}", method = RequestMethod.POST)
-    public Callable<ApiResponse<Set<Mission>>> createMissionAllowDupe(@PathVariable("name") @NotNull String nameParam,
-    		@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUidParam,
-    		@RequestParam(value = "group", defaultValue = "__ANON__") @ValidatedBy("MartiSafeString") String[] groupNamesParam,
-    		@RequestParam(value = "description", defaultValue = "") @ValidatedBy("MartiSafeString") String descriptionParam,
-    		@RequestParam(value = "chatRoom", defaultValue = "") @ValidatedBy("MartiSafeString") String chatRoomParam,
-    		@RequestParam(value = "baseLayer", defaultValue = "") @ValidatedBy("MartiSafeString") String baseLayerParam,
-    		@RequestParam(value = "bbox", defaultValue = "") @ValidatedBy("MartiSafeString") String bboxParam,
-    		@RequestParam(value = "boundingPolygon", defaultValue = "") @ValidatedBy("MartiSafeString") List<String> boundingPolygonParam,
-    		@RequestParam(value = "path", defaultValue = "") @ValidatedBy("MartiSafeString") String pathParam,
-    		@RequestParam(value = "classification", defaultValue = "") @ValidatedBy("MartiSafeString") String classificationParam,
-    		@RequestParam(value = "tool", defaultValue = "public") @ValidatedBy("MartiSafeString") String toolParam,
-    		@RequestParam(value = "password", required = false) @ValidatedBy("MartiSafeString") String passwordParam,
-    		@RequestParam(value = "defaultRole", required = false) @ValidatedBy("MartiSafeString") MissionRole.Role roleParam,
-    		@RequestParam(value = "expiration", required = false) Long expirationParam,
-    		@RequestParam(value = "inviteOnly", defaultValue = "false") Boolean inviteOnlyParam,
-    		@RequestParam(value = "allowDupe", defaultValue = "false") boolean allowDupe,
-    		@RequestBody(required = false) byte[] requestBody)
-    				throws ValidationException, IntrusionException, RemoteException {
-
-    	if (Strings.isNullOrEmpty(nameParam)) {
-    		throw new IllegalArgumentException("empty 'name' path parameter");
-    	}
-
-    	final HttpServletRequest request = requestHolderBean.getRequest();
-
-    	final String sessionId = requestHolderBean.sessionId();
-
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("session id: " + requestHolderBean.sessionId());
-    	}
-
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("POST create mission {}", nameParam);
-    	}
-
-    	final String groupVectorUser = martiUtil.getGroupVectorBitString(sessionId);
-
-    	final MissionRole adminRole = martiUtil.isAdmin() ?
-    			missionRoleRepository.findFirstByRole(MissionRole.Role.MISSION_OWNER) : null;
-
-    	final String username = SecurityContextHolder.getContext().getAuthentication().getName();
-
-    	return () -> doCreateMissionAllowDupe(nameParam,
-    			creatorUidParam,
-    			groupNamesParam,
-    			descriptionParam,
-    			chatRoomParam,
-    			baseLayerParam,
-    			bboxParam,
-    			boundingPolygonParam,
-    			pathParam,
-    			classificationParam,
-    			toolParam,
-    			passwordParam,
-    			roleParam,
-    			expirationParam,
-    			inviteOnlyParam,
-    			allowDupe,
-    			requestBody,
-    			request,
-    			sessionId,
-    			groupVectorUser,
-    			adminRole,
-    			username);
-    }
-
-    private ApiResponse<Set<Mission>> doCreateMissionAllowDupe(String nameParam,
-    		String creatorUidParam,
-    		String[] groupNamesParam,
-    		String descriptionParam,
-    		String chatRoomParam,
-    		String baseLayerParam,
-    		String bboxParam,
-    		List<String> boundingPolygonParam,
-    		String pathParam,
-    		String classificationParam,
-    		String toolParam,
-    		String passwordParam,
-    		MissionRole.Role roleParam,
-    		Long expirationParam,
-    		Boolean inviteOnlyParam,
-    		boolean allowDupe,
-    		byte[] requestBody,
-    		final HttpServletRequest request,
-    		final String sessionId,
-    		final String groupVectorUser,
-    		final MissionRole adminRole,
-    		final String username) throws ValidationException, IntrusionException, RemoteException {
-
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("session id: " + requestHolderBean.sessionId());
-    	}
-
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("doCreateMission {}", nameParam);
-    	}
-
-    	try {
-
-    		String creatorUid = creatorUidParam;
-    		String[] groupNames = groupNamesParam;
-    		String description = descriptionParam;
-    		String chatRoom = chatRoomParam;
-    		String baseLayer = baseLayerParam;
-    		String bbox = bboxParam;
-    		String boundingPolygon = boundingPolygonPointsToString(boundingPolygonParam);
-    		String path = pathParam;
-    		String classification = classificationParam;
-    		String tool = toolParam;
-    		String password = passwordParam;
-    		MissionRole.Role role = roleParam;
-    		Long expiration = expirationParam;
-    		Boolean inviteOnly = inviteOnlyParam;
-
-    		byte[] missionPackage = null;
-
-    		Mission reqMission = null;
-    		String contentType = request.getHeader("content-type");
-    		if (contentType != null && contentType.toLowerCase().contains("application/json")) {
-    			try {
-    				ObjectMapper objectMapper = new ObjectMapper().configure(
-    						DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-    				reqMission = objectMapper.readValue(new String(requestBody), Mission.class);
-    				if (reqMission != null) {
-    					description = reqMission.getDescription() != null ? reqMission.getDescription() : description;
-    					chatRoom = reqMission.getChatRoom() != null ? reqMission.getChatRoom() : chatRoom;
-    					baseLayer = reqMission.getBaseLayer() != null ? reqMission.getBaseLayer() : baseLayer;
-    					bbox = reqMission.getBbox() != null ? reqMission.getBbox() : bbox;
-    					boundingPolygon = reqMission.getBoundingPolygon() != null ? reqMission.getBoundingPolygon() : boundingPolygon;
-    					path = reqMission.getPath() != null ? reqMission.getPath() : path;
-    					classification = reqMission.getClassification() != null ? reqMission.getClassification() : classification;
-    					tool = reqMission.getTool() != null ? reqMission.getTool() : tool;
-    					role = reqMission.getDefaultRole() != null ? reqMission.getDefaultRole().getRole() : role;
-    					expiration = reqMission.getExpiration() != null ? reqMission.getExpiration() : expiration;
-    					groupNames = reqMission.getGroups() != null ? reqMission.getGroups().toArray(new String[0]) : groupNames;
-    					inviteOnly = reqMission.isInviteOnly() != null ? reqMission.isInviteOnly() : inviteOnly;
-    				}
-    			} catch (JsonProcessingException e) {
-    				logger.error("exception parsing mission json!", e);
-    				throw new IllegalArgumentException("exception parsing mission json!");
-    			}
-    		} else {
-    			missionPackage = requestBody;
-    		}
 
-    		BigInteger bitVectorUser = remoteUtil.bitVectorStringToInt(groupVectorUser);
-    		
-    		Set<Group> groups = groupManager.findGroups(Arrays.asList(groupNames));
-    		    		
-    		String groupVectorMission = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
-    		BigInteger bitVectorMission = remoteUtil.bitVectorStringToInt(groupVectorMission);
+		return () -> doCreateMissionAllowDupe(nameParam,
+				creatorUidParam,
+				groupNamesParam,
+				descriptionParam,
+				chatRoomParam,
+				baseLayerParam,
+				bboxParam,
+				boundingPolygonParam,
+				pathParam,
+				classificationParam,
+				toolParam,
+				passwordParam,
+				roleParam,
+				expirationParam,
+				inviteOnlyParam,
+				false,
+				requestBody,
+				request,
+				sessionId,
+				groupVectorUser,
+				adminRole,
+				username);
+	}
+
+	/*
+	 * Create a new mission. This POST method allows creation of a mission with a duplicate name if 'allowDupe' flag is set.
+	 *
+	 * If the mission already exists, respond with 409 Conflict and duplicate error message.
+	 *
+	 */
+	@RequestMapping(value = "/missions/{name:.+}", method = RequestMethod.POST)
+	public Callable<ApiResponse<Set<Mission>>> createMissionAllowDupe(@PathVariable("name") @NotNull String nameParam,
+																	  @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUidParam,
+																	  @RequestParam(value = "group", defaultValue = "__ANON__") @ValidatedBy("MartiSafeString") String[] groupNamesParam,
+																	  @RequestParam(value = "description", defaultValue = "") @ValidatedBy("MartiSafeString") String descriptionParam,
+																	  @RequestParam(value = "chatRoom", defaultValue = "") @ValidatedBy("MartiSafeString") String chatRoomParam,
+																	  @RequestParam(value = "baseLayer", defaultValue = "") @ValidatedBy("MartiSafeString") String baseLayerParam,
+																	  @RequestParam(value = "bbox", defaultValue = "") @ValidatedBy("MartiSafeString") String bboxParam,
+																	  @RequestParam(value = "boundingPolygon", defaultValue = "") @ValidatedBy("MartiSafeString") List<String> boundingPolygonParam,
+																	  @RequestParam(value = "path", defaultValue = "") @ValidatedBy("MartiSafeString") String pathParam,
+																	  @RequestParam(value = "classification", defaultValue = "") @ValidatedBy("MartiSafeString") String classificationParam,
+																	  @RequestParam(value = "tool", defaultValue = "public") @ValidatedBy("MartiSafeString") String toolParam,
+																	  @RequestParam(value = "password", required = false) @ValidatedBy("MartiSafeString") String passwordParam,
+																	  @RequestParam(value = "defaultRole", required = false) @ValidatedBy("MartiSafeString") MissionRole.Role roleParam,
+																	  @RequestParam(value = "expiration", required = false) Long expirationParam,
+																	  @RequestParam(value = "inviteOnly", defaultValue = "false") Boolean inviteOnlyParam,
+																	  @RequestParam(value = "allowDupe", defaultValue = "false") boolean allowDupe,
+																	  @RequestBody(required = false) byte[] requestBody)
+			throws ValidationException, IntrusionException, RemoteException {
 
-    		if (bitVectorUser.compareTo(BigInteger.ZERO) == 0) {
-    			throw new ForbiddenException("Missing groups for user!");
-    		}
+		if (Strings.isNullOrEmpty(nameParam)) {
+			throw new IllegalArgumentException("empty 'name' path parameter");
+		}
 
-    		if (bitVectorMission.compareTo(BigInteger.ZERO) == 0) {
-    			throw new ForbiddenException("Missing groups for mission!");
-    		}
+		final HttpServletRequest request = requestHolderBean.getRequest();
+
+		final String sessionId = requestHolderBean.sessionId();
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("session id: " + requestHolderBean.sessionId());
+		}
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("POST create mission {}", nameParam);
+		}
+
+		final String groupVectorUser = martiUtil.getGroupVectorBitString(sessionId);
+
+		final MissionRole adminRole = martiUtil.isAdmin() ?
+				missionRoleRepository.findFirstByRole(MissionRole.Role.MISSION_OWNER) : null;
+
+		final String username = SecurityContextHolder.getContext().getAuthentication().getName();
+
+		return () -> doCreateMissionAllowDupe(nameParam,
+				creatorUidParam,
+				groupNamesParam,
+				descriptionParam,
+				chatRoomParam,
+				baseLayerParam,
+				bboxParam,
+				boundingPolygonParam,
+				pathParam,
+				classificationParam,
+				toolParam,
+				passwordParam,
+				roleParam,
+				expirationParam,
+				inviteOnlyParam,
+				allowDupe,
+				requestBody,
+				request,
+				sessionId,
+				groupVectorUser,
+				adminRole,
+				username);
+	}
+
+	private ApiResponse<Set<Mission>> doCreateMissionAllowDupe(String nameParam,
+															   String creatorUidParam,
+															   String[] groupNamesParam,
+															   String descriptionParam,
+															   String chatRoomParam,
+															   String baseLayerParam,
+															   String bboxParam,
+															   List<String> boundingPolygonParam,
+															   String pathParam,
+															   String classificationParam,
+															   String toolParam,
+															   String passwordParam,
+															   MissionRole.Role roleParam,
+															   Long expirationParam,
+															   Boolean inviteOnlyParam,
+															   boolean allowDupe,
+															   byte[] requestBody,
+															   final HttpServletRequest request,
+															   final String sessionId,
+															   final String groupVectorUser,
+															   final MissionRole adminRole,
+															   final String username) throws ValidationException, IntrusionException, RemoteException {
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("session id: " + requestHolderBean.sessionId());
+		}
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("doCreateMission {}", nameParam);
+		}
 
-    		// ensure that the user has access to all groups the mission is being added to
+		try {
+
+			String creatorUid = creatorUidParam;
+			String[] groupNames = groupNamesParam;
+			String description = descriptionParam;
+			String chatRoom = chatRoomParam;
+			String baseLayer = baseLayerParam;
+			String bbox = bboxParam;
+			String boundingPolygon = boundingPolygonPointsToString(boundingPolygonParam);
+			String path = pathParam;
+			String classification = classificationParam;
+			String tool = toolParam;
+			String password = passwordParam;
+			MissionRole.Role role = roleParam;
+			Long expiration = expirationParam;
+			Boolean inviteOnly = inviteOnlyParam;
+
+			byte[] missionPackage = null;
+
+			Mission reqMission = null;
+			String contentType = request.getHeader("content-type");
+			if (contentType != null && contentType.toLowerCase().contains("application/json")) {
+				try {
+					ObjectMapper objectMapper = new ObjectMapper().configure(
+							DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+					reqMission = objectMapper.readValue(new String(requestBody), Mission.class);
+					if (reqMission != null) {
+						description = reqMission.getDescription() != null ? reqMission.getDescription() : description;
+						chatRoom = reqMission.getChatRoom() != null ? reqMission.getChatRoom() : chatRoom;
+						baseLayer = reqMission.getBaseLayer() != null ? reqMission.getBaseLayer() : baseLayer;
+						bbox = reqMission.getBbox() != null ? reqMission.getBbox() : bbox;
+						boundingPolygon = reqMission.getBoundingPolygon() != null ? reqMission.getBoundingPolygon() : boundingPolygon;
+						path = reqMission.getPath() != null ? reqMission.getPath() : path;
+						classification = reqMission.getClassification() != null ? reqMission.getClassification() : classification;
+						tool = reqMission.getTool() != null ? reqMission.getTool() : tool;
+						role = reqMission.getDefaultRole() != null ? reqMission.getDefaultRole().getRole() : role;
+						expiration = reqMission.getExpiration() != null ? reqMission.getExpiration() : expiration;
+						groupNames = reqMission.getGroups() != null ? reqMission.getGroups().toArray(new String[0]) : groupNames;
+						inviteOnly = reqMission.isInviteOnly() != null ? reqMission.isInviteOnly() : inviteOnly;
+					}
+				} catch (JsonProcessingException e) {
+					logger.error("exception parsing mission json!", e);
+					throw new IllegalArgumentException("exception parsing mission json!");
+				}
+			} else {
+				missionPackage = requestBody;
+			}
+
+			BigInteger bitVectorUser = remoteUtil.bitVectorStringToInt(groupVectorUser);
+
+			Set<Group> groups = groupManager.findGroups(Arrays.asList(groupNames));
+
+            String groupVectorMission = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
+            BigInteger bitVectorMission = remoteUtil.bitVectorStringToInt(groupVectorMission);
+
+            // ensure that the user has access to all groups the mission is being added to
     		if (bitVectorUser.and(bitVectorMission).compareTo(bitVectorMission) != 0) {
 				// if the user is trying to add a mission to anon, apply the user's groups instead of failing
     			if (groupNames.length == 1 && groupNames[0].equals("__ANON__")) {
@@ -720,250 +700,262 @@ private ApiResponse<Set<Mission>> doCreateMissionAllowDupe(String nameParam,
 				}
     		}
 
-    		// validate this differently since it's a path variable
-    		validator.getValidInput(context, nameParam, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
+			if (bitVectorUser.compareTo(BigInteger.ZERO) == 0) {
+				throw new ForbiddenException("Missing groups for user!");
+			}
 
-    		validateParameters(new Object() {}.getClass().getEnclosingMethod());
+			if (bitVectorMission.compareTo(BigInteger.ZERO) == 0) {
+				throw new ForbiddenException("Missing groups for mission!");
+			}
 
-    		MissionRole defaultRole = null;
-    		if (role != null) {
-    			defaultRole = missionRoleRepository.findFirstByRole(role);
-    		}
+			// ensure that the user has access to all groups the mission is being added to
+			if (bitVectorUser.and(bitVectorMission).compareTo(bitVectorMission) != 0) {
+				throw new ForbiddenException("Illegal attempt to set groupVector for Mission!");
+			}
 
-    		String name = missionService.trimName(nameParam);
-
-    		Mission mission;
-    		try {
-    			
-    			try {
-    				// uses MissionCacheHelper to get the mission
-    				// then calls validate mission
-    				// throws NotFoundException or MissionDeletedException if the mission doesn't exist
-    				mission = missionService.getMission(name, groupVectorUser);
-    			} catch (Exception e) {
-    				if (logger.isDebugEnabled()) {
-    					logger.debug("exception getting mission", e); // make sure this gets logged, then rethrow
-    				}
-    				throw e;
-    			}
-
-    			if (mission == null) {
-    				if (logger.isDebugEnabled()) {
-    					logger.debug("mission {} not found in database or cache.", name);
-    				}
-    			}
-    			
-    			if (allowDupe) {
-
-    				logger.info("creating duplicate mission {} ", name);
-
-    				mission = doInternalCreateMission(
-    						expiration,
-    						password,
-    						name,
-    						inviteOnly,
-    						creatorUid,
-    						groupVectorMission,
-    						description,
-    						chatRoom,
-    						baseLayer,
-    						missionPackage,
-    						bbox,
-    						path,
-    						classification,
-    						username,
-    						groupVectorUser,
-    						reqMission,
-    						tool,
-    						defaultRole,
-    						boundingPolygon);
-    			} else {
-    				logger.info("updating mission {} ", name);
-    				
-    				// make sure the user has write permissions
-    				if (!missionService.validatePermission(MissionPermission.Permission.MISSION_WRITE, request)) {
-    					throw new ForbiddenException("Illegal attempt to update mission!");
-    				}
-
-    				boolean updatedMissionRequestBody = false;
-    				if (reqMission != null) {
-    					updatedMissionRequestBody = createOrUpdateMissionRequestBody(mission, reqMission, creatorUid, true);
-    				}
-
-    				boolean updated = false;
-
-    				if (!StringUtils.equals(description, mission.getDescription())) {
-    					mission.setDescription(description);
-    					updated = true;
-    				}
-
-    				if (!StringUtils.equals(chatRoom, mission.getChatRoom())) {
-    					mission.setChatRoom(chatRoom);
-    					updated = true;
-    				}
-
-    				if (!StringUtils.equals(baseLayer, mission.getBaseLayer())) {
-    					mission.setBaseLayer(baseLayer);
-    					updated = true;
-    				}
-
-    				if (!StringUtils.equals(bbox, mission.getBbox())) {
-    					mission.setBbox(bbox);
-    					updated = true;
-    				}
-
-    				if (!StringUtils.equals(boundingPolygon, mission.getBoundingPolygon())) {
-    					mission.setBoundingPolygon(boundingPolygon);
-    					updated = true;
-    				}
-
-    				if (!StringUtils.equals(path, mission.getPath())) {
-    					mission.setPath(path);
-    					updated = true;
-    				}
-
-    				if (!StringUtils.equals(classification, mission.getClassification())) {
-    					mission.setClassification(classification);
-    					updated = true;
-    				}
-
-    				if (!(expiration == null ?
-    						mission.getExpiration() == null || mission.getExpiration() == -1L :
-    							mission.getExpiration() != null && expiration.equals(mission.getExpiration()))) {
-    					mission.setExpiration(expiration);
-    					updated = true;
-    				}
-
-    				if (updated) {
-    					if (expiration != null) {
-    						missionRepository.update(name, groupVectorUser, description, chatRoom, baseLayer, bbox, path, classification, expiration, boundingPolygon);
-    					} else {
-    						missionRepository.update(name, groupVectorUser, description, chatRoom, baseLayer, bbox, path, classification, -1L, boundingPolygon);
-    					}
-    				}
-
-    				if (password != null && password.length() > 0) {
-    					if (!missionService.validatePermission(MissionPermission.Permission.MISSION_SET_PASSWORD, request)) {
-    						throw new ForbiddenException("Illegal attempt to update mission password!");
-    					}
-
-    					String newPasswordHash = BCrypt.hashpw(password, BCrypt.gensalt());
-
-    					if (!StringUtils.equals(newPasswordHash, mission.getPasswordHash())) {
-    						missionRepository.setPasswordHash(name, newPasswordHash, groupVectorMission);
-    						mission.setPasswordHash(newPasswordHash);
-    						updated = true;
-    					}
-    				}
-
-    				if (defaultRole != null) {
-    					if (mission.getDefaultRole() == null || mission.getDefaultRole().compareTo(defaultRole) != 0) {
-    						MissionRole tokenRole = adminRole != null ? adminRole :
-    							missionService.getRoleFromToken(mission, new MissionTokenUtils.TokenType[]{
-    									MissionTokenUtils.TokenType.SUBSCRIPTION
-    							}, request);
-    						if (tokenRole == null) {
-    							throw new ForbiddenException("Could not extract role from token to set mission default role!");
-    						}
-
-    						// ensure that the token roles grants the MISSION_SET_ROLE permission
-    						if (!tokenRole.hasPermission(MissionPermission.Permission.MISSION_SET_ROLE)) {
-    							throw new ForbiddenException(
-    									"Illegal attempt to update default mission role with insufficient permissions!");
-    						}
-
-    						// ensure that the token role contains all permissions that are being set as defaults
-    						if (!tokenRole.hasAllPermissions(defaultRole)) {
-    							throw new ForbiddenException(
-    									"Illegal attempt to update default mission role beyond current permissions!");
-    						}
-
-    						mission.setDefaultRole(defaultRole);
-    						missionRepository.setDefaultRoleId(name, defaultRole.getId(), groupVectorMission);
-    						updated = true;
-    					}
-    				}
-
-    				// does the current user have permission to update groups?
-    				if (missionService.validatePermission(MissionPermission.Permission.MISSION_UPDATE_GROUPS, request)) {
-    					// did the groups change?
-    					if (mission.getGroupVector().compareTo(groupVectorMission) != 0) {
-    						missionRepository.updateGroups(name, groupVectorUser, groupVectorMission);
-    						updated = true;
-    					}
-    				}
-
-    				if (updated || updatedMissionRequestBody) {
-    					missionService.invalidateMissionCache(name);
-    					try {
-    						subscriptionManager.broadcastMissionAnnouncement(name, groupVectorMission, creatorUid,
-    								SubscriptionManagerLite.ChangeType.METADATA, mission.getTool());
-    					} catch (Exception e) {
-    						logger.debug("exception announcing mission change " + e.getMessage(), e);
-    					}
-    				}
-
-    				response.setStatus(HttpServletResponse.SC_OK);
-    			}
-
-    		} catch (MissionDeletedException | NotFoundException e) { // thrown by validate mission if deleted or not found. This is the create case.
-
-    			mission = doInternalCreateMission(
-    					expiration,
-    					password,
-    					name,
-    					inviteOnly,
-    					creatorUid,
-    					groupVectorMission,
-    					description,
-    					chatRoom,
-    					baseLayer,
-    					missionPackage,
-    					bbox,
-    					path,
-    					classification,
-    					username,
-    					groupVectorUser,
-    					reqMission,
-    					tool,
-    					defaultRole,
-    					boundingPolygon);
-    		}
+			// validate this differently since it's a path variable
+			validator.getValidInput(context, nameParam, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
+
+			validateParameters(new Object() {}.getClass().getEnclosingMethod());
+
+			MissionRole defaultRole = null;
+			if (role != null) {
+				defaultRole = missionRoleRepository.findFirstByRole(role);
+			}
+
+			String name = missionService.trimName(nameParam);
+
+			Mission mission;
+			try {
+
+				try {
+					// uses MissionCacheHelper to get the mission
+					// then calls validate mission
+					// throws NotFoundException or MissionDeletedException if the mission doesn't exist
+					mission = missionService.getMission(name, groupVectorUser);
+				} catch (Exception e) {
+					if (logger.isDebugEnabled()) {
+						logger.debug("exception getting mission", e); // make sure this gets logged, then rethrow
+					}
+					throw e;
+				}
+
+				if (mission == null) {
+					if (logger.isDebugEnabled()) {
+						logger.debug("mission {} not found in database or cache.", name);
+					}
+				}
+
+				if (allowDupe) {
+
+					logger.info("creating duplicate mission {} ", name);
+
+					mission = doInternalCreateMission(
+							expiration,
+							password,
+							name,
+							inviteOnly,
+							creatorUid,
+							groupVectorMission,
+							description,
+							chatRoom,
+							baseLayer,
+							missionPackage,
+							bbox,
+							path,
+							classification,
+							username,
+							groupVectorUser,
+							reqMission,
+							tool,
+							defaultRole,
+							boundingPolygon);
+				} else {
+					logger.info("updating mission {} ", name);
+
+					// make sure the user has write permissions
+					if (!missionService.validatePermission(MissionPermission.Permission.MISSION_WRITE, request)) {
+						throw new ForbiddenException("Illegal attempt to update mission!");
+					}
+
+					boolean updatedMissionRequestBody = false;
+					if (reqMission != null) {
+						updatedMissionRequestBody = createOrUpdateMissionRequestBody(mission, reqMission, creatorUid, true);
+					}
+
+					boolean updated = false;
+
+					if (!StringUtils.equals(description, mission.getDescription())) {
+						mission.setDescription(description);
+						updated = true;
+					}
+
+					if (!StringUtils.equals(chatRoom, mission.getChatRoom())) {
+						mission.setChatRoom(chatRoom);
+						updated = true;
+					}
+
+					if (!StringUtils.equals(baseLayer, mission.getBaseLayer())) {
+						mission.setBaseLayer(baseLayer);
+						updated = true;
+					}
+
+					if (!StringUtils.equals(bbox, mission.getBbox())) {
+						mission.setBbox(bbox);
+						updated = true;
+					}
+
+					if (!StringUtils.equals(boundingPolygon, mission.getBoundingPolygon())) {
+						mission.setBoundingPolygon(boundingPolygon);
+						updated = true;
+					}
+
+					if (!StringUtils.equals(path, mission.getPath())) {
+						mission.setPath(path);
+						updated = true;
+					}
+
+					if (!StringUtils.equals(classification, mission.getClassification())) {
+						mission.setClassification(classification);
+						updated = true;
+					}
+
+					if (!(expiration == null ?
+							mission.getExpiration() == null || mission.getExpiration() == -1L :
+							mission.getExpiration() != null && expiration.equals(mission.getExpiration()))) {
+						mission.setExpiration(expiration);
+						updated = true;
+					}
+
+					if (updated) {
+						if (expiration != null) {
+							missionRepository.update(name, groupVectorUser, description, chatRoom, baseLayer, bbox, path, classification, expiration, boundingPolygon);
+						} else {
+							missionRepository.update(name, groupVectorUser, description, chatRoom, baseLayer, bbox, path, classification, -1L, boundingPolygon);
+						}
+					}
+
+					if (password != null && password.length() > 0) {
+						if (!missionService.validatePermission(MissionPermission.Permission.MISSION_SET_PASSWORD, request)) {
+							throw new ForbiddenException("Illegal attempt to update mission password!");
+						}
+
+						String newPasswordHash = BCrypt.hashpw(password, BCrypt.gensalt());
+
+						if (!StringUtils.equals(newPasswordHash, mission.getPasswordHash())) {
+							missionRepository.setPasswordHash(name, newPasswordHash, groupVectorMission);
+							mission.setPasswordHash(newPasswordHash);
+							updated = true;
+						}
+					}
+
+					if (defaultRole != null) {
+						if (mission.getDefaultRole() == null || mission.getDefaultRole().compareTo(defaultRole) != 0) {
+							MissionRole tokenRole = adminRole != null ? adminRole :
+									missionService.getRoleFromToken(mission, new MissionTokenUtils.TokenType[]{
+											MissionTokenUtils.TokenType.SUBSCRIPTION
+									}, request);
+							if (tokenRole == null) {
+								throw new ForbiddenException("Could not extract role from token to set mission default role!");
+							}
+
+							// ensure that the token roles grants the MISSION_SET_ROLE permission
+							if (!tokenRole.hasPermission(MissionPermission.Permission.MISSION_SET_ROLE)) {
+								throw new ForbiddenException(
+										"Illegal attempt to update default mission role with insufficient permissions!");
+							}
+
+							// ensure that the token role contains all permissions that are being set as defaults
+							if (!tokenRole.hasAllPermissions(defaultRole)) {
+								throw new ForbiddenException(
+										"Illegal attempt to update default mission role beyond current permissions!");
+							}
+
+							mission.setDefaultRole(defaultRole);
+							missionRepository.setDefaultRoleId(name, defaultRole.getId(), groupVectorMission);
+							updated = true;
+						}
+					}
+
+					// does the current user have permission to update groups?
+					if (missionService.validatePermission(MissionPermission.Permission.MISSION_UPDATE_GROUPS, request)) {
+						// did the groups change?
+						if (mission.getGroupVector().compareTo(groupVectorMission) != 0) {
+							missionRepository.updateGroups(name, groupVectorUser, groupVectorMission);
+							updated = true;
+						}
+					}
+
+					if (updated || updatedMissionRequestBody) {
+						missionService.invalidateMissionCache(name);
+						try {
+							subscriptionManager.broadcastMissionAnnouncement(name, groupVectorMission, creatorUid,
+									SubscriptionManagerLite.ChangeType.METADATA, mission.getTool());
+						} catch (Exception e) {
+							logger.debug("exception announcing mission change " + e.getMessage(), e);
+						}
+					}
+
+					response.setStatus(HttpServletResponse.SC_OK);
+				}
+
+			} catch (MissionDeletedException | NotFoundException e) { // thrown by validate mission if deleted or not found. This is the create case.
+
+				mission = doInternalCreateMission(
+						expiration,
+						password,
+						name,
+						inviteOnly,
+						creatorUid,
+						groupVectorMission,
+						description,
+						chatRoom,
+						baseLayer,
+						missionPackage,
+						bbox,
+						path,
+						classification,
+						username,
+						groupVectorUser,
+						reqMission,
+						tool,
+						defaultRole,
+						boundingPolygon);
+			}
+
+			return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(mission));
+
+		} catch (Exception e) {
+			logger.error("exception in createMission", e);
+			throw e;
+		}
+	}
 
-    		MissionUtils.findAndSetTransientValuesForMission(mission);
-    		return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(mission));
-
-    	} catch (Exception e) {
-    		logger.error("exception in createMission", e);
-    		throw e;
-    	}
-    }
-    
-    private Mission doInternalCreateMission(
-    		Long expiration,
-    		String password,
-    		String name,
-    		Boolean inviteOnly,
-    		String creatorUid,
-    		String groupVectorMission,
-    		String description,
-    		String chatRoom,
-    		String baseLayer,
-    		byte[] missionPackage,
-    		String bbox,
-    		String path,
-    		String classification,
-    		final String username,
-    		final String groupVectorUser,
-    		Mission reqMission,
-    		String tool,
-    		MissionRole defaultRole,
-    		String boundingPolygon) throws RemoteException {
-    	
-    	// result
-    	Mission mission = null;
-    	
-    	logger.info("Create mission {} (does not exist)", name);
+	private Mission doInternalCreateMission(
+			Long expiration,
+			String password,
+			String name,
+			Boolean inviteOnly,
+			String creatorUid,
+			String groupVectorMission,
+			String description,
+			String chatRoom,
+			String baseLayer,
+			byte[] missionPackage,
+			String bbox,
+			String path,
+			String classification,
+			final String username,
+			final String groupVectorUser,
+			Mission reqMission,
+			String tool,
+			MissionRole defaultRole,
+			String boundingPolygon) throws RemoteException {
+
+		// result
+		Mission mission = null;
+
+		logger.info("Create mission {} (does not exist)", name);
 
 		String passwordHash = null;
 		if (!Strings.isNullOrEmpty(password)) {
@@ -1000,15 +992,15 @@ private Mission doInternalCreateMission(
 
 		response.setStatus(mission.getId() != 0 ? HttpServletResponse.SC_CREATED
 				: HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-		
+
 		return mission;
-    }
+	}
 
 	private boolean createOrUpdateMissionRequestBody(Mission mission, Mission reqMission, String creatorUid, boolean validatePermissions) {
 
 		// process MapLayer adds and deletes
 
-    	Set<MapLayer> mapLayerAdds = new HashSet<>(Sets.difference(reqMission.getMapLayers(), mission.getMapLayers()));
+		Set<MapLayer> mapLayerAdds = new HashSet<>(Sets.difference(reqMission.getMapLayers(), mission.getMapLayers()));
 		Set<MapLayer> mapLayerDeletes = new HashSet<>(Sets.difference(mission.getMapLayers(), reqMission.getMapLayers()));
 
 		for (MapLayer mapLayer : mapLayerAdds) {
@@ -1058,13 +1050,13 @@ private boolean createOrUpdateMissionRequestBody(Mission mission, Mission reqMis
 			mission.getFeeds().remove(missionFeed);
 		}
 
-		 return !mapLayerAdds.isEmpty() || !mapLayerDeletes.isEmpty() ||
+		return !mapLayerAdds.isEmpty() || !mapLayerDeletes.isEmpty() ||
 				!missionFeedAdds.isEmpty() || !missionFeedDeletes.isEmpty();
-    }
+	}
 
 	private void copyMissionContainers(Mission origMission, Mission missionCopy, String creatorUid, String groupVector) {
 
-    	try {
+		try {
 
 			String missionCopyName = missionCopy.getName();
 
@@ -1131,8 +1123,8 @@ private void copyMissionContainers(Mission origMission, Mission missionCopy, Str
 			}
 
 		} catch (Exception e) {
-    		logger.error("exception in copyMissionContainers", e);
-    		throw e;
+			logger.error("exception in copyMissionContainers", e);
+			throw e;
 		}
 	}
 
@@ -1224,49 +1216,46 @@ Callable<ApiResponse<Set<Mission>>> copyMission(
 
 			response.setStatus((missionCopy != null && missionCopy.getId() != 0 )? HttpServletResponse.SC_CREATED
 					: HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-			
-    		MissionUtils.findAndSetTransientValuesForMission(missionCopy);
+
 			return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(missionCopy));
 		};
 	}
 
 	/*
-     * Delete a mission by name. Respond with the deleted mission JSON.
-     *
-     */
+	 * Delete a mission by name. Respond with the deleted mission JSON.
+	 *
+	 */
 	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
 	@RequestMapping(value = "/missions/{name:.+}", method = RequestMethod.DELETE)
-	@Transactional(noRollbackFor = Exception.class)
+//	@Transactional(noRollbackFor = Exception.class)
 	ApiResponse<Set<Mission>> deleteMission(
 			@PathVariable("name") @NotNull String name,
-            @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+			@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
 			@RequestParam(value = "deepDelete", defaultValue = "false") boolean deepDelete,
-            HttpServletRequest request
-    ) throws ValidationException, IntrusionException {
-
-        if (Strings.isNullOrEmpty(name)) {
-            throw new IllegalArgumentException("empty 'name' path parameter");
-        }
+			HttpServletRequest request
+	) throws ValidationException, IntrusionException {
 
-        logger.debug("delete mission " + name + " " + creatorUid);
+		if (Strings.isNullOrEmpty(name)) {
+			throw new IllegalArgumentException("empty 'name' path parameter");
+		}
 
-        // validate this differently since it's a path variable
-        validator.getValidInput(context, name, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
+		logger.debug("delete mission {} {} {}", name, creatorUid);
 
-        validateParameters(new Object() {}.getClass().getEnclosingMethod());
+		// validate this differently since it's a path variable
+		validator.getValidInput(context, name, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
 
-        String groupVector = martiUtil.getGroupVectorBitString(request);
+		validateParameters(new Object() {}.getClass().getEnclosingMethod());
 
-        logger.trace("group vector " + groupVector);
+		String groupVector = martiUtil.getGroupVectorBitString(request);
 
 		Mission mission = missionService.getMissionByNameCheckGroups(name, groupVector);
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("mission to delete: " + mission);
-		}
-
-		missionService.validateMission(mission, name);
+		logger.debug("mission to delete {}", mission);
 		
+		missionService.validateMission(mission, name);
+
+		CoreConfig config = CoreConfigFacade.getInstance();
+
 		// If VBM is enabled, only let the mission owner or admin delete a COP mission
 		if (config.getRemoteConfiguration().getVbm() != null &&
 				config.getRemoteConfiguration().getVbm().isEnabled() &&
@@ -1291,341 +1280,322 @@ ApiResponse<Set<Mission>> deleteMission(
 				throw new ForbiddenException(msg);
 			}
 		}
-       
-        if (deepDelete) {
-            MissionRole role = missionService.getRoleForRequest(mission, request);
-            if (role == null) {
-                throw new IllegalArgumentException("no role for request!");
-            }
-            if (!role.hasPermission(MissionPermission.Permission.MISSION_DELETE)) {
-                String msg = "Attempt to deepDelete mission: " + name + ", by unauthorized user: " + creatorUid;
-                logger.error(msg);
-                throw new ForbiddenException(msg);
-            }
-        }
+
+		if (deepDelete) {
+			MissionRole role = missionService.getRoleForRequest(mission, request);
+			if (role == null) {
+				throw new IllegalArgumentException("no role for request!");
+			}
+			if (!role.hasPermission(MissionPermission.Permission.MISSION_DELETE)) {
+				String msg = "Attempt to deepDelete mission: " + name + ", by unauthorized user: " + creatorUid;
+				logger.error(msg);
+				throw new ForbiddenException(msg);
+			}
+		}
 
 		logger.debug("archiving mission");
 
-        byte[] archive = missionService.archiveMission(mission.getName(), groupVector, request.getServerName());
-        missionService.addMissionArchiveToEsync(mission.getName(), archive, groupVector, true);
+		byte[] archive = missionService.archiveMission(mission.getName(), groupVector, request.getServerName());
+		missionService.addMissionArchiveToEsync(mission.getName(), archive, mission.getGroupVector(), true);
 
 		logger.debug("added archived mission to esync " + mission.getName());
 
-        mission = missionService.deleteMission(name, creatorUid, groupVector, deepDelete);
-
-		MissionUtils.findAndSetTransientValuesForMission(mission);
+		mission = missionService.deleteMission(name, creatorUid, groupVector, deepDelete);
 
-        logger.debug("mission deleted");
+		logger.debug("mission deleted");
 
-        Set<Mission> result = new HashSet<>();
+		Set<Mission> result = new HashSet<>();
 
-        result.add(mission);
+		result.add(mission);
 
-        return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), result);
-    }
+		return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), result);
+	}
 
-    /*
-     * Packages up and returns the requested mission as a mission package
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{name:.+}/archive", method = RequestMethod.GET)
-    byte[] getMissionArchive(@PathVariable("name") @NotNull String name, HttpServletRequest request) throws ValidationException, IntrusionException {
+	/*
+	 * Packages up and returns the requested mission as a mission package
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{name:.+}/archive", method = RequestMethod.GET)
+	byte[] getMissionArchive(@PathVariable("name") @NotNull String name, HttpServletRequest request) throws ValidationException, IntrusionException {
 
-        if (Strings.isNullOrEmpty(name)) {
-            throw new IllegalArgumentException("empty 'name' path parameter");
-        }
+		if (Strings.isNullOrEmpty(name)) {
+			throw new IllegalArgumentException("empty 'name' path parameter");
+		}
 
-        // validate this differently since it's a path variable
-        validator.getValidInput(context, name, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
+		// validate this differently since it's a path variable
+		validator.getValidInput(context, name, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
 
-        validateParameters(new Object() {}.getClass().getEnclosingMethod());
+		validateParameters(new Object() {}.getClass().getEnclosingMethod());
 
-        String groupVector = martiUtil.getGroupVectorBitString(request);
+		String groupVector = martiUtil.getGroupVectorBitString(request);
 		Mission mission = missionService.getMissionByNameCheckGroups(name, groupVector);
 		missionService.validateMission(mission, name);
 
-        byte[] archive = missionService.archiveMission(name, groupVector, request.getServerName());
+		byte[] archive = missionService.archiveMission(name, groupVector, request.getServerName());
 
-        response.addHeader(
-                "Content-Disposition",
-                "attachment; filename=" + name + ".zip");
+		response.addHeader(
+				"Content-Disposition",
+				"attachment; filename=" + name + ".zip");
 
-        return archive;
-    }
+		return archive;
+	}
 
-    /*
-     * Send a mission package to a list of contacts
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{name:.+}/send", method = RequestMethod.POST)
-    ApiResponse<Set<Mission>> sendMissionArchive(@PathVariable("name") @NotNull String missionName, HttpServletRequest request) throws ValidationException, IntrusionException {
+	/*
+	 * Send a mission package to a list of contacts
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{name:.+}/send", method = RequestMethod.POST)
+	ApiResponse<Set<Mission>> sendMissionArchive(@PathVariable("name") @NotNull String missionName, HttpServletRequest request) throws ValidationException, IntrusionException {
 
-        if (Strings.isNullOrEmpty(missionName)) {
-            throw new IllegalArgumentException("empty mission name");
-        }
+		if (Strings.isNullOrEmpty(missionName)) {
+			throw new IllegalArgumentException("empty mission name");
+		}
 
-        missionName = missionService.trimName(missionName);
+		missionName = missionService.trimName(missionName);
 
 		Mission mission = missionService.getMissionByNameCheckGroups(missionName, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, missionName);
 
-        String[] contactUids = request.getParameterValues("contacts");
+		String[] contactUids = request.getParameterValues("contacts");
 
-        if (contactUids == null || contactUids.length == 0) {
-            throw new IllegalArgumentException("empty contacts array");
-        }
-
-        // validate the uids before sending on to the subscriptionManager
-        for (String uid : contactUids) {
-            validator.getValidInput(context, uid, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
-        }
-        validateParameters(new Object() {}.getClass().getEnclosingMethod());
+		if (contactUids == null || contactUids.length == 0) {
+			throw new IllegalArgumentException("empty contacts array");
+		}
 
-        String groupVector = martiUtil.getGroupVectorBitString(request);
+		// validate the uids before sending on to the subscriptionManager
+		for (String uid : contactUids) {
+			validator.getValidInput(context, uid, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
+		}
+		validateParameters(new Object() {}.getClass().getEnclosingMethod());
 
-        byte[] archive = missionService.archiveMission(missionName, groupVector, request.getServerName());
+		String groupVector = martiUtil.getGroupVectorBitString(request);
 
-        String shaHash = missionService.addMissionArchiveToEsync(missionName, archive, groupVector, false);
+		byte[] archive = missionService.archiveMission(missionName, groupVector, request.getServerName());
 
-        String requestUrl = request.getRequestURL().toString();
-        String url = requestUrl.substring(0, requestUrl.indexOf(request.getServletPath()))
-                + "/Marti/sync/content?hash=" + shaHash; // yes: uid will be set to the shaHash in the CoT message (see below)
+		String shaHash = missionService.addMissionArchiveToEsync(missionName, archive, groupVector, false);
 
-        // Generate the CoT message
-        String cotMessage = CommonUtil.getFileTransferCotMessage(
-                /*String uid*/ shaHash, // yes: set the UID to be the hash, this makes it consistent with ATAK-generated mission packages
-                /*String shaHash*/ shaHash,
-                /*String callsign*/  SecurityContextHolder.getContext().getAuthentication().getName(),
-                /*String filename*/ missionName + ".zip",
-                /*String url*/ url,
-                /*long sizeInBytes*/ archive.length,
-                /*String[] contacts*/ contactUids);
+		String requestUrl = request.getRequestURL().toString();
+		String url = requestUrl.substring(0, requestUrl.indexOf(request.getServletPath()))
+				+ "/Marti/sync/content?hash=" + shaHash; // yes: uid will be set to the shaHash in the CoT message (see below)
 
-        try {
-            submission.submitCot(cotMessage, martiUtil.getGroupsFromRequest(request));
-        } catch (Exception e) {
-            throw new TakException(e);
-        }
+		// Generate the CoT message
+		String cotMessage = CommonUtil.getFileTransferCotMessage(
+				/*String uid*/ shaHash, // yes: set the UID to be the hash, this makes it consistent with ATAK-generated mission packages
+				/*String shaHash*/ shaHash,
+				/*String callsign*/  SecurityContextHolder.getContext().getAuthentication().getName(),
+				/*String filename*/ missionName + ".zip",
+				/*String url*/ url,
+				/*long sizeInBytes*/ archive.length,
+				/*String[] contacts*/ contactUids);
 
-		MissionUtils.findAndSetTransientValuesForMission(mission);
+		try {
+			submission.submitCot(cotMessage, martiUtil.getGroupsFromRequest(request));
+		} catch (Exception e) {
+			throw new TakException(e);
+		}
 
-        Set<Mission> result = new HashSet<>();
-        result.add(mission);
-        return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), result);
-    }
+		Set<Mission> result = new HashSet<>();
+		result.add(mission);
+		return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), result);
+	}
 
-    /*
-     * add single or multiple mission content, by hash or UID
-     *
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name:.+}/contents", method = RequestMethod.PUT)
-    public Callable<ApiResponse<Set<Mission>>> addMissionContent(@PathVariable("name") String name,
-    		@RequestBody MissionContent content,
-    		@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid)
-    				throws ValidationException, IntrusionException {
+	/*
+	 * add single or multiple mission content, by hash or UID
+	 *
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name:.+}/contents", method = RequestMethod.PUT)
+	public Callable<ApiResponse<Set<Mission>>> addMissionContent(@PathVariable("name") String name,
+																 @RequestBody MissionContent content,
+																 @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid)
+			throws ValidationException, IntrusionException {
 
-    	final String sessionId = requestHolderBean.sessionId();
+		final String sessionId = requestHolderBean.sessionId();
 
 		final String groupVector = martiUtil.getGroupVectorBitString(sessionId);
 
-    	return () -> {
+		return () -> {
 
-    		// validate this differently since it's a path variable
-    		validator.getValidInput(context, name, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
+			// validate this differently since it's a path variable
+			validator.getValidInput(context, name, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
 
-    		validateParameters(new Object() {}.getClass().getEnclosingMethod());
+			validateParameters(new Object() {}.getClass().getEnclosingMethod());
 
-    		if (content.getHashes().isEmpty() && content.getUids().isEmpty() &&
+			if (content.getHashes().isEmpty() && content.getUids().isEmpty() &&
 					(content.getPaths() == null || content.getPaths().isEmpty())) {
-    			throw new IllegalArgumentException("at least one hash or uid must be provided in request");
-    		}
+				throw new IllegalArgumentException("at least one hash or uid must be provided in request");
+			}
 
-    		Mission mission = missionService.addMissionContent(name, content, creatorUid, groupVector);
-    		
-    		MissionUtils.findAndSetTransientValuesForMission(mission);
+			Mission mission = missionService.addMissionContent(name, content, creatorUid, groupVector);
 
-    		Set<Mission> result = new HashSet<>();
-    		result.add(mission);
+			Set<Mission> result = new HashSet<>();
+			result.add(mission);
 
-    		return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), result);
-    	};
+			return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), result);
+		};
 
-    }
+	}
 
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name:.+}/contents/missionpackage", method = RequestMethod.PUT)
-    public ApiResponse<List<MissionChange>> addMissionPackage(@PathVariable("name") String name,
-                                                              @RequestBody byte[] missionPackage,
-                                                              @RequestParam(value = "creatorUid") @ValidatedBy("MartiSafeString") String creatorUid,
-                                                              HttpServletRequest request)
-            throws ValidationException, IntrusionException, RemoteException {
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name:.+}/contents/missionpackage", method = RequestMethod.PUT)
+	public ApiResponse<List<MissionChange>> addMissionPackage(@PathVariable("name") String name,
+															  @RequestBody byte[] missionPackage,
+															  @RequestParam(value = "creatorUid") @ValidatedBy("MartiSafeString") String creatorUid,
+															  HttpServletRequest request)
+			throws ValidationException, IntrusionException, RemoteException {
 
-        // validate this differently since it's a path variable
-        validator.getValidInput(context, name, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
+		// validate this differently since it's a path variable
+		validator.getValidInput(context, name, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
 
-        validateParameters(new Object() {}.getClass().getEnclosingMethod());
+		validateParameters(new Object() {}.getClass().getEnclosingMethod());
 
 		Mission mission = missionService.getMissionByNameCheckGroups(name, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, name);
 
-        List<MissionChange> conflicts = new ArrayList<>();
-
-        boolean success = missionService.addMissionPackage(
-                name, missionPackage, creatorUid, martiUtil.getGroupsFromRequest(request), conflicts);
-
-        if (!success) {
-            if (conflicts.size() > 0) {
-                response.setStatus(HttpServletResponse.SC_CONFLICT);
-            } else {
-                response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-            }
-        }
-        
-        for (MissionChange missionChange: conflicts) {
-			MissionChangeUtils.findAndSetMissionFeed(missionChange);
-			MissionChangeUtils.findAndSetMapLayer(missionChange);
-			MissionChangeUtils.findAndSetUidDetails(missionChange);
-        }
-
-        return new ApiResponse<List<MissionChange>>(Constants.API_VERSION, MissionChange.class.getSimpleName(), conflicts);
-    }
-
-    /*
-     * remove mission content by hash or uid
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name:.+}/contents", method = RequestMethod.DELETE)
-    ApiResponse<Set<Mission>> removeMissionContent(@PathVariable("name") String name,
-                                                   @RequestParam(value = "hash", required = false) @ValidatedBy("MartiSafeString") String hash,
-                                                   @RequestParam(value = "uid", required = false) @ValidatedBy("MartiSafeString") String uid,
-                                                   @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
-                                                   HttpServletRequest request) throws ValidationException, IntrusionException {
-
-        // validate this differently since it's a path variable
-        validator.getValidInput(context, name, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
-
-        validateParameters(new Object() {}.getClass().getEnclosingMethod());
-
-        // remove the content and track change
-        Mission mission = missionService.deleteMissionContent(name, hash, uid, creatorUid, martiUtil.getGroupVectorBitString(request));
-
-		MissionUtils.findAndSetTransientValuesForMission(mission);
-
-        // return mission object without resource and uid list (since the query could be expensive)
-        return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(mission));
-    }
-
-    /*
-     * get the content change set for a missions given a time period
-     *
-     * parameters are seconds ago or {start, end} timespan
-     *
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{name:.+}/changes", method = RequestMethod.GET)
-    ApiResponse<Set<MissionChange>> getMissionChanges(
-            @PathVariable("name") @NotNull String name,
-            @RequestParam(value = "secago", required = false) Long secago,
-            @RequestParam(value = "start", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
-            @RequestParam(value = "end", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end,
-            @RequestParam(value = "squashed", required = false, defaultValue = "true") boolean squashed,
-            HttpServletRequest request) {
-
-    	try {
-    		
-		Mission mission = missionService.getMissionByNameCheckGroups(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
-		missionService.validateMission(mission, missionService.trimName(name));
-		
-		if (logger.isDebugEnabled()) {
-			logger.debug("getting mission changes for mission " + name);
-		}
-
-        Set<MissionChange> changes = missionService.getMissionChanges(name, martiUtil.getGroupVectorBitString(request),
-                secago, start, end, squashed);
-        
-        if (logger.isDebugEnabled()) {
-        	logger.debug("got mission changes: " + changes);
-        }
-        
-        for (MissionChange missionChange: changes) {
-			MissionChangeUtils.findAndSetTransientValuesForMissionChange(missionChange);
-        }
-
-        return new ApiResponse<Set<MissionChange>>(Constants.API_VERSION, MissionChange.class.getSimpleName(),
-                new ConcurrentSkipListSet<>(changes));
-		} catch (Exception e) {
-    		logger.error("exception in getMissionChanges", e);
-    		return null;
-		}
-    }
-
+		List<MissionChange> conflicts = new ArrayList<>();
 
-    /*
-     * mission keywords
-     *
-     */
+		boolean success = missionService.addMissionPackage(
+				name, missionPackage, creatorUid, martiUtil.getGroupsFromRequest(request), conflicts);
 
-    /*
-     * remove all keywords for a mission
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name:.+}/keywords", method = RequestMethod.DELETE)
-    ApiResponse<Set<Mission>> clearKeywords(
-            @PathVariable("name") @NotNull String name,
-            @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request) {
-
-        if (Strings.isNullOrEmpty(name)) {
-            throw new IllegalArgumentException("empty 'name' path parameter");
-        }
+		if (!success) {
+			if (conflicts.size() > 0) {
+				response.setStatus(HttpServletResponse.SC_CONFLICT);
+			} else {
+				response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+			}
+		}
 
-        Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
+		return new ApiResponse<List<MissionChange>>(Constants.API_VERSION, MissionChange.class.getSimpleName(), conflicts);
+	}
 
-        // remove all keywords
-        mission.getKeywords().clear();
+	/*
+	 * remove mission content by hash or uid
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name:.+}/contents", method = RequestMethod.DELETE)
+	ApiResponse<Set<Mission>> removeMissionContent(@PathVariable("name") String name,
+												   @RequestParam(value = "hash", required = false) @ValidatedBy("MartiSafeString") String hash,
+												   @RequestParam(value = "uid", required = false) @ValidatedBy("MartiSafeString") String uid,
+												   @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+												   HttpServletRequest request) throws ValidationException, IntrusionException {
 
-        missionRepository.removeAllKeywordsForMission(mission.getId());
+		// validate this differently since it's a path variable
+		validator.getValidInput(context, name, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
 
-        missionService.invalidateMissionCache(name);
+		validateParameters(new Object() {}.getClass().getEnclosingMethod());
 
-        try {
-            subscriptionManager.broadcastMissionAnnouncement(name, mission.getGroupVector(), creatorUid,
-                    SubscriptionManagerLite.ChangeType.KEYWORD, mission.getTool());
-        } catch (Exception e) {
-            logger.debug("exception announcing mission change " + e.getMessage(), e);
-        }
+		// remove the content and track change
+		Mission mission = missionService.deleteMissionContent(name, hash, uid, creatorUid, martiUtil.getGroupVectorBitString(request));
 
-		MissionUtils.findAndSetTransientValuesForMission(mission);
+		// return mission object without resource and uid list (since the query could be expensive)
+		return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(mission));
+	}
 
-        return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(mission));
-    }
+	/*
+	 * get the content change set for a missions given a time period
+	 *
+	 * parameters are seconds ago or {start, end} timespan
+	 *
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{name:.+}/changes", method = RequestMethod.GET)
+	ApiResponse<Set<MissionChange>> getMissionChanges(
+			@PathVariable("name") @NotNull String name,
+			@RequestParam(value = "secago", required = false) Long secago,
+			@RequestParam(value = "start", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
+			@RequestParam(value = "end", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end,
+			@RequestParam(value = "squashed", required = false, defaultValue = "true") boolean squashed,
+			HttpServletRequest request) {
+
+		try {
+
+//			Mission mission = missionService.getMissionByNameCheckGroups(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
+//			missionService.validateMission(mission, missionService.trimName(name));
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("getting mission changes for mission " + name);
+			}
+
+			Set<MissionChange> changes = missionService.getMissionChanges(name, martiUtil.getGroupVectorBitString(request),
+					secago, start, end, squashed);
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("got mission changes: " + changes);
+			}
+
+			return new ApiResponse<Set<MissionChange>>(Constants.API_VERSION, MissionChange.class.getSimpleName(),
+					new ConcurrentSkipListSet<>(changes));
+		} catch (Exception e) {
+			logger.error("exception in getMissionChanges", e);
+			return null;
+		}
+	}
+
+
+	/*
+	 * mission keywords
+	 *
+	 */
+
+	/*
+	 * remove all keywords for a mission
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name:.+}/keywords", method = RequestMethod.DELETE)
+	ApiResponse<Set<Mission>> clearKeywords(
+			@PathVariable("name") @NotNull String name,
+			@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request) {
+
+		if (Strings.isNullOrEmpty(name)) {
+			throw new IllegalArgumentException("empty 'name' path parameter");
+		}
+
+		Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
+
+		// remove all keywords
+		mission.getKeywords().clear();
+
+		missionRepository.removeAllKeywordsForMission(mission.getId());
+
+		missionService.invalidateMissionCache(name);
 
-    /*
-     * sets the keywords for the mission
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name:.+}/keywords", method = RequestMethod.PUT)
-    ApiResponse<Set<Mission>> setKeywords(
-            @PathVariable("name") @NotNull String name,
-            @RequestBody List<String> keywords,
-            @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request) {
+		try {
+			subscriptionManager.broadcastMissionAnnouncement(name, mission.getGroupVector(), creatorUid,
+					SubscriptionManagerLite.ChangeType.KEYWORD, mission.getTool());
+		} catch (Exception e) {
+			logger.debug("exception announcing mission change " + e.getMessage(), e);
+		}
 
-        if (Strings.isNullOrEmpty(name)) {
-            throw new IllegalArgumentException("empty 'name' path parameter");
-        }
+		return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(mission));
+	}
 
-        if (keywords == null || keywords.isEmpty()) {
-            throw new IllegalArgumentException("empty keywords array");
-        }
+	/*
+	 * sets the keywords for the mission
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name:.+}/keywords", method = RequestMethod.PUT)
+	ApiResponse<Set<Mission>> setKeywords(
+			@PathVariable("name") @NotNull String name,
+			@RequestBody List<String> keywords,
+			@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request) {
 
-        Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
+		if (Strings.isNullOrEmpty(name)) {
+			throw new IllegalArgumentException("empty 'name' path parameter");
+		}
+
+		if (keywords == null) {
+			logger.info("empty keywords array");
+			keywords = new ArrayList<>();
+		}
 
-        // remove all keywords
-        mission.getKeywords().clear();
+		Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
 
-        missionRepository.removeAllKeywordsForMission(mission.getId());
+		// remove all keywords
+		mission.getKeywords().clear();
+
+		missionRepository.removeAllKeywordsForMission(mission.getId());
 
 		// do validation
 		try {
@@ -1636,466 +1606,462 @@ ApiResponse<Set<Mission>> setKeywords(
 			throw new com.bbn.marti.remote.exception.ValidationException("invalid keyword!", e);
 		}
 
-        // add keywords
-        mission.getKeywords().addAll(keywords);
+		// add keywords
+		mission.getKeywords().addAll(keywords);
+
+		for (String keyword : keywords) {
+			try {
+				missionRepository.addMissionKeyword(mission.getId(), keyword);
+			} catch (DataIntegrityViolationException e) {
+				logger.debug("can't add duplicate keyword " + keyword);
+			}
+		}
+
+		missionService.invalidateMissionCache(name);
+
+		try {
+			subscriptionManager.broadcastMissionAnnouncement(name, mission.getGroupVector(), creatorUid,
+					SubscriptionManagerLite.ChangeType.KEYWORD, mission.getTool());
+		} catch (Exception e) {
+			logger.debug("exception announcing mission change " + e.getMessage(), e);
+		}
+
+		return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(mission));
+	}
+
+	/*
+	 * remove one keyword from a mission
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name:.+}/keywords/{keyword}", method = RequestMethod.DELETE)
+	ApiResponse<Set<Mission>> removeKeyword(
+			@PathVariable("name") @NotNull String name,
+			@PathVariable("keyword") String keyword,
+			@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request) {
+
+		if (Strings.isNullOrEmpty(name)) {
+			throw new IllegalArgumentException("empty 'name' path parameter");
+		}
+
+		if (Strings.isNullOrEmpty(keyword)) {
+			throw new IllegalArgumentException("keyword to delete must be provided in URL");
+		}
+
+		Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
+
+		if (!mission.getKeywords().remove(keyword)) {
+			throw new IllegalArgumentException("mission '" + name + "' did not contain keyword " + keyword);
+		}
+
+		missionRepository.removeMissionKeyword(mission.getId(), keyword);
+
+		missionService.invalidateMissionCache(name);
+
+		try {
+			subscriptionManager.broadcastMissionAnnouncement(name, mission.getGroupVector(), creatorUid,
+					SubscriptionManagerLite.ChangeType.KEYWORD, mission.getTool());
+		} catch (Exception e) {
+			logger.debug("exception announcing mission change " + e.getMessage(), e);
+		}
+
+		return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(mission));
+	}
+
+
+	/*
+	 * add one or more keywords to a mission uid
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name:.+}/uid/{uid:.+}/keywords", method = RequestMethod.PUT)
+	void addUidKeyword(
+			@PathVariable("name") @NotNull @ValidatedBy("MartiSafeString") String name,
+			@PathVariable("uid") @NotNull @ValidatedBy("MartiSafeString") String uid,
+			@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+			@RequestBody List<String> keywords, HttpServletRequest request) {
+
+		if (keywords == null || keywords.isEmpty()) {
+			throw new IllegalArgumentException("empty keywords array");
+		}
+
+		Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
+		missionService.validateMission(mission, name);
+
+		missionRepository.removeAllKeywordsForMissionUid(mission.getId(), uid);
+
+		StringWriter changes = new StringWriter();
+		changes.append("<uidKeywords uid=\"" + uid + "\">");
+
+		for (String keyword : keywords) {
+			try {
+				missionRepository.addMissionUidKeyword(mission.getId(), uid, keyword);
+				changes.append("<uidKeyword keyword=\"" + keyword + "\" />");
+			} catch (DataIntegrityViolationException e) {
+				logger.debug("can't add duplicate keyword " + keyword);
+			}
+		}
+
+		changes.append("</uidKeywords>");
+
+		missionService.invalidateMissionCache(name);
+
+		try {
+			subscriptionManager.announceMissionChange(name, SubscriptionManagerLite.ChangeType.UID_KEYWORD,
+					creatorUid, mission.getTool(), changes.toString());
+		} catch (Exception e) {
+			logger.debug("exception announcing mission change " + e.getMessage(), e);
+		}
+	}
+
+	/*
+	 * remove all keywords for a mission uid
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name:.+}/uid/{uid:.+}/keywords", method = RequestMethod.DELETE)
+	void clearUidKeywords(
+			@PathVariable("name") @NotNull @ValidatedBy("MartiSafeString") String name,
+			@PathVariable("uid") @NotNull @ValidatedBy("MartiSafeString") String uid,
+			@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request) {
+
+		Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
+		missionService.validateMission(mission, name);
+
+		missionRepository.removeAllKeywordsForMissionUid(mission.getId(), uid);
+
+		missionService.invalidateMissionCache(name);
+
+		try {
+			subscriptionManager.announceMissionChange(name, SubscriptionManagerLite.ChangeType.UID_KEYWORD,
+					creatorUid, mission.getTool(), "<uidKeywords uid=\"" + uid + "\"/>");
+		} catch (Exception e) {
+			logger.debug("exception announcing mission change " + e.getMessage(), e);
+		}
+	}
+
+	/*
+	 * add one or more keywords to a mission resource
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name:.+}/content/{hash:.+}/keywords", method = RequestMethod.PUT)
+	void addContentKeyword(
+			@PathVariable("name") @NotNull @ValidatedBy("MartiSafeString") String name,
+			@PathVariable("hash") @NotNull @ValidatedBy("MartiSafeString") String hash,
+			@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+			@RequestBody List<String> keywords,
+			HttpServletRequest request) {
+
+		if (keywords == null || keywords.isEmpty()) {
+			throw new IllegalArgumentException("empty keywords array");
+		}
+
+		Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
+		missionService.validateMission(mission, name);
+
+		missionRepository.removeAllKeywordsForMissionResource(mission.getId(), hash);
+
+		StringWriter changes = new StringWriter();
+		changes.append("<contentKeywords hash=\"" + hash + "\">");
+
+		for (String keyword : keywords) {
+			try {
+				missionRepository.addMissionResourceKeyword(mission.getId(), hash, keyword);
+				changes.append("<contentKeyword keyword=\"" + keyword + "\" />");
+			} catch (DataIntegrityViolationException e) {
+				logger.debug("can't add duplicate keyword " + keyword);
+			}
+		}
+
+		changes.append("</contentKeywords>");
+
+		missionService.invalidateMissionCache(name);
+
+		try {
+			subscriptionManager.announceMissionChange(name, SubscriptionManagerLite.ChangeType.RESOURCE_KEYWORD,
+					creatorUid, mission.getTool(), changes.toString());
+		} catch (Exception e) {
+			logger.debug("exception announcing mission change " + e.getMessage(), e);
+		}
+	}
+
+	/*
+	 * remove all keywords for a mission uid
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name:.+}/content/{hash:.+}/keywords", method = RequestMethod.DELETE)
+	void clearContentKeywords(
+			@PathVariable("name") @NotNull @ValidatedBy("MartiSafeString") String name,
+			@PathVariable("hash") @NotNull @ValidatedBy("MartiSafeString") String hash,
+			@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request) {
+
+		Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
+		missionService.validateMission(mission, name);
+
+		missionRepository.removeAllKeywordsForMissionResource(mission.getId(), hash);
+
+		missionService.invalidateMissionCache(name);
+
+		try {
+			subscriptionManager.announceMissionChange(name, SubscriptionManagerLite.ChangeType.RESOURCE_KEYWORD,
+					creatorUid, mission.getTool(), "<contentKeywords />");
+		} catch (Exception e) {
+			logger.debug("exception announcing mission change " + e.getMessage(), e);
+		}
+	}
+
+
+	private static final int DEFAULT_PARAMETER_LENGTH = 1024;
+
+	/*
+	 * Enterprise Sync search
+	 *
+	 * Search the resource table for enterprise sync / mission files
+	 */
+	@RequestMapping(value = "/sync/search", method = RequestMethod.GET)
+	ApiResponse<NavigableSet<Resource>> searchSync(
+			@RequestParam(value = "box", required = false) @ValidatedBy("Coordinates") String box,
+			@RequestParam(value = "circle", required = false) @ValidatedBy("Coordinates") String circle,
+			@RequestParam(value = "startTime", required = false) @ValidatedBy("MartiSafeString") @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
+			@RequestParam(value = "endTime", required = false) @ValidatedBy("MartiSafeString") @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end,
+			@RequestParam(value = "minAltitude", required = false) @ValidatedBy("Double") Double minAltitude,
+			@RequestParam(value = "maxAltitude", required = false) @ValidatedBy("Double") Double maxAltitude,
+			@RequestParam(value = "filename", required = false) @ValidatedBy("RestrictedRegex") String filename,
+			@RequestParam(value = "keyword", required = false) @ValidatedBy("RestrictedRegex") List<String> keywords,
+			@RequestParam(value = "mimetype", required = false) @ValidatedBy("RestrictedRegex") String mimeType,
+			@RequestParam(value = "name", required = false) @ValidatedBy("RestrictedRegex") String name,
+			@RequestParam(value = "uid", required = false) @ValidatedBy("RestrictedRegex") String uid,
+			@RequestParam(value = "hash", required = false) @ValidatedBy("RestrictedRegex") String hash,
+			@RequestParam(value = "mission", required = false) @ValidatedBy("RestrictedRegex") String missionName,
+			@RequestParam(value = "tool", required = false) @ValidatedBy("RestrictedRegex") String tool,
+			HttpServletRequest request
+	) {
+
+		String groupVector = null;
+
+		try {
+			// Get group vector for the user associated with this session
+			groupVector = martiUtil.getGroupBitVector(request);
+			logger.trace("groups bit vector: " + groupVector);
+		} catch (Exception e) {
+			logger.debug("exception getting group membership for current web user " + e.getMessage());
+		}
+
+		if (Strings.isNullOrEmpty(groupVector)) {
+			throw new IllegalStateException("empty group vector");
+		}
+
+		// init audit log if required
+		AuditLogUtil.init(request);
 
-        for (String keyword : keywords) {
-            try {
-                missionRepository.addMissionKeyword(mission.getId(), keyword);
-            } catch (DataIntegrityViolationException e) {
-                logger.debug("can't add duplicate keyword " + keyword);
-            }
-        }
-
-        missionService.invalidateMissionCache(name);
-
-        try {
-            subscriptionManager.broadcastMissionAnnouncement(name, mission.getGroupVector(), creatorUid,
-                    SubscriptionManagerLite.ChangeType.KEYWORD, mission.getTool());
-        } catch (Exception e) {
-            logger.debug("exception announcing mission change " + e.getMessage(), e);
-        }
-        
-		MissionUtils.findAndSetTransientValuesForMission(mission);
-
-        return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(mission));
-    }
-
-    /*
-     * remove one keyword from a mission
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name:.+}/keywords/{keyword}", method = RequestMethod.DELETE)
-    ApiResponse<Set<Mission>> removeKeyword(
-            @PathVariable("name") @NotNull String name,
-            @PathVariable("keyword") String keyword,
-            @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request) {
-
-        if (Strings.isNullOrEmpty(name)) {
-            throw new IllegalArgumentException("empty 'name' path parameter");
-        }
-
-        if (Strings.isNullOrEmpty(keyword)) {
-            throw new IllegalArgumentException("keyword to delete must be provided in URL");
-        }
-
-        Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
-
-        if (!mission.getKeywords().remove(keyword)) {
-            throw new IllegalArgumentException("mission '" + name + "' did not contain keyword " + keyword);
-        }
-
-        missionRepository.removeMissionKeyword(mission.getId(), keyword);
-
-        missionService.invalidateMissionCache(name);
-
-        try {
-            subscriptionManager.broadcastMissionAnnouncement(name, mission.getGroupVector(), creatorUid,
-                    SubscriptionManagerLite.ChangeType.KEYWORD, mission.getTool());
-        } catch (Exception e) {
-            logger.debug("exception announcing mission change " + e.getMessage(), e);
-        }
-
-		MissionUtils.findAndSetTransientValuesForMission(mission);
-
-        return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), Sets.newHashSet(mission));
-    }
-
-
-    /*
-     * add one or more keywords to a mission uid
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name:.+}/uid/{uid:.+}/keywords", method = RequestMethod.PUT)
-    void addUidKeyword(
-            @PathVariable("name") @NotNull @ValidatedBy("MartiSafeString") String name,
-            @PathVariable("uid") @NotNull @ValidatedBy("MartiSafeString") String uid,
-            @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
-            @RequestBody List<String> keywords, HttpServletRequest request) {
-
-        if (keywords == null || keywords.isEmpty()) {
-            throw new IllegalArgumentException("empty keywords array");
-        }
-
-        Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
-        missionService.validateMission(mission, name);
-
-        missionRepository.removeAllKeywordsForMissionUid(mission.getId(), uid);
-
-        StringWriter changes = new StringWriter();
-        changes.append("<uidKeywords uid=\"" + uid + "\">");
-
-        for (String keyword : keywords) {
-            try {
-                missionRepository.addMissionUidKeyword(mission.getId(), uid, keyword);
-                changes.append("<uidKeyword keyword=\"" + keyword + "\" />");
-            } catch (DataIntegrityViolationException e) {
-                logger.debug("can't add duplicate keyword " + keyword);
-            }
-        }
-
-        changes.append("</uidKeywords>");
-
-        missionService.invalidateMissionCache(name);
-
-        try {
-            subscriptionManager.announceMissionChange(name, SubscriptionManagerLite.ChangeType.UID_KEYWORD,
-                    creatorUid, mission.getTool(), changes.toString());
-        } catch (Exception e) {
-            logger.debug("exception announcing mission change " + e.getMessage(), e);
-        }
-    }
-
-    /*
-     * remove all keywords for a mission uid
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name:.+}/uid/{uid:.+}/keywords", method = RequestMethod.DELETE)
-    void clearUidKeywords(
-            @PathVariable("name") @NotNull @ValidatedBy("MartiSafeString") String name,
-            @PathVariable("uid") @NotNull @ValidatedBy("MartiSafeString") String uid,
-            @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request) {
-
-        Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
-        missionService.validateMission(mission, name);
-
-        missionRepository.removeAllKeywordsForMissionUid(mission.getId(), uid);
-
-        missionService.invalidateMissionCache(name);
-
-        try {
-            subscriptionManager.announceMissionChange(name, SubscriptionManagerLite.ChangeType.UID_KEYWORD,
-                    creatorUid, mission.getTool(), "<uidKeywords uid=\"" + uid + "\"/>");
-        } catch (Exception e) {
-            logger.debug("exception announcing mission change " + e.getMessage(), e);
-        }
-    }
-
-    /*
-     * add one or more keywords to a mission resource
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name:.+}/content/{hash:.+}/keywords", method = RequestMethod.PUT)
-    void addContentKeyword(
-            @PathVariable("name") @NotNull @ValidatedBy("MartiSafeString") String name,
-            @PathVariable("hash") @NotNull @ValidatedBy("MartiSafeString") String hash,
-            @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
-            @RequestBody List<String> keywords,
-            HttpServletRequest request) {
-
-        if (keywords == null || keywords.isEmpty()) {
-            throw new IllegalArgumentException("empty keywords array");
-        }
-
-        Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
-        missionService.validateMission(mission, name);
-
-        missionRepository.removeAllKeywordsForMissionResource(mission.getId(), hash);
-
-        StringWriter changes = new StringWriter();
-        changes.append("<contentKeywords hash=\"" + hash + "\">");
-
-        for (String keyword : keywords) {
-            try {
-                missionRepository.addMissionResourceKeyword(mission.getId(), hash, keyword);
-                changes.append("<contentKeyword keyword=\"" + keyword + "\" />");
-            } catch (DataIntegrityViolationException e) {
-                logger.debug("can't add duplicate keyword " + keyword);
-            }
-        }
-
-        changes.append("</contentKeywords>");
-
-        missionService.invalidateMissionCache(name);
-
-        try {
-            subscriptionManager.announceMissionChange(name, SubscriptionManagerLite.ChangeType.RESOURCE_KEYWORD,
-                    creatorUid, mission.getTool(), changes.toString());
-        } catch (Exception e) {
-            logger.debug("exception announcing mission change " + e.getMessage(), e);
-        }
-    }
-
-    /*
-     * remove all keywords for a mission uid
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name:.+}/content/{hash:.+}/keywords", method = RequestMethod.DELETE)
-    void clearContentKeywords(
-            @PathVariable("name") @NotNull @ValidatedBy("MartiSafeString") String name,
-            @PathVariable("hash") @NotNull @ValidatedBy("MartiSafeString") String hash,
-            @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request) {
-
-        Mission mission = missionService.getMission(missionService.trimName(name), martiUtil.getGroupVectorBitString(request));
-        missionService.validateMission(mission, name);
-
-        missionRepository.removeAllKeywordsForMissionResource(mission.getId(), hash);
-
-        missionService.invalidateMissionCache(name);
-
-        try {
-            subscriptionManager.announceMissionChange(name, SubscriptionManagerLite.ChangeType.RESOURCE_KEYWORD,
-                    creatorUid, mission.getTool(), "<contentKeywords />");
-        } catch (Exception e) {
-            logger.debug("exception announcing mission change " + e.getMessage(), e);
-        }
-    }
-
-
-    private static final int DEFAULT_PARAMETER_LENGTH = 1024;
-
-    /*
-     * Enterprise Sync search
-     *
-     * Search the resource table for enterprise sync / mission files
-     */
-    @RequestMapping(value = "/sync/search", method = RequestMethod.GET)
-    ApiResponse<NavigableSet<Resource>> searchSync(
-            @RequestParam(value = "box", required = false) @ValidatedBy("Coordinates") String box,
-            @RequestParam(value = "circle", required = false) @ValidatedBy("Coordinates") String circle,
-            @RequestParam(value = "startTime", required = false) @ValidatedBy("MartiSafeString") @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
-            @RequestParam(value = "endTime", required = false) @ValidatedBy("MartiSafeString") @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end,
-            @RequestParam(value = "minAltitude", required = false) @ValidatedBy("Double") Double minAltitude,
-            @RequestParam(value = "maxAltitude", required = false) @ValidatedBy("Double") Double maxAltitude,
-            @RequestParam(value = "filename", required = false) @ValidatedBy("RestrictedRegex") String filename,
-            @RequestParam(value = "keyword", required = false) @ValidatedBy("RestrictedRegex") List<String> keywords,
-            @RequestParam(value = "mimetype", required = false) @ValidatedBy("RestrictedRegex") String mimeType,
-            @RequestParam(value = "name", required = false) @ValidatedBy("RestrictedRegex") String name,
-            @RequestParam(value = "uid", required = false) @ValidatedBy("RestrictedRegex") String uid,
-            @RequestParam(value = "hash", required = false) @ValidatedBy("RestrictedRegex") String hash,
-            @RequestParam(value = "mission", required = false) @ValidatedBy("RestrictedRegex") String missionName,
-            @RequestParam(value = "tool", required = false) @ValidatedBy("RestrictedRegex") String tool,
-            HttpServletRequest request
-    ) {
-
-        String groupVector = null;
-
-        try {
-            // Get group vector for the user associated with this session
-            groupVector = martiUtil.getGroupBitVector(request);
-            logger.trace("groups bit vector: " + groupVector);
-        } catch (Exception e) {
-            logger.debug("exception getting group membership for current web user " + e.getMessage());
-        }
-
-        if (Strings.isNullOrEmpty(groupVector)) {
-            throw new IllegalStateException("empty group vector");
-        }
-
-        // init audit log if required
-        AuditLogUtil.init(request);
-
-        // get the currently executing method and validate its arguments. Luckily the http request param list takes care of the problem that Java lacks named parameters!
-        // Validation exceptions will be propagated to custom exception handler level and trigger an appropriate HTTP response, and error payload
-
-        validateParameters(new Object() {}.getClass().getEnclosingMethod());
-
-        logger.debug("keywords: " + keywords);
-
-        logger.debug("box: " + box);
-
-        logger.debug("circle: " + circle);
-
-        logger.debug("startTime: " + start);
-
-        logger.debug("endTime: " + end);
-
-        if (!Strings.isNullOrEmpty(missionName)) {
-            missionName = missionService.trimName(missionName);
-        }
-
-        logger.debug("mission name: " + missionName);
-
-        // Use Postgres PGobject for geospatial
-        PGobject spatialConstraint = null;
-        if (!Strings.isNullOrEmpty(box) && !Strings.isNullOrEmpty(circle)) {
-            throw new IllegalArgumentException("Both circle and box specified");
-        }
-
-        if (!Strings.isNullOrEmpty(box)) {
-            Double[] coordinates = KmlUtils.parseSpatialCoordinates(box);
-            spatialConstraint = new PGbox(coordinates[0], coordinates[1], coordinates[2], coordinates[3]);
-        }
-
-        if (!Strings.isNullOrEmpty(circle)) {
-            Double[] coordinates = KmlUtils.parseSpatialCoordinates(circle);
-            spatialConstraint = new PGcircle(coordinates[0], coordinates[1], coordinates[2]);
-        }
+		// get the currently executing method and validate its arguments. Luckily the http request param list takes care of the problem that Java lacks named parameters!
+		// Validation exceptions will be propagated to custom exception handler level and trigger an appropriate HTTP response, and error payload
 
-        logger.debug("Spatial constraint: " + spatialConstraint);
+		validateParameters(new Object() {}.getClass().getEnclosingMethod());
 
-        NavigableSet<Resource> results = new ConcurrentSkipListSet<>();
+		logger.debug("keywords: " + keywords);
 
-        // also process search constraints that are not special enough to have their own arguments
-        Map<Metadata.Field, String> constraints = new HashMap<>();
+		logger.debug("box: " + box);
 
-        // note: can't search by filename - using name since it appears to usually be that
-        if (!Strings.isNullOrEmpty(filename)) {
-            constraints.put(Metadata.Field.Name, filename);
-        }
+		logger.debug("circle: " + circle);
 
-        if (keywords != null && !keywords.isEmpty()) {
-            constraints.put(Metadata.Field.Keywords, Joiner.on(',').join(keywords));
-        }
+		logger.debug("startTime: " + start);
 
-        if (!Strings.isNullOrEmpty(mimeType)) {
-            constraints.put(Metadata.Field.MIMEType, mimeType);
-        }
+		logger.debug("endTime: " + end);
 
-        if (!Strings.isNullOrEmpty(name)) {
-            constraints.put(Metadata.Field.Name, name);
-        }
+		if (!Strings.isNullOrEmpty(missionName)) {
+			missionName = missionService.trimName(missionName);
+		}
+
+		logger.debug("mission name: " + missionName);
+
+		// Use Postgres PGobject for geospatial
+		PGobject spatialConstraint = null;
+		if (!Strings.isNullOrEmpty(box) && !Strings.isNullOrEmpty(circle)) {
+			throw new IllegalArgumentException("Both circle and box specified");
+		}
+
+		if (!Strings.isNullOrEmpty(box)) {
+			Double[] coordinates = KmlUtils.parseSpatialCoordinates(box);
+			spatialConstraint = new PGbox(coordinates[0], coordinates[1], coordinates[2], coordinates[3]);
+		}
+
+		if (!Strings.isNullOrEmpty(circle)) {
+			Double[] coordinates = KmlUtils.parseSpatialCoordinates(circle);
+			spatialConstraint = new PGcircle(coordinates[0], coordinates[1], coordinates[2]);
+		}
+
+		logger.debug("Spatial constraint: " + spatialConstraint);
+
+		NavigableSet<Resource> results = new ConcurrentSkipListSet<>();
+
+		// also process search constraints that are not special enough to have their own arguments
+		Map<Metadata.Field, String> constraints = new HashMap<>();
+
+		// note: can't search by filename - using name since it appears to usually be that
+		if (!Strings.isNullOrEmpty(filename)) {
+			constraints.put(Metadata.Field.Name, filename);
+		}
+
+		if (keywords != null && !keywords.isEmpty()) {
+			constraints.put(Metadata.Field.Keywords, Joiner.on(',').join(keywords));
+		}
+
+		if (!Strings.isNullOrEmpty(mimeType)) {
+			constraints.put(Metadata.Field.MIMEType, mimeType);
+		}
 
-        if (!Strings.isNullOrEmpty(uid)) {
-            constraints.put(Metadata.Field.UID, uid);
-        }
+		if (!Strings.isNullOrEmpty(name)) {
+			constraints.put(Metadata.Field.Name, name);
+		}
 
-        if (!Strings.isNullOrEmpty(hash)) {
-            constraints.put(Metadata.Field.Hash, hash);
-        }
+		if (!Strings.isNullOrEmpty(uid)) {
+			constraints.put(Metadata.Field.UID, uid);
+		}
 
+		if (!Strings.isNullOrEmpty(hash)) {
+			constraints.put(Metadata.Field.Hash, hash);
+		}
 
-        // execute the search with the persistence store.
-        try {
-            SortedMap<String, List<Metadata>> searchResults =
-                    syncStore.search(
-                            minAltitude,
-                            maxAltitude,
-                            constraints,
-                            spatialConstraint,
-                            start != null ? new Timestamp(start.getTime()) : null,
-                            end != null ? new Timestamp(end.getTime()) : null,
-                            Boolean.FALSE,
-                            missionName,
-                            tool,
-                            groupVector
-                    );
 
-            for (List<Metadata> list : searchResults.values()) {
-                for (Metadata metadata : list) {
-                    results.add(new Resource(metadata));
-                }
-            }
-        } catch (Exception e) {
-            throw new TakException("exception executing search", e);
-        }
+		// execute the search with the persistence store.
+		try {
+			SortedMap<String, List<Metadata>> searchResults =
+					syncStore.search(
+							minAltitude,
+							maxAltitude,
+							constraints,
+							spatialConstraint,
+							start != null ? new Timestamp(start.getTime()) : null,
+							end != null ? new Timestamp(end.getTime()) : null,
+							Boolean.FALSE,
+							missionName,
+							tool,
+							groupVector
+					);
+
+			for (List<Metadata> list : searchResults.values()) {
+				for (Metadata metadata : list) {
+					results.add(new Resource(metadata));
+				}
+			}
+		} catch (Exception e) {
+			throw new TakException("exception executing search", e);
+		}
 
-        return new ApiResponse<NavigableSet<Resource>>(Constants.API_VERSION, Resource.class.getSimpleName(), results);
-    }
+		return new ApiResponse<NavigableSet<Resource>>(Constants.API_VERSION, Resource.class.getSimpleName(), results);
+	}
 
-    // Validation annotation.
-    @Retention(RetentionPolicy.RUNTIME)
-    @Target(ElementType.PARAMETER)
-    public @interface ValidatedBy {
+	// Validation annotation.
+	@Retention(RetentionPolicy.RUNTIME)
+	@Target(ElementType.PARAMETER)
+	public @interface ValidatedBy {
 
-        public String value() default "";
+		public String value() default "";
 
-    }
+	}
 
-    private static final String context = "GET request parameters";
+	private static final String context = "GET request parameters";
 
 
-    // BACKLOG: consider refactoring validation and searching to use a model object with validation capabilities in conjunction with ESAPI-style validation.
-    public void validateParameters(Method method) {
+	// BACKLOG: consider refactoring validation and searching to use a model object with validation capabilities in conjunction with ESAPI-style validation.
+	public void validateParameters(Method method) {
 
-        if (method == null) {
-            throw new IllegalArgumentException("null method");
-        }
+		if (method == null) {
+			throw new IllegalArgumentException("null method");
+		}
 
-        // validate host and parameters. Validation exceptions will be propagated.
+		// validate host and parameters. Validation exceptions will be propagated.
 
-        if (request.getRemoteHost() != null) {
-            try {
-                validator.getValidInput("HttpServletRequest.getRemoteHost()", request.getRemoteHost(), "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
-            } catch (ValidationException | IntrusionException e) {
-                throw new com.bbn.marti.remote.exception.ValidationException("invalid host name");
-            }
-        }
+		if (request.getRemoteHost() != null) {
+			try {
+				validator.getValidInput("HttpServletRequest.getRemoteHost()", request.getRemoteHost(), "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
+			} catch (ValidationException | IntrusionException e) {
+				throw new com.bbn.marti.remote.exception.ValidationException("invalid host name");
+			}
+		}
 
-        // no way to do this without reflection
-        for (Parameter param : method.getParameters()) {
+		// no way to do this without reflection
+		for (Parameter param : method.getParameters()) {
 
-            if (param.isAnnotationPresent(ValidatedBy.class)) {
+			if (param.isAnnotationPresent(ValidatedBy.class)) {
 
-                // for each parameter, get the request param name, value, and validator. Then validate.
-                if (param.isAnnotationPresent(RequestParam.class)) {
+				// for each parameter, get the request param name, value, and validator. Then validate.
+				if (param.isAnnotationPresent(RequestParam.class)) {
 
-                    String paramName = param.getAnnotation(RequestParam.class).value();
+					String paramName = param.getAnnotation(RequestParam.class).value();
 
-                    String validatorPattern = param.getAnnotation(ValidatedBy.class).value();
+					String validatorPattern = param.getAnnotation(ValidatedBy.class).value();
 
-                    if (Strings.isNullOrEmpty(validatorPattern)) {
-                        throw new TakException("Empty validator name specified for parameter " + paramName);
-                    }
+					if (Strings.isNullOrEmpty(validatorPattern)) {
+						throw new TakException("Empty validator name specified for parameter " + paramName);
+					}
 
-                    // validate each value for this parameter
-                    if (request.getParameterValues(paramName) != null) {
+					// validate each value for this parameter
+					if (request.getParameterValues(paramName) != null) {
 
-                        for (String paramValue : request.getParameterValues(paramName)) {
+						for (String paramValue : request.getParameterValues(paramName)) {
 							if (logger.isTraceEnabled()) {
 								logger.trace("param name: " + StringUtils.normalizeSpace(paramName) + " param value: " + StringUtils.normalizeSpace(paramValue)
 										+ " validation pattern: " + StringUtils.normalizeSpace(validatorPattern) + " ");
 							}
-                            // do validation
-                            try {
-                                validator.getValidInput(context, paramValue, validatorPattern, DEFAULT_PARAMETER_LENGTH, false);
-                            } catch (ValidationException | IntrusionException e) {
-                                throw new com.bbn.marti.remote.exception.ValidationException("invalid parameter value for " + paramName, e);
-                            }
-
-                            logger.trace("param name: " + paramName + " validated");
-                        }
-                    } else {
-                        logger.trace("ignoring null parameter " + paramName);
-                        continue;
-                    }
-                }
-            }
-        }
-    }
-
-    @SuppressWarnings("unused")
-    private String trimKeyword(@NotNull String keyword) {
-
-        if (Strings.isNullOrEmpty(keyword)) {
-            throw new IllegalArgumentException("empty keyword");
-        }
-
-        keyword = keyword.trim();
-        keyword = keyword.toLowerCase();
-
-        return keyword;
-    }
-
-    @RequestMapping(value = "/missions/{missionName:.+}/token", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.CREATED)
-    public ApiResponse<String>  getReadOnlyAccessToken(
-            @RequestParam(value = "password", defaultValue = "") String password,
-            @PathVariable("missionName") String missionName) {
-
-        missionName = missionService.trimName(missionName);
+							// do validation
+							try {
+								validator.getValidInput(context, paramValue, validatorPattern, DEFAULT_PARAMETER_LENGTH, false);
+							} catch (ValidationException | IntrusionException e) {
+								throw new com.bbn.marti.remote.exception.ValidationException("invalid parameter value for " + paramName, e);
+							}
+
+							logger.trace("param name: " + paramName + " validated");
+						}
+					} else {
+						logger.trace("ignoring null parameter " + paramName);
+						continue;
+					}
+				}
+			}
+		}
+	}
+
+	@SuppressWarnings("unused")
+	private String trimKeyword(@NotNull String keyword) {
+
+		if (Strings.isNullOrEmpty(keyword)) {
+			throw new IllegalArgumentException("empty keyword");
+		}
+
+		keyword = keyword.trim();
+		keyword = keyword.toLowerCase();
+
+		return keyword;
+	}
+
+	@RequestMapping(value = "/missions/{missionName:.+}/token", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.CREATED)
+	public ApiResponse<String>  getReadOnlyAccessToken(
+			@RequestParam(value = "password", defaultValue = "") String password,
+			@PathVariable("missionName") String missionName) {
+
+		missionName = missionService.trimName(missionName);
 
 		// validate existence of mission
 		Mission mission = missionService.getMissionByNameCheckGroups(missionName, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, missionName);
 
-        missionService.validatePassword(mission, password);
+		missionService.validatePassword(mission, password);
 
-        String token = missionService.generateToken(
-                UUID.randomUUID().toString(), missionName, MissionTokenUtils.TokenType.ACCESS, -1);
+		String token = missionService.generateToken(
+				UUID.randomUUID().toString(), missionName, MissionTokenUtils.TokenType.ACCESS, -1);
 
-        return new ApiResponse<String>(
-                Constants.API_VERSION, String.class.getName(), token);
-    }
+		return new ApiResponse<String>(
+				Constants.API_VERSION, String.class.getName(), token);
+	}
 
 	/*
 	 * Returns the mission subscription for the current user
 	 */
 	@RequestMapping(value = "/missions/{missionName:.+}/subscription", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
+	@ResponseStatus(HttpStatus.OK)
 	public ApiResponse<MissionSubscription> getSubscriptionForUser(
 			@PathVariable("missionName") String missionName,
 			@RequestParam(value = "uid", defaultValue = "") String uid)
@@ -2118,23 +2084,23 @@ public ApiResponse<MissionSubscription> getSubscriptionForUser(
 				Constants.API_VERSION, MissionSubscription.class.getName(), missionSubscription);
 	}
 
-    /*
-     * subscribe to mission changes
-     */
-    @RequestMapping(value = "/missions/{missionName:.+}/subscription", method = RequestMethod.PUT)
-    @ResponseStatus(HttpStatus.CREATED)
-    public Callable<ApiResponse<MissionSubscription>> createMissionSubscription(
-            @RequestParam(value = "uid", defaultValue = "") String uid,
-            @RequestParam(value = "topic", defaultValue = "") String topic,
-            @RequestParam(value = "password", defaultValue = "") String password,
-            @RequestParam(value = "secago", required = false) Long secago,
-            @RequestParam(value = "start", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
-            @RequestParam(value = "end", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end,
-            @PathVariable("missionName") String missionNameParam) {
-
-    	final HttpServletRequest request = requestHolderBean.getRequest();
-     	
-     	final String sessionId = requestHolderBean.sessionId();
+	/*
+	 * subscribe to mission changes
+	 */
+	@RequestMapping(value = "/missions/{missionName:.+}/subscription", method = RequestMethod.PUT)
+	@ResponseStatus(HttpStatus.CREATED)
+	public Callable<ApiResponse<MissionSubscription>> createMissionSubscription(
+			@RequestParam(value = "uid", defaultValue = "") String uid,
+			@RequestParam(value = "topic", defaultValue = "") String topic,
+			@RequestParam(value = "password", defaultValue = "") String password,
+			@RequestParam(value = "secago", required = false) Long secago,
+			@RequestParam(value = "start", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
+			@RequestParam(value = "end", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end,
+			@PathVariable("missionName") String missionNameParam) {
+
+		final HttpServletRequest request = requestHolderBean.getRequest();
+
+		final String sessionId = requestHolderBean.sessionId();
 
 		final String groupVector = martiUtil.getGroupVectorBitString(sessionId);
 
@@ -2142,63 +2108,63 @@ public Callable<ApiResponse<MissionSubscription>> createMissionSubscription(
 
 		return () -> {
 
-     		String missionName = missionService.trimName(missionNameParam);
-     		
-     		
-     		 Mission mission;
-             if (missionService.getApiVersionNumberFromRequest(request) >= 4) {
-                 mission = missionService.getMission(missionName, groupVector);
-             } else {
-				 mission = missionService.getMissionByNameCheckGroups(missionName, groupVector);
-				 missionService.validateMission(mission, missionName);
-             }
-
-     		MissionRole subRole = missionService.getRoleFromToken(mission,
-     				new MissionTokenUtils.TokenType[]{
-     						MissionTokenUtils.TokenType.INVITATION,
-     						MissionTokenUtils.TokenType.SUBSCRIPTION,
-     						MissionTokenUtils.TokenType.ACCESS
-     		}, request);
-
-     		//
-     		// for password protected missions, the caller must provide a password or a token invite
-     		//
-     		if (mission.isPasswordProtected()) {
-     			if (!Strings.isNullOrEmpty(password)) {
-     				if (!BCrypt.checkpw(password, mission.getPasswordHash())) {
-     					throw new ForbiddenException("Illegal attempt to subscribe to mission! Password did not match.");
-     				}
-     			}  else if (subRole == null) {
-     				throw new ForbiddenException("Illegal attempt to subscribe to mission! No token role provided.");
-     			}
-     		} else if (!Strings.isNullOrEmpty(password)) {
-     			throw new ForbiddenException("Illegal attempt to subscribe to mission! No password provided.");
-     		} else if (mission.isInviteOnly() && subRole == null) {
-     			// find a username invitation for the current user
+			String missionName = missionService.trimName(missionNameParam);
+
+
+			Mission mission;
+			if (missionService.getApiVersionNumberFromRequest(request) >= 4) {
+				mission = missionService.getMission(missionName, groupVector);
+			} else {
+				mission = missionService.getMissionByNameCheckGroups(missionName, groupVector);
+				missionService.validateMission(mission, missionName);
+			}
+
+			MissionRole subRole = missionService.getRoleFromToken(mission,
+					new MissionTokenUtils.TokenType[]{
+							MissionTokenUtils.TokenType.INVITATION,
+							MissionTokenUtils.TokenType.SUBSCRIPTION,
+							MissionTokenUtils.TokenType.ACCESS
+					}, request);
+
+			//
+			// for password protected missions, the caller must provide a password or a token invite
+			//
+			if (mission.isPasswordProtected()) {
+				if (!Strings.isNullOrEmpty(password)) {
+					if (!BCrypt.checkpw(password, mission.getPasswordHash())) {
+						throw new ForbiddenException("Illegal attempt to subscribe to mission! Password did not match.");
+					}
+				}  else if (subRole == null) {
+					throw new ForbiddenException("Illegal attempt to subscribe to mission! No token role provided.");
+				}
+			} else if (!Strings.isNullOrEmpty(password)) {
+				throw new ForbiddenException("Illegal attempt to subscribe to mission! No password provided.");
+			} else if (mission.isInviteOnly() && subRole == null) {
+				// find a username invitation for the current user
 				subRole = missionService.getRoleFromTypeAndInvitee(
-     					missionName, MissionInvitation.Type.userName.name(), username);
-     			if (subRole == null) {
+						missionName, MissionInvitation.Type.userName.name(), username);
+				if (subRole == null) {
 					throw new ForbiddenException("Illegal attempt to subscribe to invite only mission!");
 				}
 			}
 
-     		MissionRole role = null;
-     		if (subRole != null) {
-     			role = subRole;
-     		} else {
-     			role = missionService.getDefaultRole(mission);
-     		}
+			MissionRole role = null;
+			if (subRole != null) {
+				role = subRole;
+			} else {
+				role = missionService.getDefaultRole(mission);
+			}
 
-     		if (Strings.isNullOrEmpty(uid) && Strings.isNullOrEmpty(topic)) {
-     			throw new IllegalArgumentException("either 'uid' or 'topic' parameter must be specified");
-     		}
+			if (Strings.isNullOrEmpty(uid) && Strings.isNullOrEmpty(topic)) {
+				throw new IllegalArgumentException("either 'uid' or 'topic' parameter must be specified");
+			}
 
-     		MissionSubscription missionSubscription = missionService.missionSubscribe(missionName, mission.getId(),
+			MissionSubscription missionSubscription = missionService.missionSubscribe(missionName, mission.getId(),
 					Strings.isNullOrEmpty(topic) ? uid : "topic:" + topic, username, role, groupVector);
 
-     		if (mission.getFeeds() != null) {
-     			for (MissionFeed missionFeed : mission.getFeeds()) {
-     				dataFeedCotService.sendLatestFeedEvents(mission, missionFeed, Collections.singletonList(uid), groupVector);
+			if (mission.getFeeds() != null) {
+				for (MissionFeed missionFeed : mission.getFeeds()) {
+					dataFeedCotService.sendLatestFeedEvents(mission, missionFeed, Collections.singletonList(uid), groupVector);
 				}
 			}
 
@@ -2207,200 +2173,200 @@ public Callable<ApiResponse<MissionSubscription>> createMissionSubscription(
 				missionService.missionUninvite(missionName,
 						uid, MissionInvitation.Type.clientUid, uid, groupVector);
 
-     			// clear out any callsign invitations for the devices current callsign
-     			RemoteSubscription subscription = subscriptionManagerProxy.getSubscriptionManagerForClientUid(uid).getRemoteSubscriptionByClientUid(uid);
-     			if (subscription != null && !Strings.isNullOrEmpty(subscription.callsign)) {
-     				missionService.missionUninvite(missionName, subscription.callsign,
-     						MissionInvitation.Type.callsign, uid, groupVector);
-     			}
-     		}
-     		catch (Exception e) {
-     			throw new TakException(e);
-     		}
+				// clear out any callsign invitations for the devices current callsign
+				RemoteSubscription subscription = subscriptionManagerProxy.getSubscriptionManagerForClientUid(uid).getRemoteSubscriptionByClientUid(uid);
+				if (subscription != null && !Strings.isNullOrEmpty(subscription.callsign)) {
+					missionService.missionUninvite(missionName, subscription.callsign,
+							MissionInvitation.Type.callsign, uid, groupVector);
+				}
+			}
+			catch (Exception e) {
+				throw new TakException(e);
+			}
 
-     		// return changes and logs with API 3+
-     		if (missionService.getApiVersionNumberFromRequest(request) >= 3) {
+			// return changes and logs with API 3+
+			if (missionService.getApiVersionNumberFromRequest(request) >= 3) {
 
 				missionSubscription.setMission(mission);
 
 				Set<MissionChange> changes = missionService.getMissionChanges(
-     					mission.getName(), groupVector, secago, start, end, false);
-     			missionSubscription.getMission().setMissionChanges(changes);
+						mission.getName(), groupVector, secago, start, end, false);
+				missionSubscription.getMission().setMissionChanges(changes);
 
-     			List<LogEntry> logs = missionService.getLogEntriesForMission(mission, secago, start, end);
-     			missionSubscription.getMission().setLogs(logs);
+				List<LogEntry> logs = missionService.getLogEntriesForMission(mission, secago, start, end);
+				missionSubscription.getMission().setLogs(logs);
 
-     		} else {
-     			//  mission is not returned < API 3
-     			missionSubscription.setMission(null);
-     		}
+			} else {
+				//  mission is not returned < API 3
+				missionSubscription.setMission(null);
+			}
 
-     		return new ApiResponse<MissionSubscription>(
-     				Constants.API_VERSION,  MissionSubscription.class.getName(), missionSubscription);
-     	};
-    }
+			return new ApiResponse<MissionSubscription>(
+					Constants.API_VERSION,  MissionSubscription.class.getName(), missionSubscription);
+		};
+	}
 
-    @PreAuthorize("hasPermission(#request, 'MISSION_SET_ROLE')")
-    @RequestMapping(value = "/missions/{missionName:.+}/subscription", method = RequestMethod.POST)
-    public void setSubscriptionRole(
-            @RequestBody List<MissionSubscription> subscriptions,
-            @PathVariable("missionName") String missionName,
-            @RequestParam(value = "creatorUid", required = true) @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request) {
+	@PreAuthorize("hasPermission(#request, 'MISSION_SET_ROLE')")
+	@RequestMapping(value = "/missions/{missionName:.+}/subscription", method = RequestMethod.POST)
+	public void setSubscriptionRole(
+			@RequestBody List<MissionSubscription> subscriptions,
+			@PathVariable("missionName") String missionName,
+			@RequestParam(value = "creatorUid", required = true) @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request) {
 
-        missionName = missionService.trimName(missionName);
+		missionName = missionService.trimName(missionName);
 
-        String groupVector = martiUtil.getGroupVectorBitString(request);
+		String groupVector = martiUtil.getGroupVectorBitString(request);
 
-        // validate existence of mission
+		// validate existence of mission
 		Mission mission = missionService.getMissionByNameCheckGroups(missionName, groupVector);
 		missionService.validateMission(mission, missionName);
 
-        // validate subscription list
-        for (MissionSubscription subscription : subscriptions) {
-            if (subscription.getClientUid() == null || subscription.getRole() == null) {
-                throw new IllegalArgumentException("missing clientUid or role");
-            }
-
-            MissionRole role = missionRoleRepository.findFirstByRole(subscription.getRole().getRole());
-
-            if (!missionService.validateRoleAssignment(mission, request, role)) {
-                throw new ForbiddenException("validateRoleAssignment failed! Illegal attempt to assign role "
-                        + role.getRole().name());
-            }
-        }
-
-        boolean success = missionService.inviteOrUpdate(mission, subscriptions, creatorUid, groupVector);
-        response.setStatus(success ? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-    }
-
-    /*
-     * unsubscribe to mission changes
-     *
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')") // use MISSION_READ here to allow readonly users to unsubscribe
-    @RequestMapping(value = "/missions/{missionName:.+}/subscription", method = RequestMethod.DELETE)
-    @ResponseStatus(HttpStatus.OK)
-    public Callable<Void> deleteMissionSubscription(
-    		@RequestParam(value = "uid", defaultValue = "") String uid,
+		// validate subscription list
+		for (MissionSubscription subscription : subscriptions) {
+			if (subscription.getClientUid() == null || subscription.getRole() == null) {
+				throw new IllegalArgumentException("missing clientUid or role");
+			}
+
+			MissionRole role = missionRoleRepository.findFirstByRole(subscription.getRole().getRole());
+
+			if (!missionService.validateRoleAssignment(mission, request, role)) {
+				throw new ForbiddenException("validateRoleAssignment failed! Illegal attempt to assign role "
+						+ role.getRole().name());
+			}
+		}
+
+		boolean success = missionService.inviteOrUpdate(mission, subscriptions, creatorUid, groupVector);
+		response.setStatus(success ? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+	}
+
+	/*
+	 * unsubscribe to mission changes
+	 *
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')") // use MISSION_READ here to allow readonly users to unsubscribe
+	@RequestMapping(value = "/missions/{missionName:.+}/subscription", method = RequestMethod.DELETE)
+	@ResponseStatus(HttpStatus.OK)
+	public Callable<Void> deleteMissionSubscription(
+			@RequestParam(value = "uid", defaultValue = "") String uid,
 			@RequestParam(value = "topic", defaultValue = "") String topic,
 			@RequestParam(value = "disconnectOnly", defaultValue = "true") boolean disconnectOnly,
-    		@PathVariable("missionName") String missionNameParam) {
+			@PathVariable("missionName") String missionNameParam) {
 
-    	final String groupVector = martiUtil.getGroupVectorBitString(request);
+		final String groupVector = martiUtil.getGroupVectorBitString(request);
 
 		final String username = SecurityContextHolder.getContext().getAuthentication().getName();
 
-    	return () -> {
+		return () -> {
 
-    		String missionName = missionService.trimName(missionNameParam);
+			String missionName = missionService.trimName(missionNameParam);
 
 			// validate existence of mission
 			Mission mission = missionService.getMissionByNameCheckGroups(missionName, groupVector);
 			missionService.validateMission(mission, missionName);
 
-    		if (Strings.isNullOrEmpty(uid) && Strings.isNullOrEmpty(topic)) {
-    			throw new IllegalArgumentException("either 'uid' or 'topic' parameter must be specified");
-    		}
+			if (Strings.isNullOrEmpty(uid) && Strings.isNullOrEmpty(topic)) {
+				throw new IllegalArgumentException("either 'uid' or 'topic' parameter must be specified");
+			}
+
+			missionService.missionUnsubscribe(missionName, Strings.isNullOrEmpty(topic) ? uid : topic, username, groupVector, disconnectOnly);
+
+			return null;
+		};
+	}
 
-    		missionService.missionUnsubscribe(missionName, Strings.isNullOrEmpty(topic) ? uid : topic, username, groupVector, disconnectOnly);
-    		
-    		return null;
-    	};
-    }
-
-    /*
-     * Get all mission subscriptions
-     *
-     */
-    @PreAuthorize("hasRole('ROLE_ADMIN')") // restrict to admin
-    @RequestMapping(value = "/missions/all/subscriptions", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponse<List<Map.Entry<String, String>>> getAllMissionSubscriptions() {
-        return new ApiResponse<List<Map.Entry<String, String>>>(Constants.API_VERSION, "MissionSubscription", missionService.getAllMissionSubscriptions());
-    }
-
-    /*
-     * Get subscriptions to the specified mission
-     *
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{missionName:.+}/subscriptions", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponse<List<String>> getMissionSubscriptions(
-            @PathVariable("missionName") String missionName, HttpServletRequest request) {
+	/*
+	 * Get all mission subscriptions
+	 *
+	 */
+	@PreAuthorize("hasRole('ROLE_ADMIN')") // restrict to admin
+	@RequestMapping(value = "/missions/all/subscriptions", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	public ApiResponse<List<Map.Entry<String, String>>> getAllMissionSubscriptions() {
+		return new ApiResponse<List<Map.Entry<String, String>>>(Constants.API_VERSION, "MissionSubscription", missionService.getAllMissionSubscriptions());
+	}
+
+	/*
+	 * Get subscriptions to the specified mission
+	 *
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{missionName:.+}/subscriptions", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	public ApiResponse<List<String>> getMissionSubscriptions(
+			@PathVariable("missionName") String missionName, HttpServletRequest request) {
 
 		Mission mission = missionService.getMissionByNameCheckGroups(missionService.trimName(missionName), martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, missionName);
 
-        try {
-            return new ApiResponse<List<String>>(Constants.API_VERSION, "MissionSubscription", subscriptionManager.getMissionSubscriptions(missionName, false));
-        } catch (Exception e) {
-            throw new TakException(e);
-        }
-    }
+		try {
+			return new ApiResponse<List<String>>(Constants.API_VERSION, "MissionSubscription", subscriptionManager.getMissionSubscriptions(missionName, false));
+		} catch (Exception e) {
+			throw new TakException(e);
+		}
+	}
 
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{missionName:.+}/subscriptions/roles", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponse<List<MissionSubscription>> getMissionSubscriptionRoles(
-            @PathVariable("missionName") String missionName, HttpServletRequest request) {
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{missionName:.+}/subscriptions/roles", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	public ApiResponse<List<MissionSubscription>> getMissionSubscriptionRoles(
+			@PathVariable("missionName") String missionName, HttpServletRequest request) {
 
 		Mission mission = missionService.getMissionByNameCheckGroups(missionService.trimName(missionName), martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, missionName);
 
 		// ensure tokens are removed from the output
-		List<MissionSubscription> missionSubscriptions = missionSubscriptionRepository.findAllByMissionNameNoMissionNoToken(missionName);
+		List<MissionSubscription> missionSubscriptions = missionService.getMissionSubscriptionsByMissionNameNoMissionNoToken(missionName);
 		for (MissionSubscription missionSubscription : missionSubscriptions) {
 			missionSubscription.setToken(null);
 		}
 
-        return new ApiResponse<List<MissionSubscription>>(Constants.API_VERSION, "MissionSubscription",
-                missionSubscriptions);
-    }
+		return new ApiResponse<List<MissionSubscription>>(Constants.API_VERSION, "MissionSubscription",
+				missionSubscriptions);
+	}
 
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{missionName:.+}/role", method = RequestMethod.GET)
-    public ApiResponse<MissionRole> getMissionRoleFromToken(
-            @PathVariable("missionName") String missionName, HttpServletRequest request) {
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{missionName:.+}/role", method = RequestMethod.GET)
+	public ApiResponse<MissionRole> getMissionRoleFromToken(
+			@PathVariable("missionName") String missionName, HttpServletRequest request) {
 
-        missionName = missionService.trimName(missionName);
+		missionName = missionService.trimName(missionName);
 
-        // validate existence of mission
+		// validate existence of mission
 		Mission mission = missionService.getMissionByNameCheckGroups(missionName, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, missionName);
 
-        MissionRole role = (MissionRole)request.getAttribute(MissionRole.class.getName());
+		MissionRole role = (MissionRole)request.getAttribute(MissionRole.class.getName());
 
-        return new ApiResponse<MissionRole>(
-                Constants.API_VERSION,  MissionRole.class.getName(), role);
-    }
+		return new ApiResponse<MissionRole>(
+				Constants.API_VERSION,  MissionRole.class.getName(), role);
+	}
 
-    @PreAuthorize("hasPermission(#request, 'MISSION_SET_ROLE')")
-    @RequestMapping(value = "/missions/{missionName:.+}/role", method = RequestMethod.PUT)
-    public void setMissionRole(
-            @PathVariable("missionName") String missionName,
+	@PreAuthorize("hasPermission(#request, 'MISSION_SET_ROLE')")
+	@RequestMapping(value = "/missions/{missionName:.+}/role", method = RequestMethod.PUT)
+	public void setMissionRole(
+			@PathVariable("missionName") String missionName,
 			@RequestParam(value = "clientUid", defaultValue = "") @ValidatedBy("MartiSafeString") String clientUid,
 			@RequestParam(value = "username", defaultValue = "") @ValidatedBy("MartiSafeString") String username,
-            @RequestParam(value = "role", required = false) @ValidatedBy("MartiSafeString") MissionRole.Role newRole,
-            HttpServletRequest request) {
+			@RequestParam(value = "role", required = false) @ValidatedBy("MartiSafeString") MissionRole.Role newRole,
+			HttpServletRequest request) {
 
-        missionName = missionService.trimName(missionName);
+		missionName = missionService.trimName(missionName);
 
-        // validate existence of mission
+		// validate existence of mission
 		Mission mission = missionService.getMissionByNameCheckGroups(missionName, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, missionName);
 
-        if (mission.getDefaultRole() == null) {
-            logger.error("illegal attempt to set role on non role-enabled mission!");
-            throw new IllegalArgumentException();
-        }
+		if (mission.getDefaultRole() == null) {
+			logger.error("illegal attempt to set role on non role-enabled mission!");
+			throw new IllegalArgumentException();
+		}
 
-        boolean result = true;
+		boolean result = true;
 
-        MissionRole role = null;
+		MissionRole role = null;
 
-        if (newRole != null) {
+		if (newRole != null) {
 			role = missionRoleRepository.findFirstByRole(newRole);
 
 			if (!missionService.validateRoleAssignment(mission, request, role)) {
@@ -2409,79 +2375,81 @@ public void setMissionRole(
 			}
 		}
 
-		result = missionService.setRole(mission, clientUid, username, role, martiUtil.getGroupVectorBitString(request));
+		result = missionService.setRole(mission, clientUid, username, role, martiUtil.getGroupVectorBitString(request));
+
+		response.setStatus(result ? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+	}
+
+	/*
+	 * Get all mission invitations for a given clientUid
+	 *
+	 */
+	@RequestMapping(value = "/missions/all/invitations", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	public ApiResponse<Set<String>> getAllMissionInvitations(
+			@RequestParam(value = "clientUid", defaultValue = "") @ValidatedBy("MartiSafeString") String clientUid) {
+
+		Set<MissionInvitation> missionInvitations = missionService.getAllMissionInvitationsForClient(
+				clientUid, martiUtil.getGroupVectorBitString(request));
+
+		Set<String> missionNames = new HashSet<String>();
+		for (MissionInvitation mi : missionInvitations) {
+			missionNames.add(mi.getMissionName());
+		}
+
+		return new ApiResponse<Set<String>>(Constants.API_VERSION, "MissionInvitation", missionNames);
+	}
+
+	@RequestMapping(value = "/missions/invitations", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	public ApiResponse<Set<MissionInvitation>> getAllMissionInvitationsWithPasswords(
+			@RequestParam(value = "clientUid", required = true) @ValidatedBy("MartiSafeString") String clientUid) {
+
+		return new ApiResponse<Set<MissionInvitation>>(Constants.API_VERSION, "MissionInvitation",
+				missionService.getAllMissionInvitationsForClient(clientUid, martiUtil.getGroupVectorBitString(request)));
+	}
 
-        response.setStatus(result ? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-    }
-
-    /*
-     * Get all mission invitations for a given clientUid
-     *
-     */
-    @RequestMapping(value = "/missions/all/invitations", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponse<Set<String>> getAllMissionInvitations(
-            @RequestParam(value = "clientUid", defaultValue = "") @ValidatedBy("MartiSafeString") String clientUid) {
-
-        Set<MissionInvitation> missionInvitations = missionService.getAllMissionInvitationsForClient(
-                clientUid, martiUtil.getGroupVectorBitString(request));
-
-        Set<String> missionNames = new HashSet<String>();
-        for (MissionInvitation mi : missionInvitations) {
-            missionNames.add(mi.getMissionName());
-        }
-
-        return new ApiResponse<Set<String>>(Constants.API_VERSION, "MissionInvitation", missionNames);
-    }
-
-    @RequestMapping(value = "/missions/invitations", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponse<Set<MissionInvitation>> getAllMissionInvitationsWithPasswords(
-            @RequestParam(value = "clientUid", required = true) @ValidatedBy("MartiSafeString") String clientUid) {
-
-        return new ApiResponse<Set<MissionInvitation>>(Constants.API_VERSION, "MissionInvitation",
-                missionService.getAllMissionInvitationsForClient(clientUid, martiUtil.getGroupVectorBitString(request)));
-    }
-
-    /*
-     * Get invitations to the specified mission
-     *
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{missionName:.+}/invitations", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponse<List<MissionInvitation>> getMissionInvitations(
-            @PathVariable("missionName") String missionName, HttpServletRequest request) {
+	/*
+	 * Get invitations to the specified mission
+	 *
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{missionName:.+}/invitations", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	public ApiResponse<List<MissionInvitation>> getMissionInvitations(
+			@PathVariable("missionName") String missionName, HttpServletRequest request) {
 
 		Mission mission = missionService.getMissionByNameCheckGroups(missionName, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, missionName);
 
-        List<MissionInvitation> missionInvitations = missionService.getMissionInvitations(mission.getName());
+		List<MissionInvitation> missionInvitations = missionService.getMissionInvitations(mission.getName());
 
-        return new ApiResponse<List<MissionInvitation>>(Constants.API_VERSION, "MissionInvitation", missionInvitations);
-    }
+		return new ApiResponse<List<MissionInvitation>>(Constants.API_VERSION, "MissionInvitation", missionInvitations);
+	}
 
-    @RequestMapping(value = "/missions/{name:.+}/invite/{type:.+}/{invitee:.+}", method = RequestMethod.PUT)
-    @ResponseStatus(HttpStatus.OK)
-    public void inviteToMission(
-            @PathVariable("name") @NotNull String missionName,
-            @PathVariable("type") @NotNull MissionInvitation.Type type,
-            @PathVariable("invitee") @NotNull String invitee,
-            @RequestParam(value = "creatorUid", required = true) @ValidatedBy("MartiSafeString") String creatorUid,
-            @RequestParam(value = "role", defaultValue = "") @ValidatedBy("MartiSafeString") MissionRole.Role role,
-            HttpServletRequest request) {
+	@RequestMapping(value = "/missions/{name:.+}/invite/{type:.+}/{invitee:.+}", method = RequestMethod.PUT)
+	@ResponseStatus(HttpStatus.OK)
+	public void inviteToMission(
+			@PathVariable("name") @NotNull String missionName,
+			@PathVariable("type") @NotNull MissionInvitation.Type type,
+			@PathVariable("invitee") @NotNull String invitee,
+			@RequestParam(value = "creatorUid", required = true) @ValidatedBy("MartiSafeString") String creatorUid,
+			@RequestParam(value = "role", defaultValue = "") @ValidatedBy("MartiSafeString") MissionRole.Role role,
+			HttpServletRequest request) {
 
-        if (Strings.isNullOrEmpty(missionName)) {
-            throw new IllegalArgumentException("empty mission name");
-        }
+		if (Strings.isNullOrEmpty(missionName)) {
+			throw new IllegalArgumentException("empty mission name");
+		}
 
-        missionName = missionService.trimName(missionName);
+		missionName = missionService.trimName(missionName);
 
-        String groupVector = martiUtil.getGroupVectorBitString(request);
+		String groupVector = martiUtil.getGroupVectorBitString(request);
 
 		Mission mission = missionService.getMissionByNameCheckGroups(missionName, groupVector);
 		missionService.validateMission(mission, missionName);
 
+		CoreConfig config = CoreConfigFacade.getInstance();
+
 		// If VBM is enabled, only let the mission owner or admin invite users to a COP mission
 		if (config.getRemoteConfiguration().getVbm() != null &&
 				config.getRemoteConfiguration().getVbm().isEnabled() &&
@@ -2507,32 +2475,32 @@ public void inviteToMission(
 			}
 		}
 
-        MissionRole inviteRole = null;
-        if (role != null) {
-            inviteRole = missionRoleRepository.findFirstByRole(role);
-        } else {
-            inviteRole = missionService.getDefaultRole(mission);
-        }
+		MissionRole inviteRole = null;
+		if (role != null) {
+			inviteRole = missionRoleRepository.findFirstByRole(role);
+		} else {
+			inviteRole = missionService.getDefaultRole(mission);
+		}
 
-        if (!missionService.validateRoleAssignment(mission, request, inviteRole)) {
-            throw new ForbiddenException("validateRoleAssignment failed! Illegal attempt to assign role "
-                    + inviteRole.getRole().name());
-        }
+		if (!missionService.validateRoleAssignment(mission, request, inviteRole)) {
+			throw new ForbiddenException("validateRoleAssignment failed! Illegal attempt to assign role "
+					+ inviteRole.getRole().name());
+		}
 
-        missionService.missionInvite(missionName, invitee, type, inviteRole, creatorUid, groupVector);
-    }
+		missionService.missionInvite(missionName, invitee, type, inviteRole, creatorUid, groupVector);
+	}
 
-    @RequestMapping(value = "/missions/{name:.+}/invite/{type:.+}/{invitee:.+}", method = RequestMethod.DELETE)
-    @ResponseStatus(HttpStatus.OK)
+	@RequestMapping(value = "/missions/{name:.+}/invite/{type:.+}/{invitee:.+}", method = RequestMethod.DELETE)
+	@ResponseStatus(HttpStatus.OK)
 	@Transactional
-    public void uninviteFromMission(
-            @PathVariable("name") @NotNull String missionName,
-            @PathVariable("type") @NotNull MissionInvitation.Type type,
-            @PathVariable("invitee") @NotNull String invitee,
-            @RequestParam(value = "creatorUid", required = true) @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request) {
-
-    	try {
+	public void uninviteFromMission(
+			@PathVariable("name") @NotNull String missionName,
+			@PathVariable("type") @NotNull MissionInvitation.Type type,
+			@PathVariable("invitee") @NotNull String invitee,
+			@RequestParam(value = "creatorUid", required = true) @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request) {
+
+		try {
 			if (Strings.isNullOrEmpty(missionName)) {
 				throw new IllegalArgumentException("empty mission name");
 			}
@@ -2542,6 +2510,8 @@ public void uninviteFromMission(
 			Mission mission = missionService.getMissionByNameCheckGroups(missionName, martiUtil.getGroupVectorBitString(request));
 			missionService.validateMission(mission, missionName);
 
+			CoreConfig config = CoreConfigFacade.getInstance();
+
 			// If VBM is enabled, only let the mission owner or admin invite users to a COP mission
 			if (config.getRemoteConfiguration().getVbm() != null &&
 					config.getRemoteConfiguration().getVbm().isEnabled() &&
@@ -2582,241 +2552,241 @@ public void uninviteFromMission(
 			logger.error("exception in uninviteFromMission!", e);
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 		}
-    }
+	}
 
-    // Mission Log
-    /*
-     * Create a new log entry (autogenerating the entry id)
-     *
-     */
-    @RequestMapping(value = "/missions/logs/entries", method = RequestMethod.POST)
-    @ResponseStatus(HttpStatus.CREATED)
-    public ApiResponse<LogEntry> postLogEntry(@RequestBody @NotNull LogEntry entry) {
+	// Mission Log
+	/*
+	 * Create a new log entry (autogenerating the entry id)
+	 *
+	 */
+	@RequestMapping(value = "/missions/logs/entries", method = RequestMethod.POST)
+	@ResponseStatus(HttpStatus.CREATED)
+	public ApiResponse<LogEntry> postLogEntry(@RequestBody @NotNull LogEntry entry) {
 
-        if (!Strings.isNullOrEmpty(entry.getId())) {
-            throw new IllegalArgumentException("log entry id must not be included for POST");
-        }
+		if (!Strings.isNullOrEmpty(entry.getId())) {
+			throw new IllegalArgumentException("log entry id must not be included for POST");
+		}
 
-        String groupVector = martiUtil.getGroupVectorBitString(request);
+		String groupVector = martiUtil.getGroupVectorBitString(request);
 
-        for (String name : entry.getMissionNames()) {
-            String missionName = missionService.trimName(name);
+		for (String name : entry.getMissionNames()) {
+			String missionName = missionService.trimName(name);
 			Mission mission = missionService.getMissionByNameCheckGroups(missionName, groupVector);
 			missionService.validateMission(mission, missionName);
 
-            MissionRole role = missionService.getRoleForRequest(mission, request);
-            if (role == null) {
-                logger.error("no role for request : " + request.getServletPath());
-                continue;
-            }
-
-            if (!role.hasPermission(MissionPermission.Permission.MISSION_WRITE)) {
-                throw new ForbiddenException("Illegal attempt to access mission!");
-            }
-        }
-
-        // save the new log entry and let the database generate the id
-        return new ApiResponse<>(Constants.API_VERSION, LogEntry.class.getName(),
-                missionService.addUpdateLogEntry(entry, new Date(), groupVector));
-    }
-
-    /*
-     * Get all log entries combined in one list (regardless of mission)
-     *
-     */
-    @PreAuthorize("hasRole('ROLE_ADMIN')") // restrict to admin
-    @RequestMapping(value = "/missions/all/logs", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponse<List<LogEntry>> getAllLogEntries() {
-
-        return new ApiResponse<>(Constants.API_VERSION, LogEntry.class.getName(), logEntryRepository.findAll());
-    }
-
-    /*
-     * Get one log entry by id
-     *
-     */
-    @RequestMapping(value = "/missions/logs/entries/{id}", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponse<List<LogEntry>> getOneLogEntry(@PathVariable("id") @NotNull String id) {
-
-        LogEntry entry = logEntryRepository.getOne(id);
-
-        String msg = "log entry " + id + " not found";
-
-        if (entry == null) {
-            throw new NotFoundException(msg);
-        }
-
-        for (String name : entry.getMissionNames()) {
-            String missionName = missionService.trimName(name);
+			MissionRole role = missionService.getRoleForRequest(mission, request);
+			if (role == null) {
+				logger.error("no role for request : " + request.getServletPath());
+				continue;
+			}
+
+			if (!role.hasPermission(MissionPermission.Permission.MISSION_WRITE)) {
+				throw new ForbiddenException("Illegal attempt to access mission!");
+			}
+		}
+
+		// save the new log entry and let the database generate the id
+		return new ApiResponse<>(Constants.API_VERSION, LogEntry.class.getName(),
+				missionService.addUpdateLogEntry(entry, new Date(), groupVector));
+	}
+
+	/*
+	 * Get all log entries combined in one list (regardless of mission)
+	 *
+	 */
+	@PreAuthorize("hasRole('ROLE_ADMIN')") // restrict to admin
+	@RequestMapping(value = "/missions/all/logs", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	public ApiResponse<List<LogEntry>> getAllLogEntries() {
+
+		return new ApiResponse<>(Constants.API_VERSION, LogEntry.class.getName(), logEntryRepository.findAll());
+	}
+
+	/*
+	 * Get one log entry by id
+	 *
+	 */
+	@RequestMapping(value = "/missions/logs/entries/{id}", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	public ApiResponse<List<LogEntry>> getOneLogEntry(@PathVariable("id") @NotNull String id) {
+
+		LogEntry entry = logEntryRepository.getOne(id);
+
+		String msg = "log entry " + id + " not found";
+
+		if (entry == null) {
+			throw new NotFoundException(msg);
+		}
+
+		for (String name : entry.getMissionNames()) {
+			String missionName = missionService.trimName(name);
 			Mission mission = missionService.getMissionByNameCheckGroups(missionName, martiUtil.getGroupVectorBitString(request));
 			missionService.validateMission(mission, missionName);
 
-            MissionRole role = missionService.getRoleForRequest(mission, request);
-            if (role == null) {
-                logger.error("no role for request : " + request.getServletPath());
-                continue;
-            }
+			MissionRole role = missionService.getRoleForRequest(mission, request);
+			if (role == null) {
+				logger.error("no role for request : " + request.getServletPath());
+				continue;
+			}
 
-            if (!role.hasPermission(MissionPermission.Permission.MISSION_READ)) {
-                throw new ForbiddenException("Illegal attempt to access mission!");
-            }
-        }
+			if (!role.hasPermission(MissionPermission.Permission.MISSION_READ)) {
+				throw new ForbiddenException("Illegal attempt to access mission!");
+			}
+		}
 
-        return new ApiResponse<List<LogEntry>>(Constants.API_VERSION, LogEntry.class.getName(), Lists.newArrayList(entry));
-    }
+		return new ApiResponse<List<LogEntry>>(Constants.API_VERSION, LogEntry.class.getName(), Lists.newArrayList(entry));
+	}
 
-    /*
-     *
-     * Update an existing log entry
-     *
-     */
-    @RequestMapping(value = "/missions/logs/entries", method = RequestMethod.PUT)
-    @ResponseStatus(HttpStatus.CREATED)
-    @Transactional
-    public ApiResponse<LogEntry> updateLogEntry(@RequestBody LogEntry entry) {
+	/*
+	 *
+	 * Update an existing log entry
+	 *
+	 */
+	@RequestMapping(value = "/missions/logs/entries", method = RequestMethod.PUT)
+	@ResponseStatus(HttpStatus.CREATED)
+	@Transactional
+	public ApiResponse<LogEntry> updateLogEntry(@RequestBody LogEntry entry) {
 
-        if (Strings.isNullOrEmpty(entry.getId())) {
-            throw new IllegalArgumentException("log entry id must be included for PUT");
-        }
+		if (Strings.isNullOrEmpty(entry.getId())) {
+			throw new IllegalArgumentException("log entry id must be included for PUT");
+		}
 
-        logger.info("servertime: " + entry.getServertime());
+		logger.info("servertime: " + entry.getServertime());
 
-        if (entry.getServertime() != null) {
-            throw new IllegalArgumentException("servertime can't be modified");
-        }
+		if (entry.getServertime() != null) {
+			throw new IllegalArgumentException("servertime can't be modified");
+		}
 
-        String groupVector = martiUtil.getGroupVectorBitString(request);
+		String groupVector = martiUtil.getGroupVectorBitString(request);
 
-        for (String name : entry.getMissionNames()) {
-            String missionName = missionService.trimName(name);
+		for (String name : entry.getMissionNames()) {
+			String missionName = missionService.trimName(name);
 			Mission mission = missionService.getMissionByNameCheckGroups(missionName, groupVector);
 			missionService.validateMission(mission, missionName);
 
-            MissionRole role = missionService.getRoleForRequest(mission, request);
-            if (role == null) {
-                logger.error("no role for request : " + request.getServletPath());
-                continue;
-            }
-
-            if (!role.hasPermission(MissionPermission.Permission.MISSION_WRITE)) {
-                throw new ForbiddenException("Illegal attempt to access mission!");
-            }
-        }
-
-        // Don't allow create through this path (by specifying primary key)
-        if (!logEntryRepository.existsById(entry.getId())) {
-            throw new IllegalArgumentException("Log entry " + entry.getId() + " not found");
-        }
-
-        entry = missionService.addUpdateLogEntry(entry, new Date(), groupVector);
-
-        return new ApiResponse<>(Constants.API_VERSION, LogEntry.class.getName(), entry);
-    }
-
-    /*
-     *
-     * Delete a log entry
-     *
-     */
-    @RequestMapping(value = "/missions/logs/entries/{id}", method = RequestMethod.DELETE)
-    @ResponseStatus(HttpStatus.OK)
-    public void deleteLogEntry(@PathVariable(value = "id") String id) {
-
-        if (Strings.isNullOrEmpty(id)) {
-            throw new IllegalArgumentException("log entry id must be provided for DELETE");
-        }
-
-        LogEntry entry = logEntryRepository.getOne(id);
-        if (entry == null) {
-            throw new NotFoundException("log entry " + id + " not found");
-        }
-
-        String groupVector = martiUtil.getGroupVectorBitString(request);
-
-        for (String name : entry.getMissionNames()) {
-            String missionName = missionService.trimName(name);
+			MissionRole role = missionService.getRoleForRequest(mission, request);
+			if (role == null) {
+				logger.error("no role for request : " + request.getServletPath());
+				continue;
+			}
+
+			if (!role.hasPermission(MissionPermission.Permission.MISSION_WRITE)) {
+				throw new ForbiddenException("Illegal attempt to access mission!");
+			}
+		}
+
+		// Don't allow create through this path (by specifying primary key)
+		if (!logEntryRepository.existsById(entry.getId())) {
+			throw new IllegalArgumentException("Log entry " + entry.getId() + " not found");
+		}
+
+		entry = missionService.addUpdateLogEntry(entry, new Date(), groupVector);
+
+		return new ApiResponse<>(Constants.API_VERSION, LogEntry.class.getName(), entry);
+	}
+
+	/*
+	 *
+	 * Delete a log entry
+	 *
+	 */
+	@RequestMapping(value = "/missions/logs/entries/{id}", method = RequestMethod.DELETE)
+	@ResponseStatus(HttpStatus.OK)
+	public void deleteLogEntry(@PathVariable(value = "id") String id) {
+
+		if (Strings.isNullOrEmpty(id)) {
+			throw new IllegalArgumentException("log entry id must be provided for DELETE");
+		}
+
+		LogEntry entry = logEntryRepository.getOne(id);
+		if (entry == null) {
+			throw new NotFoundException("log entry " + id + " not found");
+		}
+
+		String groupVector = martiUtil.getGroupVectorBitString(request);
+
+		for (String name : entry.getMissionNames()) {
+			String missionName = missionService.trimName(name);
 			Mission mission = missionService.getMissionByNameCheckGroups(missionName, groupVector);
 			missionService.validateMission(mission, missionName);
 
-            MissionRole role = missionService.getRoleForRequest(mission, request);
-            if (role == null) {
-                logger.error("no role for request : " + request.getServletPath());
-                continue;
-            }
-
-            if (!role.hasPermission(MissionPermission.Permission.MISSION_WRITE)) {
-                throw new ForbiddenException("Illegal attempt to access mission!");
-            }
-        }
-
-        missionService.deleteLogEntry(id, groupVector);
-    }
-
-    /*
-     * For a given mission, return all log entries, optionally filtered by time interval.
-     *
-     * If time filter is specified, and there are no changes, return an empty list.
-     *
-     */
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{missionName:.+}/log", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponse<List<LogEntry>> getLogEntry(@PathVariable("missionName") @NotNull String missionName,
-                                                   @RequestParam(value = "secago", required = false) Long secago,
-                                                   @RequestParam(value = "start", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
-                                                   @RequestParam(value = "end", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end,
-                                                   HttpServletRequest request) {
-
-        String name = missionService.trimName(missionName);
+			MissionRole role = missionService.getRoleForRequest(mission, request);
+			if (role == null) {
+				logger.error("no role for request : " + request.getServletPath());
+				continue;
+			}
+
+			if (!role.hasPermission(MissionPermission.Permission.MISSION_WRITE)) {
+				throw new ForbiddenException("Illegal attempt to access mission!");
+			}
+		}
+
+		missionService.deleteLogEntry(id, groupVector);
+	}
+
+	/*
+	 * For a given mission, return all log entries, optionally filtered by time interval.
+	 *
+	 * If time filter is specified, and there are no changes, return an empty list.
+	 *
+	 */
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{missionName:.+}/log", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	public ApiResponse<List<LogEntry>> getLogEntry(@PathVariable("missionName") @NotNull String missionName,
+												   @RequestParam(value = "secago", required = false) Long secago,
+												   @RequestParam(value = "start", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date start,
+												   @RequestParam(value = "end", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Date end,
+												   HttpServletRequest request) {
+
+		String name = missionService.trimName(missionName);
 
 		Mission mission = missionService.getMissionByNameCheckGroups(name, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, name);
 
-        return new ApiResponse<List<LogEntry>>(Constants.API_VERSION, LogEntry.class.getName(),
-                missionService.getLogEntriesForMission(mission, secago, start, end));
-    }
+		return new ApiResponse<List<LogEntry>>(Constants.API_VERSION, LogEntry.class.getName(),
+				missionService.getLogEntriesForMission(mission, secago, start, end));
+	}
 
-    /*
-     * Get resource metadata by hash
-     */
-    @RequestMapping(value = "/resources/{hash}", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    @PreAuthorize("hasRole('ROLE_ADMIN')") // restrict to admin, since this path doesn't check group membership
-    public ApiResponse<List<Resource>> getResource(@PathVariable("hash") @NotNull String hash) {
+	/*
+	 * Get resource metadata by hash
+	 */
+	@RequestMapping(value = "/resources/{hash}", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	@PreAuthorize("hasRole('ROLE_ADMIN')") // restrict to admin, since this path doesn't check group membership
+	public ApiResponse<List<Resource>> getResource(@PathVariable("hash") @NotNull String hash) {
 
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("fetch resource by hash " + hash);
-    	}
+		if (logger.isDebugEnabled()) {
+			logger.debug("fetch resource by hash " + hash);
+		}
 
-        Resource resource = ResourceUtils.fetchResourceByHash(hash);
+		Resource resource = ResourceUtils.fetchResourceByHash(hash);
 
-        if (resource == null) {
-            throw new NotFoundException("no resource found for hash " + hash);
-        }
+		if (resource == null) {
+			throw new NotFoundException("no resource found for hash " + hash);
+		}
 
-        return new ApiResponse<List<Resource>>(Constants.API_VERSION, Resource.class.getSimpleName(), Lists.newArrayList(resource));
-    }
+		return new ApiResponse<List<Resource>>(Constants.API_VERSION, Resource.class.getSimpleName(), Lists.newArrayList(resource));
+	}
 
-    // Get all latest CoT events for a mission
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{name:.+}/cot", method = RequestMethod.GET)
-    ResponseEntity<String> getLatestMissionCotEvents(@PathVariable("name") @NotNull String missionName, HttpServletRequest request) {
+	// Get all latest CoT events for a mission
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{name:.+}/cot", method = RequestMethod.GET)
+	ResponseEntity<String> getLatestMissionCotEvents(@PathVariable("name") @NotNull String missionName, HttpServletRequest request) {
 
-    	final String sessionId = requestHolderBean.sessionId();
+		final String sessionId = requestHolderBean.sessionId();
 
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("session id: " + requestHolderBean.sessionId());
-    	}
+		if (logger.isDebugEnabled()) {
+			logger.debug("session id: " + requestHolderBean.sessionId());
+		}
 
-    	if (Strings.isNullOrEmpty(missionName)) {
-    		throw new IllegalArgumentException("empty mission name");
-    	}
+		if (Strings.isNullOrEmpty(missionName)) {
+			throw new IllegalArgumentException("empty mission name");
+		}
 
-    	String fmissionName = missionService.trimName(missionName);
+		String fmissionName = missionService.trimName(missionName);
 
-    	String groupVector = martiUtil.getGroupVectorBitString(sessionId);
+		String groupVector = martiUtil.getGroupVectorBitString(sessionId);
 
 		// will throw appropriate exeception if mission does not exist or has been deleted
 		Mission mission = missionService.getMissionByNameCheckGroups(fmissionName, groupVector);
@@ -2824,50 +2794,52 @@ ResponseEntity<String> getLatestMissionCotEvents(@PathVariable("name") @NotNull
 
 		String cot = missionService.getCachedCot(missionName, mission.getUids(), groupVector);
 
-    	HttpHeaders headers = new HttpHeaders();
-    	headers.setContentType(org.springframework.http.MediaType.APPLICATION_XML);
+		HttpHeaders headers = new HttpHeaders();
+		headers.setContentType(org.springframework.http.MediaType.APPLICATION_XML);
 
-    	return new ResponseEntity<String>(cot, headers, HttpStatus.OK);
-    }
+		return new ResponseEntity<String>(cot, headers, HttpStatus.OK);
+	}
 
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{name:.+}/contacts", method = RequestMethod.GET)
-    @ResponseStatus(HttpStatus.OK)
-    public ResponseEntity<List<RemoteSubscription>> results(
-            @PathVariable("name") @NotNull String missionName, HttpServletRequest request) throws RemoteException {
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{name:.+}/contacts", method = RequestMethod.GET)
+	@ResponseStatus(HttpStatus.OK)
+	public ResponseEntity<List<RemoteSubscription>> results(
+			@PathVariable("name") @NotNull String missionName, HttpServletRequest request) throws RemoteException {
 
-        if (Strings.isNullOrEmpty(missionName)) {
-            throw new IllegalArgumentException("empty mission name");
-        }
+		if (Strings.isNullOrEmpty(missionName)) {
+			throw new IllegalArgumentException("empty mission name");
+		}
 
-        missionName = missionService.trimName(missionName);
+		missionName = missionService.trimName(missionName);
 
 		Mission mission = missionService.getMissionByNameCheckGroups(missionName, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, missionName);
 
-        List<RemoteSubscription> results = subscriptionManager.getSubscriptionsWithGroupAccess(mission.getGroupVector(), false);
+		List<RemoteSubscription> results = subscriptionManager.getSubscriptionsWithGroupAccess(mission.getGroupVector(), false);
 
-        return new ResponseEntity<List<RemoteSubscription>>(results, new HttpHeaders(), HttpStatus.OK);
-    }
+		return new ResponseEntity<List<RemoteSubscription>>(results, new HttpHeaders(), HttpStatus.OK);
+	}
 
-    @RequestMapping(value = "/missions/{name:.+}/invite", method = RequestMethod.POST)
-    public void sendMissionInvites(
-            @PathVariable("name") @NotNull String missionName,
-            @RequestParam(value = "creatorUid", required = false) @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request
-    ) throws RemoteException, ValidationException, IOException {
+	@RequestMapping(value = "/missions/{name:.+}/invite", method = RequestMethod.POST)
+	public void sendMissionInvites(
+			@PathVariable("name") @NotNull String missionName,
+			@RequestParam(value = "creatorUid", required = false) @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request
+	) throws RemoteException, ValidationException, IOException {
 
-    	if (Strings.isNullOrEmpty(missionName)) {
-            throw new IllegalArgumentException("empty mission name");
-        }
+		if (Strings.isNullOrEmpty(missionName)) {
+			throw new IllegalArgumentException("empty mission name");
+		}
 
-        missionName = missionService.trimName(missionName);
+		missionName = missionService.trimName(missionName);
 
-        String groupVector = martiUtil.getGroupVectorBitString(request);
+		String groupVector = martiUtil.getGroupVectorBitString(request);
 
 		Mission mission = missionService.getMissionByNameCheckGroups(missionName, groupVector);
 		missionService.validateMission(mission, missionName);
 
+		CoreConfig config = CoreConfigFacade.getInstance();
+
 		// If VBM is enabled, only let the mission owner or admin invite users to a COP mission
 		if (config.getRemoteConfiguration().getVbm() != null &&
 				config.getRemoteConfiguration().getVbm().isEnabled() &&
@@ -2893,276 +2865,272 @@ public void sendMissionInvites(
 			}
 		}
 
-        if (missionService.getApiVersionNumberFromRequest(request) > 2) {
+		if (missionService.getApiVersionNumberFromRequest(request) > 2) {
 
-            String body = new String(IOUtils.toByteArray(request.getInputStream()));
+			String body = new String(IOUtils.toByteArray(request.getInputStream()));
 
-            ObjectMapper mapper = new ObjectMapper();
-            List<MissionInvitation> missionInvitations =
-                    mapper.readValue(body, new TypeReference<List<MissionInvitation>>(){});
+			ObjectMapper mapper = new ObjectMapper();
+			List<MissionInvitation> missionInvitations =
+					mapper.readValue(body, new TypeReference<List<MissionInvitation>>(){});
 
-            for (MissionInvitation missionInvitation : missionInvitations) {
+			for (MissionInvitation missionInvitation : missionInvitations) {
 
-                if (missionInvitation.getType() == null || missionInvitation.getInvitee() == null) {
-                    throw new IllegalArgumentException("invitation found without type or invitee attribute!");
-                }
+				if (missionInvitation.getType() == null || missionInvitation.getInvitee() == null) {
+					throw new IllegalArgumentException("invitation found without type or invitee attribute!");
+				}
 
-                missionInvitation.setMissionName(missionName);
-                missionInvitation.setCreatorUid(creatorUid);
-                missionInvitation.setCreateTime(new Date());
+				missionInvitation.setMissionName(missionName);
+				missionInvitation.setCreatorUid(creatorUid);
+				missionInvitation.setCreateTime(new Date());
 
-                MissionRole role = missionInvitation.getRole();
-                if (role == null) {
-                    role = missionService.getDefaultRole(mission);
-                } else {
-                    role = missionRoleRepository.findFirstByRole(role.getRole());
-                }
+				MissionRole role = missionInvitation.getRole();
+				if (role == null) {
+					role = missionService.getDefaultRole(mission);
+				} else {
+					role = missionRoleRepository.findFirstByRole(role.getRole());
+				}
 
-                if (!missionService.validateRoleAssignment(mission, request, role)) {
-                    throw new ForbiddenException("validateRoleAssignment failed! Illegal attempt to assign role "
-                            + role.getRole().name());
-                }
+				if (!missionService.validateRoleAssignment(mission, request, role)) {
+					throw new ForbiddenException("validateRoleAssignment failed! Illegal attempt to assign role "
+							+ role.getRole().name());
+				}
 
-                String token = missionService.generateToken(
-                        UUID.randomUUID().toString(), missionName, MissionTokenUtils.TokenType.INVITATION, -1);
-                missionInvitation.setToken(token);
+				String token = missionService.generateToken(
+						UUID.randomUUID().toString(), missionName, MissionTokenUtils.TokenType.INVITATION, -1);
+				missionInvitation.setToken(token);
 
-                missionInvitation.setRole(role);
+				missionInvitation.setRole(role);
 
-                missionService.missionInvite(mission, missionInvitation);
-            }
+				missionService.missionInvite(mission, missionInvitation);
+			}
 
-        } else {
+		} else {
 
-            String[] contactUids = request.getParameterValues("contacts");
+			String[] contactUids = request.getParameterValues("contacts");
 
-            if (contactUids == null || contactUids.length == 0) {
-                throw new IllegalArgumentException("empty contacts array");
-            }
+			if (contactUids == null || contactUids.length == 0) {
+				throw new IllegalArgumentException("empty contacts array");
+			}
 
-            // validate the uids before sending on to the subscriptionManager
-            for (String uid : contactUids) {
-                validator.getValidInput(context, uid, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
-            }
-            validateParameters(new Object() {
-            }.getClass().getEnclosingMethod());
+			// validate the uids before sending on to the subscriptionManager
+			for (String uid : contactUids) {
+				validator.getValidInput(context, uid, "MartiSafeString", DEFAULT_PARAMETER_LENGTH, false);
+			}
+			validateParameters(new Object() {
+			}.getClass().getEnclosingMethod());
 
-            User user = groupManager.getUserByConnectionId(RequestContextHolder.currentRequestAttributes().getSessionId());
+			User user = groupManager.getUserByConnectionId(RequestContextHolder.currentRequestAttributes().getSessionId());
 
-            String author = Strings.isNullOrEmpty(creatorUid) ? user.getName() : creatorUid;
+			String author = Strings.isNullOrEmpty(creatorUid) ? user.getName() : creatorUid;
 
-            MissionRole inviteRole = missionService.getDefaultRole(mission);
+			MissionRole inviteRole = missionService.getDefaultRole(mission);
 
-            if (!missionService.validateRoleAssignment(mission, request, inviteRole)) {
-                throw new ForbiddenException("validateRoleAssignment failed! Illegal attempt to assign role "
-                        + inviteRole.getRole().name());
-            }
+			if (!missionService.validateRoleAssignment(mission, request, inviteRole)) {
+				throw new ForbiddenException("validateRoleAssignment failed! Illegal attempt to assign role "
+						+ inviteRole.getRole().name());
+			}
 
-            for (String uid : contactUids) {
-                try {
-                    missionService.missionInvite(
-                            missionName, uid, MissionInvitation.Type.clientUid, inviteRole, author, groupVector);
-                } catch (Exception e) {
-                    logger.debug("Attempt to re-invite clientUid: " + uid + " to: " + missionName);
-                    continue;
-                }
-            }
-        }
+			for (String uid : contactUids) {
+				try {
+					missionService.missionInvite(
+							missionName, uid, MissionInvitation.Type.clientUid, inviteRole, author, groupVector);
+				} catch (Exception e) {
+					logger.debug("Attempt to re-invite clientUid: " + uid + " to: " + missionName);
+					continue;
+				}
+			}
+		}
 
-        response.setStatus(HttpServletResponse.SC_OK);
+		response.setStatus(HttpServletResponse.SC_OK);
 
-    }
+	}
 
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{childName:.+}/parent/{parentName:.+}", method = RequestMethod.PUT)
-    @ResponseStatus(HttpStatus.OK)
-    public void setParent(@PathVariable("childName") @NotNull String childName,
-                          @PathVariable("parentName") @NotNull String parentName,
-                          HttpServletRequest request) {
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{childName:.+}/parent/{parentName:.+}", method = RequestMethod.PUT)
+	@ResponseStatus(HttpStatus.OK)
+	public void setParent(@PathVariable("childName") @NotNull String childName,
+						  @PathVariable("parentName") @NotNull String parentName,
+						  HttpServletRequest request) {
 
-        childName = missionService.trimName(childName);
-        parentName = missionService.trimName(parentName);
+		childName = missionService.trimName(childName);
+		parentName = missionService.trimName(parentName);
 
 		Mission mission = missionService.getMissionByNameCheckGroups(childName, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, childName);
 
-        missionService.setParent(childName, parentName, martiUtil.getGroupVectorBitString(request));
-    }
+		missionService.setParent(childName, parentName, martiUtil.getGroupVectorBitString(request));
+	}
 
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{childName:.+}/parent", method = RequestMethod.DELETE)
-    @ResponseStatus(HttpStatus.OK)
-    public void clearParent(@PathVariable("childName") @NotNull String childName, HttpServletRequest request) {
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{childName:.+}/parent", method = RequestMethod.DELETE)
+	@ResponseStatus(HttpStatus.OK)
+	public void clearParent(@PathVariable("childName") @NotNull String childName, HttpServletRequest request) {
 
-        childName = missionService.trimName(childName);
+		childName = missionService.trimName(childName);
 
 		Mission mission = missionService.getMissionByNameCheckGroups(childName, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, childName);
 
-        missionService.clearParent(childName, martiUtil.getGroupVectorBitString(request));
-    }
+		missionService.clearParent(childName, martiUtil.getGroupVectorBitString(request));
+	}
 
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{name:.+}/children", method = RequestMethod.GET)
-    ApiResponse<Set<Mission>> getChildren(@PathVariable("name") @NotNull String parentName, HttpServletRequest request) {
-        String groupVector = martiUtil.getGroupVectorBitString(request);
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{name:.+}/children", method = RequestMethod.GET)
+	ApiResponse<Set<Mission>> getChildren(@PathVariable("name") @NotNull String parentName, HttpServletRequest request) {
+		String groupVector = martiUtil.getGroupVectorBitString(request);
 
-        parentName = missionService.trimName(parentName);
+		parentName = missionService.trimName(parentName);
 
 		Mission mission = missionService.getMissionByNameCheckGroups(parentName, martiUtil.getGroupVectorBitString(request));
 		missionService.validateMission(mission, parentName);
 
-        Set<Mission> children = missionService.getChildren(parentName, groupVector);
-        for (Mission child: children) {
-        	MissionUtils.findAndSetTransientValuesForMission(child);
-        }
-
-        return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), children);
-    }
-
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{name:.+}/parent", method = RequestMethod.GET)
-    ApiResponse<Mission> getParent(@PathVariable("name") @NotNull String parentName, HttpServletRequest request) {
-        String groupVector = martiUtil.getGroupVectorBitString(request);
-        Mission mission = missionService.getMission(missionService.trimName(parentName), groupVector);
-
-        if (mission.getParent() == null) {
-            throw new NotFoundException("Parent mission not found");
-        }
-
-        Mission re =  missionService.hydrate(mission.getParent(), true);
-        MissionUtils.findAndSetTransientValuesForMission(re);
-        
-        return new ApiResponse<Mission>(Constants.API_VERSION, Mission.class.getSimpleName(),re);
-    }
-
-    @PreAuthorize("hasPermission(#request, 'MISSION_READ')")
-    @RequestMapping(value = "/missions/{name:.+}/kml", method = RequestMethod.GET)
-    ResponseEntity<String> getKml(
-            @PathVariable("name") @NotNull String missionName,
-            @RequestParam(value = "download", defaultValue = "false") boolean download,
-            HttpServletRequest request) {
-        String groupVector = martiUtil.getGroupVectorBitString(request);
-     
-        HttpHeaders headers = new HttpHeaders();
-        headers.setContentType(new org.springframework.http.MediaType(
-                "application", "vnd.google-earth.kml+xml"));
-
-        String urlBase = null;
-        if (download) {
-            headers.setContentDispositionFormData("kml", missionName + ".kml");
-        } else {
-            String requestUrl = request.getRequestURL().toString();
-            try {
-                requestUrl = URLDecoder.decode(requestUrl, "UTF-8");
-            } catch (UnsupportedEncodingException e) {
-                logger.error("error decoding URL!" + requestUrl);
-            }
-            urlBase = requestUrl.substring(0, requestUrl.indexOf(request.getServletPath()));
-        }
-
-        return new ResponseEntity<String>(
-                missionService.getMissionKml(missionName, urlBase, groupVector), headers, HttpStatus.OK);
-    }
-
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name}/externaldata", method = RequestMethod.POST)
-    @ResponseStatus(HttpStatus.CREATED)
-    public ApiResponse<ExternalMissionData> setExternalMissionData(
-            @PathVariable(value = "name") String missionName,
-            @RequestParam(value = "creatorUid") @ValidatedBy("MartiSafeString") String creatorUid,
-            @RequestBody @NotNull ExternalMissionData externalMissionData,
-            HttpServletRequest request) {
-        if (Strings.isNullOrEmpty(externalMissionData.getId())) {
-            throw new IllegalArgumentException("ExternalMissionData id must be included");
-        }
-
-        String groupVector = martiUtil.getGroupVectorBitString(request);
-
-        externalMissionData = missionService.setExternalMissionData(missionName, creatorUid, externalMissionData, groupVector);
-
-        // save the new log entry and let the database generate the id
-        return new ApiResponse<>(Constants.API_VERSION, ExternalMissionData.class.getName(), externalMissionData);
-    }
-
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name}/externaldata/{id}", method = RequestMethod.DELETE)
-    @ResponseStatus(HttpStatus.OK)
-    public void deleteExternalMissionData(
-            @PathVariable(value = "name") String missionName,
-            @PathVariable(value = "id") String externalMissionDataId,
-            @RequestParam(value = "notes") @ValidatedBy("MartiSafeString") String notes,
-            @RequestParam(value = "creatorUid") @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request) {
-        String groupVector = martiUtil.getGroupVectorBitString(request);
-
-        missionService.deleteExternalMissionData(missionName, externalMissionDataId, notes, creatorUid, groupVector);
-    }
-
-    @PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
-    @RequestMapping(value = "/missions/{name}/externaldata/{id}/change", method = RequestMethod.POST)
-    @ResponseStatus(HttpStatus.OK)
-    public void notifyExternalDataChanged(
-            @PathVariable(value = "name") String missionName,
-            @PathVariable(value = "id") String externalMissionDataId,
-            @RequestParam(value = "creatorUid") @ValidatedBy("MartiSafeString") String creatorUid,
-            @RequestParam(value = "notes") @ValidatedBy("MartiSafeString") String notes,
-            @RequestBody String token,
-            HttpServletRequest request) {
-        String groupVector = martiUtil.getGroupVectorBitString(request);
-
-        missionService.notifyExternalMissionDataChanged(missionName, externalMissionDataId, token, notes, creatorUid, groupVector);
-    }
-
-    @PreAuthorize("hasPermission(#request, 'MISSION_SET_PASSWORD')")
-    @RequestMapping(value = "/missions/{name:.+}/password", method = RequestMethod.PUT)
-    @ResponseStatus(HttpStatus.OK)
-    public void setPassword(
-            @PathVariable(value = "name") @ValidatedBy("MartiSafeString") String missionName,
-            @RequestParam(value = "password", defaultValue = "") @ValidatedBy("MartiSafeString") String password,
-            @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request) {
-
-        missionName = missionService.trimName(missionName);
-
-        String groupVector = martiUtil.getGroupVectorBitString(request);
-        Mission mission = missionService.getMission(missionName, groupVector);
-
-        String newPasswordHash = BCrypt.hashpw(password, BCrypt.gensalt());
-        missionRepository.setPasswordHash(missionName, newPasswordHash, groupVector);
-        missionService.invalidateMissionCache(missionName);
-
-        try {
-            subscriptionManager.broadcastMissionAnnouncement(missionName, mission.getGroupVector(), creatorUid,
-                    SubscriptionManagerLite.ChangeType.METADATA, mission.getTool());
-        } catch (Exception e) {
-            logger.debug("exception announcing mission change " + e.getMessage(), e);
-        }
-    }
-
-    @PreAuthorize("hasPermission(#request, 'MISSION_SET_PASSWORD')")
-    @RequestMapping(value = "/missions/{name:.+}/password", method = RequestMethod.DELETE)
-    @ResponseStatus(HttpStatus.OK)
-    public void removePassword(
-            @PathVariable(value = "name") @ValidatedBy("MartiSafeString") String missionName,
-            @RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
-            HttpServletRequest request) {
-
-        missionName = missionService.trimName(missionName);
-
-        String groupVector = martiUtil.getGroupVectorBitString(request);
-        Mission mission = missionService.getMission(missionName, groupVector);
-
-        missionRepository.setPasswordHash(missionName, null, groupVector);
-        missionService.invalidateMissionCache(missionName);
-
-        try {
-            subscriptionManager.broadcastMissionAnnouncement(missionName, mission.getGroupVector(), creatorUid,
-                    SubscriptionManagerLite.ChangeType.METADATA, mission.getTool());
-        } catch (Exception e) {
-            logger.debug("exception announcing mission change " + e.getMessage(), e);
-        }
-    }
+		Set<Mission> children = missionService.getChildren(parentName, groupVector);
+
+		return new ApiResponse<Set<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), children);
+	}
+
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{name:.+}/parent", method = RequestMethod.GET)
+	ApiResponse<Mission> getParent(@PathVariable("name") @NotNull String parentName, HttpServletRequest request) {
+		String groupVector = martiUtil.getGroupVectorBitString(request);
+		Mission mission = missionService.getMission(missionService.trimName(parentName), groupVector);
+
+		if (mission.getParent() == null) {
+			throw new NotFoundException("Parent mission not found");
+		}
+
+		Mission re =  missionService.hydrate(mission.getParent(), true);
+
+		return new ApiResponse<Mission>(Constants.API_VERSION, Mission.class.getSimpleName(),re);
+	}
+
+	@PreAuthorize("hasPermission(#request, 'MISSION_READ')")
+	@RequestMapping(value = "/missions/{name:.+}/kml", method = RequestMethod.GET)
+	ResponseEntity<String> getKml(
+			@PathVariable("name") @NotNull String missionName,
+			@RequestParam(value = "download", defaultValue = "false") boolean download,
+			HttpServletRequest request) {
+		String groupVector = martiUtil.getGroupVectorBitString(request);
+
+		HttpHeaders headers = new HttpHeaders();
+		headers.setContentType(new org.springframework.http.MediaType(
+				"application", "vnd.google-earth.kml+xml"));
+
+		String urlBase = null;
+		if (download) {
+			headers.setContentDispositionFormData("kml", missionName + ".kml");
+		} else {
+			String requestUrl = request.getRequestURL().toString();
+			try {
+				requestUrl = URLDecoder.decode(requestUrl, "UTF-8");
+			} catch (UnsupportedEncodingException e) {
+				logger.error("error decoding URL!" + requestUrl);
+			}
+			urlBase = requestUrl.substring(0, requestUrl.indexOf(request.getServletPath()));
+		}
+
+		return new ResponseEntity<String>(
+				missionService.getMissionKml(missionName, urlBase, groupVector), headers, HttpStatus.OK);
+	}
+
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name}/externaldata", method = RequestMethod.POST)
+	@ResponseStatus(HttpStatus.CREATED)
+	public ApiResponse<ExternalMissionData> setExternalMissionData(
+			@PathVariable(value = "name") String missionName,
+			@RequestParam(value = "creatorUid") @ValidatedBy("MartiSafeString") String creatorUid,
+			@RequestBody @NotNull ExternalMissionData externalMissionData,
+			HttpServletRequest request) {
+		if (Strings.isNullOrEmpty(externalMissionData.getId())) {
+			throw new IllegalArgumentException("ExternalMissionData id must be included");
+		}
+
+		String groupVector = martiUtil.getGroupVectorBitString(request);
+
+		externalMissionData = missionService.setExternalMissionData(missionName, creatorUid, externalMissionData, groupVector);
+
+		// save the new log entry and let the database generate the id
+		return new ApiResponse<>(Constants.API_VERSION, ExternalMissionData.class.getName(), externalMissionData);
+	}
+
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name}/externaldata/{id}", method = RequestMethod.DELETE)
+	@ResponseStatus(HttpStatus.OK)
+	public void deleteExternalMissionData(
+			@PathVariable(value = "name") String missionName,
+			@PathVariable(value = "id") String externalMissionDataId,
+			@RequestParam(value = "notes") @ValidatedBy("MartiSafeString") String notes,
+			@RequestParam(value = "creatorUid") @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request) {
+		String groupVector = martiUtil.getGroupVectorBitString(request);
+
+		missionService.deleteExternalMissionData(missionName, externalMissionDataId, notes, creatorUid, groupVector);
+	}
+
+	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
+	@RequestMapping(value = "/missions/{name}/externaldata/{id}/change", method = RequestMethod.POST)
+	@ResponseStatus(HttpStatus.OK)
+	public void notifyExternalDataChanged(
+			@PathVariable(value = "name") String missionName,
+			@PathVariable(value = "id") String externalMissionDataId,
+			@RequestParam(value = "creatorUid") @ValidatedBy("MartiSafeString") String creatorUid,
+			@RequestParam(value = "notes") @ValidatedBy("MartiSafeString") String notes,
+			@RequestBody String token,
+			HttpServletRequest request) {
+		String groupVector = martiUtil.getGroupVectorBitString(request);
+
+		missionService.notifyExternalMissionDataChanged(missionName, externalMissionDataId, token, notes, creatorUid, groupVector);
+	}
+
+	@PreAuthorize("hasPermission(#request, 'MISSION_SET_PASSWORD')")
+	@RequestMapping(value = "/missions/{name:.+}/password", method = RequestMethod.PUT)
+	@ResponseStatus(HttpStatus.OK)
+	public void setPassword(
+			@PathVariable(value = "name") @ValidatedBy("MartiSafeString") String missionName,
+			@RequestParam(value = "password", defaultValue = "") @ValidatedBy("MartiSafeString") String password,
+			@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request) {
+
+		missionName = missionService.trimName(missionName);
+
+		String groupVector = martiUtil.getGroupVectorBitString(request);
+		Mission mission = missionService.getMission(missionName, groupVector);
+
+		String newPasswordHash = BCrypt.hashpw(password, BCrypt.gensalt());
+		missionRepository.setPasswordHash(missionName, newPasswordHash, groupVector);
+		missionService.invalidateMissionCache(missionName);
+
+		try {
+			subscriptionManager.broadcastMissionAnnouncement(missionName, mission.getGroupVector(), creatorUid,
+					SubscriptionManagerLite.ChangeType.METADATA, mission.getTool());
+		} catch (Exception e) {
+			logger.debug("exception announcing mission change " + e.getMessage(), e);
+		}
+	}
+
+	@PreAuthorize("hasPermission(#request, 'MISSION_SET_PASSWORD')")
+	@RequestMapping(value = "/missions/{name:.+}/password", method = RequestMethod.DELETE)
+	@ResponseStatus(HttpStatus.OK)
+	public void removePassword(
+			@PathVariable(value = "name") @ValidatedBy("MartiSafeString") String missionName,
+			@RequestParam(value = "creatorUid", defaultValue = "") @ValidatedBy("MartiSafeString") String creatorUid,
+			HttpServletRequest request) {
+
+		missionName = missionService.trimName(missionName);
+
+		String groupVector = martiUtil.getGroupVectorBitString(request);
+		Mission mission = missionService.getMission(missionName, groupVector);
+
+		missionRepository.setPasswordHash(missionName, null, groupVector);
+		missionService.invalidateMissionCache(missionName);
+
+		try {
+			subscriptionManager.broadcastMissionAnnouncement(missionName, mission.getGroupVector(), creatorUid,
+					SubscriptionManagerLite.ChangeType.METADATA, mission.getTool());
+		} catch (Exception e) {
+			logger.debug("exception announcing mission change " + e.getMessage(), e);
+		}
+	}
 
 	@RequestMapping(value = "/missions/{name}/expiration", method = RequestMethod.PUT)
 	@ResponseStatus(HttpStatus.OK)
@@ -3206,7 +3174,7 @@ public void addFeed(
 		Mission mission = missionService.getMission(missionName, groupVector);
 		List<String> filterCotTypes = null;
 		if (filterCotTypesSerialized != null) {
-	    	try {
+			try {
 				ObjectMapper mapper = new ObjectMapper();
 				filterCotTypes = Arrays.asList(mapper.readValue(filterCotTypesSerialized, String[].class));
 			} catch (Exception e) {
@@ -3217,20 +3185,20 @@ public void addFeed(
 		}else {
 			filterCotTypes = new ArrayList<>();
 		}
-		
+
 		String filterPolygon = null;
 		if (filterPolygonList != null) {
 			filterPolygon = boundingPolygonPointsToString(filterPolygonList);
 		}
-		
+
 		try {
 			missionService.addFeedToMission(mission.getName(), creatorUid, mission, dataFeedUid, filterPolygon, filterCotTypes, filterCallsign);
-    	} catch (Exception e) {
-    		logger.error("exception in addFeed!", e);
+		} catch (Exception e) {
+			logger.error("exception in addFeed!", e);
 			response.setStatus(HttpServletResponse.SC_BAD_GATEWAY);
 			throw new Exception("Server error when adding feed to mission");
 		}
-    }
+	}
 
 	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
 	@RequestMapping(value = "/missions/{missionName:.+}/feed/{uid:.+}", method = RequestMethod.DELETE)
@@ -3241,7 +3209,7 @@ public void removeFeed(
 			@RequestParam(value = "creatorUid") @ValidatedBy("MartiSafeString") String creatorUid,
 			HttpServletRequest request) throws Exception{
 
-    	missionName = missionService.trimName(missionName);
+		missionName = missionService.trimName(missionName);
 
 		String groupVector = martiUtil.getGroupVectorBitString(request);
 		Mission mission = missionService.getMission(missionName, groupVector);
@@ -3310,12 +3278,12 @@ ApiResponse<MapLayer> updateMapLayer(
 
 		return new ApiResponse<>(Constants.API_VERSION, "MapLayer", newMapLayer);
 	}
-	
+
 	private static String boundingPolygonPointsToString(List<String> points) {
 		if (points == null || points.size() == 0) {
 			return null;
 		}
-		
+
 		// poly needs 3 points minimum
 		if (points.size() < 3) {
 			logger.info("Polygon requires at least 3 points. Found size " + points.size());
@@ -3412,8 +3380,8 @@ public ApiResponse<MissionLayer> createMissionLayer(
 		String groupVector = martiUtil.getGroupVectorBitString(request);
 		Mission mission = missionService.getMission(missionName, groupVector);
 
-    	MissionLayer missionLayer = missionService.addMissionLayer(
-    			missionName, mission, uid, name, type, parentUid, afterUid, creatorUid, groupVector);
+		MissionLayer missionLayer = missionService.addMissionLayer(
+				missionName, mission, uid, name, type, parentUid, afterUid, creatorUid, groupVector);
 
 		return new ApiResponse<MissionLayer>(
 				Constants.API_VERSION, MissionLayer.class.getSimpleName(), missionLayer);
@@ -3434,7 +3402,7 @@ public void setLayerName(
 		Mission mission = missionService.getMission(missionName, groupVector);
 
 		missionService.setLayerName(missionName, mission, layerUid, name, creatorUid);
-    }
+	}
 
 	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
 	@RequestMapping(value = "/missions/{missionName:.+}/layers/{layerUid:.+}/position", method = RequestMethod.PUT)
@@ -3475,7 +3443,7 @@ public void setLayerParent(
 			// move each other layer in the last after its predecessor in the parameter list
 			useAfterUid = layerUid;
 		}
-    }
+	}
 
 	@PreAuthorize("hasPermission(#request, 'MISSION_WRITE')")
 	@RequestMapping(value = "/missions/{missionName:.+}/layers", method = RequestMethod.DELETE)
@@ -3493,61 +3461,57 @@ public void deleteMissionLayer(
 		for (String layerUid : layerUids) {
 			missionService.removeMissionLayer(missionName, mission, layerUid, creatorUid, groupVector);
 		}
-    }
-	
+	}
+
 	/*
-     * get all missions with pagination
-     */
-    @RequestMapping(value = "/pagedmissions", method = RequestMethod.GET)
-    Callable<ApiResponse<List<Mission>>> getAllMissions(
-    		@RequestParam(value = "passwordProtected", defaultValue = "true") boolean passwordProtected,
-    		@RequestParam(value = "defaultRole", defaultValue = "true") boolean defaultRole,
-    		@RequestParam(value = "page", defaultValue = "0") int page,
-	        @RequestParam(value = "pagesize", defaultValue = "10") int limit,
-    		@RequestParam(value = "tool", required = false) String tool,
-    		@RequestParam(value = "sort", defaultValue = "") String sort,
-    		@RequestParam(value = "nameFilter", defaultValue = "") String nameFilter,
-    		@RequestParam(value = "uidFilter", defaultValue = "") String uidFilter,
-    		@RequestParam(value = "ascending", defaultValue = "true") boolean ascending)
-    				throws RemoteException {
-
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("mission API getAllMissions");
-    	}
-
-    	NavigableSet<Group> groups = martiUtil.getGroupsFromRequest(request);
+	 * get all missions with pagination
+	 */
+	@RequestMapping(value = "/pagedmissions", method = RequestMethod.GET)
+	Callable<ApiResponse<List<Mission>>> getAllMissions(
+			@RequestParam(value = "passwordProtected", defaultValue = "true") boolean passwordProtected,
+			@RequestParam(value = "defaultRole", defaultValue = "true") boolean defaultRole,
+			@RequestParam(value = "page", defaultValue = "0") int page,
+			@RequestParam(value = "pagesize", defaultValue = "10") int limit,
+			@RequestParam(value = "tool", required = false) String tool,
+			@RequestParam(value = "sort", defaultValue = "") String sort,
+			@RequestParam(value = "nameFilter", defaultValue = "") String nameFilter,
+			@RequestParam(value = "uidFilter", defaultValue = "") String uidFilter,
+			@RequestParam(value = "ascending", defaultValue = "true") boolean ascending)
+			throws RemoteException {
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("mission API getAllMissions");
+		}
+
+		NavigableSet<Group> groups = martiUtil.getGroupsFromRequest(request);
 
 		List<Mission> missions;
 		int offset = page * limit;
-		
-    	missions = missionService.getMissionsFiltered(passwordProtected, defaultRole, tool, groups, limit, offset, sort, ascending, nameFilter, uidFilter);
-
-    	for (Mission mission: missions) {
-    		MissionUtils.findAndSetTransientValuesForMission(mission);
-    	}
-    	
-    	return () -> {
-    		return new ApiResponse<List<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), missions);
-    	};
-    }
-    
-    @RequestMapping(value = "/missioncount", method = RequestMethod.GET)
-    Callable<ApiResponse<Integer>> countAllMissions(
-    		@RequestParam(value = "passwordProtected", defaultValue = "true") boolean passwordProtected,
-    		@RequestParam(value = "defaultRole", defaultValue = "true") boolean defaultRole,
-    		@RequestParam(value = "tool", required = false) String tool)
-    				throws RemoteException {
-
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("mission API getAllMissions");
-    	}
-
-
-    	int missions = missionService.countAllMissions(passwordProtected, defaultRole, tool);
-
-    	
-    	return () -> {
-    		return new ApiResponse<Integer>(Constants.API_VERSION, Mission.class.getSimpleName(), missions);
-    	};
-    }
-}
\ No newline at end of file
+
+		missions = missionService.getMissionsFiltered(passwordProtected, defaultRole, tool, groups, limit, offset, sort, ascending, nameFilter, uidFilter);
+
+		return () -> {
+			return new ApiResponse<List<Mission>>(Constants.API_VERSION, Mission.class.getSimpleName(), missions);
+		};
+	}
+
+	@RequestMapping(value = "/missioncount", method = RequestMethod.GET)
+	Callable<ApiResponse<Integer>> countAllMissions(
+			@RequestParam(value = "passwordProtected", defaultValue = "true") boolean passwordProtected,
+			@RequestParam(value = "defaultRole", defaultValue = "true") boolean defaultRole,
+			@RequestParam(value = "tool", required = false) String tool)
+			throws RemoteException {
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("mission API getAllMissions");
+		}
+
+
+		int missions = missionService.countAllMissions(passwordProtected, defaultRole, tool);
+
+
+		return () -> {
+			return new ApiResponse<Integer>(Constants.API_VERSION, Mission.class.getSimpleName(), missions);
+		};
+	}
+}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/SubscriptionApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/SubscriptionApi.java
index 43c3e112..f22e8205 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/SubscriptionApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/api/SubscriptionApi.java
@@ -1,11 +1,18 @@
 package com.bbn.marti.sync.api;
 
 import java.rmi.RemoteException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.NavigableSet;
+import java.util.Set;
 import java.util.concurrent.ConcurrentSkipListSet;
 import java.util.stream.Collectors;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathFactory;
 
@@ -20,7 +27,6 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.*;
 
 import com.bbn.marti.config.Filter;
 import com.bbn.marti.cot.search.model.ApiResponse;
@@ -35,11 +41,16 @@
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.util.CommonUtil;
-import com.bbn.security.web.MartiValidator;
 import com.bbn.security.web.MartiValidatorConstants;
 import com.google.common.base.Strings;
 import com.google.common.collect.ComparisonChain;
 
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 import tak.server.CommonConstants;
 import tak.server.Constants;
 import tak.server.cache.ActiveGroupCacheHelper;
@@ -196,7 +207,7 @@ public ResponseEntity<ApiResponse<SubscriptionInfo>> addSubscription(@RequestBod
             String xpathString = tmpSub.xpath.replaceAll("\\s", "");
             //If user enters blank (or spaces) for xpath set it to null in sub object
             //null xpath means it is set to * in subscriptionManager.initializeStaticSubscription
-            if(xpathString.equals("")){
+            if (xpathString.equals("")){
                 remoteSubscription.xpath = null;
             }
             else {
@@ -209,7 +220,7 @@ public ResponseEntity<ApiResponse<SubscriptionInfo>> addSubscription(@RequestBod
             }
 
             List<String> filterGroupsList;
-            if(!tmpSub.filterGroups.replaceAll("\\s", "").equals("")){
+            if (!tmpSub.filterGroups.replaceAll("\\s", "").equals("")){
                 //Remove leading and trailing whitespace from all elements in filterGroups list
                 filterGroupsList = Arrays.asList(tmpSub.filterGroups.split(","));
                 filterGroupsList.replaceAll(String::trim);
@@ -244,7 +255,7 @@ public ResponseEntity<ApiResponse<String>> deleteSubscription(@PathVariable(valu
             logger.info("Attempting to delete " + uid);
             boolean deleted = subscriptionManager.deleteSubscriptionFromUI(uid);
           
-            if(deleted){
+            if (deleted){
                 return new ResponseEntity<ApiResponse<String>>(
                         new ApiResponse<String>(Constants.API_VERSION, String.class.getSimpleName(), "Successfully deleted subscription with uid: " + uid), new HttpHeaders(), HttpStatus.OK);
             }
@@ -258,7 +269,7 @@ public ResponseEntity<ApiResponse<String>> deleteSubscription(@PathVariable(valu
                     new ApiResponse<String>(Constants.API_VERSION, String.class.getSimpleName(), "Error deleting subscription with uid: " + uid), new HttpHeaders(), HttpStatus.INTERNAL_SERVER_ERROR);
         }
     }
-
+    
     @RequestMapping(value = "/subscriptions/incognito/{uid}", method = RequestMethod.POST)
     public ResponseEntity toggleIncognito(@PathVariable(value = "uid") String uid){
         try{
@@ -937,7 +948,7 @@ private void doSetActiveGroups(String username, List<Group> activeGroups, String
         activeGroupCacheHelper.setActiveGroupsForUser(username, activeGroups);
 
         // reauthenticate currently connected streaming clients for this username
-        groupManager.authenticateCoreUsers("X509", username);
+        groupManager.authenticateCoreUsers(username);
 
         subscriptionManager.sendLatestReachableSA(username);
 
@@ -999,7 +1010,7 @@ public ResponseEntity setActiveGroups(
     public ResponseEntity groupsUpdated(@PathVariable(value = "username") String username) {
         try {
             // reauthenticate currently connected streaming clients for this username
-            groupManager.authenticateCoreUsers("X509", username);
+            groupManager.authenticateCoreUsers(username);
 
             // notify the clients of the group update so they can update their group selection UI
             subscriptionManager.sendGroupsUpdatedMessage(username, null);
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/DataFeedFederationAspect.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/DataFeedFederationAspect.java
index 185c28a0..64ca7d1a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/DataFeedFederationAspect.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/DataFeedFederationAspect.java
@@ -3,6 +3,7 @@
 import java.rmi.RemoteException;
 import java.util.ArrayList;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.AfterReturning;
 import org.aspectj.lang.annotation.Aspect;
@@ -24,286 +25,284 @@
 @Aspect
 @Configurable
 public class DataFeedFederationAspect {
-	
-    private static final Logger logger = LoggerFactory.getLogger(DataFeedFederationAspect.class);
-    
-    private MissionFederationManager mfm;
-    
-    private MissionActionROLConverter malrc;
-    
-    private FederationManager federationManager;
-    
-    @Autowired
-    private CoreConfig coreConfig;
-    
-    @Autowired
-    private DataFeedService dataFeedService;
-    
-    @Autowired
-    private CommonUtil commonUtil;
-    
-    public DataFeedFederationAspect(FederationManager federationManager, MissionActionROLConverter malrc, MissionFederationManager mfm) {
-    	this.malrc = malrc;
-    	this.mfm = mfm;
-    	this.federationManager = federationManager;
-    }
-    
-    @AfterReturning(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.addDataFeed(..))", returning="returnValue")
-    public void addDataFeed(JoinPoint jp, Object returnValue) throws RemoteException {
-    	if (!isDataFeedFederationEnabled()) return;
-    	
-    	Long res = (Long) returnValue;
-    	if (res == null) return;
-    	
-    	try {
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic data feed aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		DataFeedDTO dataFeed = dataFeedService.getDataFeedById(res);
-    		
-    		DataFeedMetadata meta = new DataFeedMetadata();
-    		meta.setDataFeedUid(dataFeed.getUUID());
-    		meta.setArchive(dataFeed.getArchive());
-    		meta.setArchiveOnly(dataFeed.getArchiveOnly());
-    		meta.setSync(dataFeed.isSync());
-    		meta.setFeedName(dataFeed.getName());
-    		meta.setAuthType(dataFeed.getAuth().toString());
-    		meta.setSyncCacheRetentionSeconds(dataFeed.getSyncCacheRetentionSeconds());
-    		   
-    		// use mfm if available (api), otherwise use fed manager (messaging)
-    		if (mfm != null) {
-    			mfm.createDataFeed(meta, commonUtil.getAllInOutGroups());
-    		} else {
-    			federationManager.submitFederateROL(malrc.createDataFeedToROL(meta), commonUtil.getAllInOutGroups());
-    		}    		
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing addDataFeed advice: ", e);
-    		}
-    	}
-    }
-    
-    @AfterReturning(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.updateDataFeed(..))", returning="returnValue")
-    public void updateDataFeed(JoinPoint jp, Object returnValue) throws RemoteException {
-    	doUpdateDataFeed(jp, returnValue);
-    }
-    
-    @AfterReturning(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.updateDataFeedWithGroupVector(..))", returning="returnValue")
-    public void updateDataFeedWithGroupVector(JoinPoint jp, Object returnValue) throws RemoteException {
-    	doUpdateDataFeed(jp, returnValue);
-    }
-    
-    private void doUpdateDataFeed(JoinPoint jp, Object returnValue) {
-    	if (!isDataFeedFederationEnabled()) return;
-    	
-    	Long res = (Long) returnValue;
-    	if (res == null) return;
-    	
-    	try {
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic data feed aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		DataFeedDTO dataFeed = dataFeedService.getDataFeedById(res);
-    		
-    		DataFeedMetadata meta = new DataFeedMetadata();
-    		meta.setDataFeedUid(dataFeed.getUUID());
-    		meta.setArchive(dataFeed.getArchive());
-    		meta.setArchiveOnly(dataFeed.getArchiveOnly());
-    		meta.setSync(dataFeed.isSync());
-    		meta.setFeedName(dataFeed.getName());
-    		meta.setAuthType(dataFeed.getAuth().toString());
-    		meta.setTags(dataFeedService.getDataFeedTagsById(dataFeed.getId()));
-    		meta.setSyncCacheRetentionSeconds(dataFeed.getSyncCacheRetentionSeconds());
-    		
-    		// use mfm if available (api), otherwise use fed manager (messaging)
-    		if (mfm != null) {
-    			mfm.updateDataFeed(meta, commonUtil.getAllInOutGroups());
-    		} else {
-    			federationManager.submitFederateROL(malrc.updateDataFeedToROL(meta), commonUtil.getAllInOutGroups());
-    		} 
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing delete mission advice: ", e);
-    		}
-    	}
-    }
-    
-    @AfterReturning(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.addDataFeedTags(..))", returning="returnValue")
-    public void addDataFeedTags(JoinPoint jp, Object returnValue) throws RemoteException {
-    	if (!isDataFeedFederationEnabled()) return;
-    	
-    	try {
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic data feed aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		Long id = (Long) jp.getArgs()[0];
-        	DataFeedDTO dataFeed = dataFeedService.getDataFeedById(id);
-        	
-        	DataFeedMetadata meta = new DataFeedMetadata();
-        	meta.setDataFeedUid(dataFeed.getUUID());
-    		meta.setArchive(dataFeed.getArchive());
-    		meta.setArchiveOnly(dataFeed.getArchiveOnly());
-    		meta.setSync(dataFeed.isSync());
-    		meta.setFeedName(dataFeed.getName());
-    		meta.setAuthType(dataFeed.getAuth().toString());
-    		meta.setSyncCacheRetentionSeconds(dataFeed.getSyncCacheRetentionSeconds());
-        	meta.setTags(dataFeedService.getDataFeedTagsById(dataFeed.getId()));
-        	
-    		// use mfm if available (api), otherwise use fed manager (messaging)
-    		if (mfm != null) {
-    			mfm.updateDataFeed(meta, commonUtil.getAllInOutGroups());
-    		} else {
-    			federationManager.submitFederateROL(malrc.updateDataFeedToROL(meta), commonUtil.getAllInOutGroups());
-    		} 
+
+	private static final Logger logger = LoggerFactory.getLogger(DataFeedFederationAspect.class);
+
+	private MissionFederationManager mfm;
+
+	private MissionActionROLConverter malrc;
+
+	private FederationManager federationManager;
+
+	@Autowired
+	private DataFeedService dataFeedService;
+
+	@Autowired
+	private CommonUtil commonUtil;
+
+	public DataFeedFederationAspect(FederationManager federationManager, MissionActionROLConverter malrc, MissionFederationManager mfm) {
+		this.malrc = malrc;
+		this.mfm = mfm;
+		this.federationManager = federationManager;
+	}
+
+	@AfterReturning(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.addDataFeed(..))", returning="returnValue")
+	public void addDataFeed(JoinPoint jp, Object returnValue) throws RemoteException {
+		if (!isDataFeedFederationEnabled()) return;
+
+		Long res = (Long) returnValue;
+		if (res == null) return;
+
+		try {
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic data feed aspect execution");
+				}
+				return;
+			}
+
+			DataFeedDTO dataFeed = dataFeedService.getDataFeedById(res);
+
+			DataFeedMetadata meta = new DataFeedMetadata();
+			meta.setDataFeedUid(dataFeed.getUUID());
+			meta.setArchive(dataFeed.getArchive());
+			meta.setArchiveOnly(dataFeed.getArchiveOnly());
+			meta.setSync(dataFeed.isSync());
+			meta.setFeedName(dataFeed.getName());
+			meta.setAuthType(dataFeed.getAuth().toString());
+			meta.setSyncCacheRetentionSeconds(dataFeed.getSyncCacheRetentionSeconds());
+
+			// use mfm if available (api), otherwise use fed manager (messaging)
+			if (mfm != null) {
+				mfm.createDataFeed(meta, commonUtil.getAllInOutGroups());
+			} else {
+				federationManager.submitFederateROL(malrc.createDataFeedToROL(meta), commonUtil.getAllInOutGroups());
+			}
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing addDataFeed advice: ", e);
+			}
+		}
+	}
+
+	@AfterReturning(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.updateDataFeed(..))", returning="returnValue")
+	public void updateDataFeed(JoinPoint jp, Object returnValue) throws RemoteException {
+		doUpdateDataFeed(jp, returnValue);
+	}
+
+	@AfterReturning(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.updateDataFeedWithGroupVector(..))", returning="returnValue")
+	public void updateDataFeedWithGroupVector(JoinPoint jp, Object returnValue) throws RemoteException {
+		doUpdateDataFeed(jp, returnValue);
+	}
+
+	private void doUpdateDataFeed(JoinPoint jp, Object returnValue) {
+		if (!isDataFeedFederationEnabled()) return;
+
+		Long res = (Long) returnValue;
+		if (res == null) return;
+
+		try {
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic data feed aspect execution");
+				}
+				return;
+			}
+
+			DataFeedDTO dataFeed = dataFeedService.getDataFeedById(res);
+
+			DataFeedMetadata meta = new DataFeedMetadata();
+			meta.setDataFeedUid(dataFeed.getUUID());
+			meta.setArchive(dataFeed.getArchive());
+			meta.setArchiveOnly(dataFeed.getArchiveOnly());
+			meta.setSync(dataFeed.isSync());
+			meta.setFeedName(dataFeed.getName());
+			meta.setAuthType(dataFeed.getAuth().toString());
+			meta.setTags(dataFeedService.getDataFeedTagsById(dataFeed.getId()));
+			meta.setSyncCacheRetentionSeconds(dataFeed.getSyncCacheRetentionSeconds());
+
+			// use mfm if available (api), otherwise use fed manager (messaging)
+			if (mfm != null) {
+				mfm.updateDataFeed(meta, commonUtil.getAllInOutGroups());
+			} else {
+				federationManager.submitFederateROL(malrc.updateDataFeedToROL(meta), commonUtil.getAllInOutGroups());
+			}
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing delete mission advice: ", e);
+			}
+		}
+	}
+
+	@AfterReturning(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.addDataFeedTags(..))", returning="returnValue")
+	public void addDataFeedTags(JoinPoint jp, Object returnValue) throws RemoteException {
+		if (!isDataFeedFederationEnabled()) return;
+
+		try {
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic data feed aspect execution");
+				}
+				return;
+			}
+
+			Long id = (Long) jp.getArgs()[0];
+			DataFeedDTO dataFeed = dataFeedService.getDataFeedById(id);
+
+			DataFeedMetadata meta = new DataFeedMetadata();
+			meta.setDataFeedUid(dataFeed.getUUID());
+			meta.setArchive(dataFeed.getArchive());
+			meta.setArchiveOnly(dataFeed.getArchiveOnly());
+			meta.setSync(dataFeed.isSync());
+			meta.setFeedName(dataFeed.getName());
+			meta.setAuthType(dataFeed.getAuth().toString());
+			meta.setSyncCacheRetentionSeconds(dataFeed.getSyncCacheRetentionSeconds());
+			meta.setTags(dataFeedService.getDataFeedTagsById(dataFeed.getId()));
+
+			// use mfm if available (api), otherwise use fed manager (messaging)
+			if (mfm != null) {
+				mfm.updateDataFeed(meta, commonUtil.getAllInOutGroups());
+			} else {
+				federationManager.submitFederateROL(malrc.updateDataFeedToROL(meta), commonUtil.getAllInOutGroups());
+			}
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing delete all data feed tags advice: ", e);
+			}
+		}
+	}
+
+	@Before(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.deleteDataFeed(..))")
+	public void deleteDataFeed(JoinPoint jp) throws RemoteException {
+		if (!isDataFeedFederationEnabled()) return;
+
+		try {
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic data feed aspect execution");
+				}
+				return;
+			}
+			String name = (String) jp.getArgs()[0];
+			DataFeedDTO dataFeed = dataFeedService.getDataFeedByName(name);
+			doDeleteDataFeed(jp, dataFeed);
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing delete all data feed tags advice: ", e);
-    		}
+				logger.debug("exception executing delete data feed advice: ", e);
+			}
 		}
-    }
-
-    @Before(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.deleteDataFeed(..))")
-    public void deleteDataFeed(JoinPoint jp) throws RemoteException {  
-    	if (!isDataFeedFederationEnabled()) return;
-
-    	try {
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic data feed aspect execution");
-    			}
-    			return;
-    		}
-    		String name = (String) jp.getArgs()[0];
-        	DataFeedDTO dataFeed = dataFeedService.getDataFeedByName(name);
-        	doDeleteDataFeed(jp, dataFeed);
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing delete data feed advice: ", e);
-    		}
+	}
+
+	@Before(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.deleteDataFeedById(..))")
+	public void deleteDataFeedById(JoinPoint jp) throws RemoteException {
+		if (!isDataFeedFederationEnabled()) return;
+
+		try {
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic data feed aspect execution");
+				}
+				return;
+			}
+
+			Long id = (Long) jp.getArgs()[0];
+			DataFeedDTO dataFeed = dataFeedService.getDataFeedById(id);
+			doDeleteDataFeed(jp, dataFeed);
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing delete data feed advice: ", e);
+			}
 		}
-    }
-    
-    @Before(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.deleteDataFeedById(..))")
-    public void deleteDataFeedById(JoinPoint jp) throws RemoteException {
-    	if (!isDataFeedFederationEnabled()) return;
-    	
-    	try {
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic data feed aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		Long id = (Long) jp.getArgs()[0];
-        	DataFeedDTO dataFeed = dataFeedService.getDataFeedById(id);
-        	doDeleteDataFeed(jp, dataFeed);
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing delete data feed advice: ", e);
-    		}
+	}
+
+	private void doDeleteDataFeed(JoinPoint jp, DataFeedDTO dataFeed) {
+		try {
+			if (dataFeed.getType() == DataFeedType.Federation.ordinal()) return;
+
+			DataFeedMetadata meta = new DataFeedMetadata();
+			meta.setFeedName(dataFeed.getName());
+			meta.setDataFeedUid(dataFeed.getUUID());
+
+			// use mfm if available (api), otherwise use fed manager (messaging)
+			if (mfm != null) {
+				mfm.deleteDataFeed(meta, commonUtil.getAllInOutGroups());
+			} else {
+				federationManager.submitFederateROL(malrc.deleteDataFeedToROL(meta), commonUtil.getAllInOutGroups());
+			}
+
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing delete mission advice: ", e);
+			}
 		}
-    }
-       
-    private void doDeleteDataFeed(JoinPoint jp, DataFeedDTO dataFeed) {    	
-    	try {
-    		if (dataFeed.getType() == DataFeedType.Federation.ordinal()) return;
-    		
-    		DataFeedMetadata meta = new DataFeedMetadata();
-    		meta.setFeedName(dataFeed.getName());
-    		meta.setDataFeedUid(dataFeed.getUUID());
-  
-       		// use mfm if available (api), otherwise use fed manager (messaging)
-    		if (mfm != null) {
-    			mfm.deleteDataFeed(meta, commonUtil.getAllInOutGroups());
-    		} else {
-    			federationManager.submitFederateROL(malrc.deleteDataFeedToROL(meta), commonUtil.getAllInOutGroups());
-    		} 
-    		
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing delete mission advice: ", e);
-    		}
-    	}
-    }
-    
-    @Before(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.removeAllDataFeedTagsById(..))")
-    public void removeAllDataFeedTagsById(JoinPoint jp) throws RemoteException {
-    	if (!isDataFeedFederationEnabled()) return;
-    	
-    	try {
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic data feed aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		Long id = (Long) jp.getArgs()[0];
-        	DataFeedDTO dataFeed = dataFeedService.getDataFeedById(id);
-        	
-        	if (dataFeed.getType() == DataFeedType.Federation.ordinal()) return;
-        	
-        	DataFeedMetadata meta = new DataFeedMetadata();
-        	meta.setDataFeedUid(dataFeed.getUUID());
-    		meta.setArchive(dataFeed.getArchive());
-    		meta.setArchiveOnly(dataFeed.getArchiveOnly());
-    		meta.setSync(dataFeed.isSync());
-    		meta.setFeedName(dataFeed.getName());
-    		meta.setAuthType(dataFeed.getAuth().toString());
-    		meta.setSyncCacheRetentionSeconds(dataFeed.getSyncCacheRetentionSeconds());
-        	meta.setTags(new ArrayList<>());
-
-    		// use mfm if available (api), otherwise use fed manager (messaging)
-    		if (mfm != null) {
-    			mfm.updateDataFeed(meta, commonUtil.getAllInOutGroups());
-    		} else {
-    			federationManager.submitFederateROL(malrc.updateDataFeedToROL(meta), commonUtil.getAllInOutGroups());
-    		} 
+	}
+
+	@Before(value = "execution(* com.bbn.marti.sync.repository.DataFeedRepository.removeAllDataFeedTagsById(..))")
+	public void removeAllDataFeedTagsById(JoinPoint jp) throws RemoteException {
+		if (!isDataFeedFederationEnabled()) return;
+
+		try {
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic data feed aspect execution");
+				}
+				return;
+			}
+
+			Long id = (Long) jp.getArgs()[0];
+			DataFeedDTO dataFeed = dataFeedService.getDataFeedById(id);
+
+			if (dataFeed.getType() == DataFeedType.Federation.ordinal()) return;
+
+			DataFeedMetadata meta = new DataFeedMetadata();
+			meta.setDataFeedUid(dataFeed.getUUID());
+			meta.setArchive(dataFeed.getArchive());
+			meta.setArchiveOnly(dataFeed.getArchiveOnly());
+			meta.setSync(dataFeed.isSync());
+			meta.setFeedName(dataFeed.getName());
+			meta.setAuthType(dataFeed.getAuth().toString());
+			meta.setSyncCacheRetentionSeconds(dataFeed.getSyncCacheRetentionSeconds());
+			meta.setTags(new ArrayList<>());
+
+			// use mfm if available (api), otherwise use fed manager (messaging)
+			if (mfm != null) {
+				mfm.updateDataFeed(meta, commonUtil.getAllInOutGroups());
+			} else {
+				federationManager.submitFederateROL(malrc.updateDataFeedToROL(meta), commonUtil.getAllInOutGroups());
+			}
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing delete all data feed tags advice: ", e);
-    		}
+				logger.debug("exception executing delete all data feed tags advice: ", e);
+			}
 		}
-    }
-    
-    // a federate data feed is a data feed that was received over a federate link
-    // we do not want to federate back changes made to a federate feed. this will cause: 
-    // 1. a loop and 2. connected federates the ability alter the source data feed
-    public boolean federatedDataFeed(DataFeedDTO dataFeed) {
-    	return dataFeed.getType() == DataFeedType.Federation.ordinal();
-    }
-    
+	}
+
+	// a federate data feed is a data feed that was received over a federate link
+	// we do not want to federate back changes made to a federate feed. this will cause:
+	// 1. a loop and 2. connected federates the ability alter the source data feed
+	public boolean federatedDataFeed(DataFeedDTO dataFeed) {
+		return dataFeed.getType() == DataFeedType.Federation.ordinal();
+	}
+
 	private boolean isDataFeedFederationEnabled() {
-		return coreConfig.getRemoteConfiguration().getFederation().isEnableFederation() && coreConfig.getRemoteConfiguration().getFederation().isAllowDataFeedFederation();
+		return CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isEnableFederation() &&
+				CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation();
 	}
-    
-    private boolean isCyclic() {
-    	StackTraceElement[] stack = new Exception().getStackTrace();
-    	
-    	for (StackTraceElement el : stack) {
-    		
-    		if (logger.isTraceEnabled()) {
-    			logger.trace("stack element: " + el.getClassName());
-    		}
-    		
+
+	private boolean isCyclic() {
+		StackTraceElement[] stack = new Exception().getStackTrace();
+
+		for (StackTraceElement el : stack) {
+
+			if (logger.isTraceEnabled()) {
+				logger.trace("stack element: " + el.getClassName());
+			}
+
 			if (el.getClassName().equals(FederationROLHandler.class.getName())) {
 				return true;
 			}
-		} 
+		}
 
-    	return false;
-    }
+		return false;
+	}
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/EnterpriseSyncFederationAspect.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/EnterpriseSyncFederationAspect.java
index 4ec6df96..3b8c978a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/EnterpriseSyncFederationAspect.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/EnterpriseSyncFederationAspect.java
@@ -3,6 +3,7 @@
 import java.io.InputStream;
 import java.rmi.RemoteException;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
@@ -22,175 +23,172 @@
 @Aspect
 @Configurable
 public class EnterpriseSyncFederationAspect {
-    
-    private static final Logger logger = LoggerFactory.getLogger(EnterpriseSyncFederationAspect.class);
-    
-    @Autowired
-    private MissionFederationManager mfm;
-    
-    @Autowired
-    private GroupManager gm;
-    
-    @Autowired
-    private CoreConfig coreConfig;
-    
-    @Autowired
-    private ExecutorSource executorSource;
-
-    public EnterpriseSyncFederationAspect() {
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("EnterpriseSyncFederationAspect constructor");
-    	}
-    }
-    
-    @Around("execution(* com.bbn.marti.sync.EnterpriseSyncService.insertResource(..)))") 
-    public Object insertResource(ProceedingJoinPoint jp) throws Throwable {
-        
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("EnterpriseSyncService.insertResource() : " + jp.getSignature().getName() + ": Before Method Execution");
-    	}
-        try {
-            Object result = jp.proceed();
-            
-            if (logger.isDebugEnabled()) {
-            	logger.debug("result: " + result);
-            	logger.debug("EnterpriseSyncService.insertResource() : " + jp.getSignature().getName() + ": After Method Execution");
-            }
-            
-            if (!coreConfig.getRemoteConfiguration().getFederation().isEnableFederation()) {
-    			return result;
-    		}
-    
-        	if (!coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
-        		if (logger.isDebugEnabled()) {
-        			logger.debug("mission federation disabled in config");
-        		}
-        		return result;
-        	}
-        	
-        	try {
-        		
-        		if (isCyclic()) {
-        			if (logger.isDebugEnabled()) {
-        				logger.debug("skipping cyclic esync aspect execution");
-        			}
-        			return result;
-        		}
-        		
-        		if (logger.isDebugEnabled()) {
-        			logger.debug("esync advice " + jp.getSignature().getName() + " " + jp.getKind());
-        		}
-        		
-        		try {
-    				// federate only file metadata (no content)
-    				mfm.insertResource((Metadata) result, (byte[]) jp.getArgs()[1], gm.groupVectorToGroupSet((String) jp.getArgs()[2]));
-    			} catch (Exception e) {
-    				logger.error("exception federating file", e);
-    			}
-        	} catch (Exception e) {
-        		logger.debug("exception executing create mission advice: " + e);
-        	}
-
-            
-            return result;
-        } finally { }
-    }
-    
-    @Around("execution(* com.bbn.marti.sync.EnterpriseSyncService.insertResourceStream(..)))") 
-    public Object insertResourceStream(ProceedingJoinPoint jp) throws Throwable {
-    	return federateStreamResource(jp);
-    }
-    
-    @Around("execution(* com.bbn.marti.sync.EnterpriseSyncService.insertResourceStreamUID(..)))") 
-    public Object insertResourceStreamUID(ProceedingJoinPoint jp) throws Throwable {
-    	return federateStreamResource(jp);
-    }
-    
-    private Object federateStreamResource(ProceedingJoinPoint jp) throws Throwable {
-    	if (logger.isDebugEnabled()) {
-    		logger.debug("EnterpriseSyncService.insertResource() : " + jp.getSignature().getName() + ": Before Method Execution");
-    	}
-        try {
-            Object result = jp.proceed();
-            
-            if (logger.isDebugEnabled()) {
-            	logger.debug("result: " + result);
-            	logger.debug("EnterpriseSyncService.insertResource() : " + jp.getSignature().getName() + ": After Method Execution");
-            }
-            
-            if (!coreConfig.getRemoteConfiguration().getFederation().isEnableFederation()) {
-    			return result;
-    		}
-    
-        	if (!coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
-        		if (logger.isDebugEnabled()) {
-        			logger.debug("mission federation disabled in config");
-        		}
-        		return result;
-        	}
-        	
-        	try {
-        		
-        		if (isCyclic()) {
-        			if (logger.isDebugEnabled()) {
-        				logger.debug("skipping cyclic esync aspect execution");
-        			}
-        			return result;
-        		}
-        		
-        		if (logger.isDebugEnabled()) {
-        			logger.debug("esync advice " + jp.getSignature().getName() + " " + jp.getKind());
-        		}
-        		
-        		try {
-    				// federate only file metadata (no content)
-    				mfm.insertResource((Metadata) result, (InputStream) jp.getArgs()[1], gm.groupVectorToGroupSet((String) jp.getArgs()[2]));
-    			} catch (Exception e) {
-    				logger.error("exception federating file", e);
-    			}
-        		
-
-        	} catch (Exception e) {
-        		logger.debug("exception executing create mission advice: " + e);
-        	}
-            
-            return result;
-        } finally { }
-    }
-    
-    @Before("execution(* com.bbn.marti.sync.EnterpriseSyncService.delete(..))")
-    public void deleteResource(JoinPoint jp) throws RemoteException {
-
-		if (!coreConfig.getRemoteConfiguration().getFederation().isEnableFederation()) {
+
+	private static final Logger logger = LoggerFactory.getLogger(EnterpriseSyncFederationAspect.class);
+
+	@Autowired
+	private MissionFederationManager mfm;
+
+	@Autowired
+	private GroupManager gm;
+
+	@Autowired
+	private ExecutorSource executorSource;
+
+	public EnterpriseSyncFederationAspect() {
+		if (logger.isDebugEnabled()) {
+			logger.debug("EnterpriseSyncFederationAspect constructor");
+		}
+	}
+
+	@Around("execution(* com.bbn.marti.sync.EnterpriseSyncService.insertResource(..)))")
+	public Object insertResource(ProceedingJoinPoint jp) throws Throwable {
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("EnterpriseSyncService.insertResource() : " + jp.getSignature().getName() + ": Before Method Execution");
+		}
+		try {
+			Object result = jp.proceed();
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("result: " + result);
+				logger.debug("EnterpriseSyncService.insertResource() : " + jp.getSignature().getName() + ": After Method Execution");
+			}
+
+			if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isEnableFederation()) {
+				return result;
+			}
+
+			if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("mission federation disabled in config");
+				}
+				return result;
+			}
+
+			try {
+
+				if (isCyclic()) {
+					if (logger.isDebugEnabled()) {
+						logger.debug("skipping cyclic esync aspect execution");
+					}
+					return result;
+				}
+
+				if (logger.isDebugEnabled()) {
+					logger.debug("esync advice " + jp.getSignature().getName() + " " + jp.getKind());
+				}
+
+				try {
+					// federate only file metadata (no content)
+					mfm.insertResource((Metadata) result, (byte[]) jp.getArgs()[1], gm.groupVectorToGroupSet((String) jp.getArgs()[2]));
+				} catch (Exception e) {
+					logger.error("exception federating file", e);
+				}
+			} catch (Exception e) {
+				logger.debug("exception executing create mission advice: " + e);
+			}
+
+
+			return result;
+		} finally { }
+	}
+
+	@Around("execution(* com.bbn.marti.sync.EnterpriseSyncService.insertResourceStream(..)))")
+	public Object insertResourceStream(ProceedingJoinPoint jp) throws Throwable {
+		return federateStreamResource(jp);
+	}
+
+	@Around("execution(* com.bbn.marti.sync.EnterpriseSyncService.insertResourceStreamUID(..)))")
+	public Object insertResourceStreamUID(ProceedingJoinPoint jp) throws Throwable {
+		return federateStreamResource(jp);
+	}
+
+	private Object federateStreamResource(ProceedingJoinPoint jp) throws Throwable {
+		if (logger.isDebugEnabled()) {
+			logger.debug("EnterpriseSyncService.insertResource() : " + jp.getSignature().getName() + ": Before Method Execution");
+		}
+		try {
+			Object result = jp.proceed();
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("result: " + result);
+				logger.debug("EnterpriseSyncService.insertResource() : " + jp.getSignature().getName() + ": After Method Execution");
+			}
+
+			if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isEnableFederation()) {
+				return result;
+			}
+
+			if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("mission federation disabled in config");
+				}
+				return result;
+			}
+
+			try {
+
+				if (isCyclic()) {
+					if (logger.isDebugEnabled()) {
+						logger.debug("skipping cyclic esync aspect execution");
+					}
+					return result;
+				}
+
+				if (logger.isDebugEnabled()) {
+					logger.debug("esync advice " + jp.getSignature().getName() + " " + jp.getKind());
+				}
+
+				try {
+					// federate only file metadata (no content)
+					mfm.insertResource((Metadata) result, (InputStream) jp.getArgs()[1], gm.groupVectorToGroupSet((String) jp.getArgs()[2]));
+				} catch (Exception e) {
+					logger.error("exception federating file", e);
+				}
+
+
+			} catch (Exception e) {
+				logger.debug("exception executing create mission advice: " + e);
+			}
+
+			return result;
+		} finally { }
+	}
+
+	@Before("execution(* com.bbn.marti.sync.EnterpriseSyncService.delete(..))")
+	public void deleteResource(JoinPoint jp) throws RemoteException {
+
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isEnableFederation()) {
+			return;
+		}
+
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("mission federation disabled in config");
+			}
+			return;
+		}
+
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowFederatedDelete()) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("mission federation deletion disabled in config");
+			}
 			return;
 		}
 
-    	if (!coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("mission federation disabled in config");
-    		}
-    		return;
-    	}
-    	
-    	if (!coreConfig.getRemoteConfiguration().getFederation().isAllowFederatedDelete()) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("mission federation deletion disabled in config");
-    		}
-    		return;
-    	}
-    	
-    	// TODO Implement federated enterprise sync deletion 
-    }
+		// TODO Implement federated enterprise sync deletion
+	}
 
 
 	@Before("execution(* com.bbn.marti.sync.EnterpriseSyncService.updateMetadata(..))")
 	public void updateMetadata(JoinPoint jp) throws RemoteException {
 
-		if (!coreConfig.getRemoteConfiguration().getFederation().isEnableFederation()) {
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isEnableFederation()) {
 			return;
 		}
 
-		if (!coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("mission federation disabled in config");
 			}
@@ -218,20 +216,20 @@ public void updateMetadata(JoinPoint jp) throws RemoteException {
 		}
 	}
 
-    private boolean isCyclic() {
-    	StackTraceElement[] stack = new Exception().getStackTrace();
-    		
-    	for (StackTraceElement el : stack) {
-    		
-    		if (logger.isTraceEnabled()) {
-    			logger.trace("stack element: " + el.getClassName());
-    		}
-    		
+	private boolean isCyclic() {
+		StackTraceElement[] stack = new Exception().getStackTrace();
+
+		for (StackTraceElement el : stack) {
+
+			if (logger.isTraceEnabled()) {
+				logger.trace("stack element: " + el.getClassName());
+			}
+
 			if (el.getClassName().equals(FederationROLHandler.class.getName())) {
 				return true;
 			}
-		} 
+		}
 
-    	return false;
-    }
+		return false;
+	}
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/FederationROLHandler.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/FederationROLHandler.java
index 8a3fe373..0bc954dc 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/FederationROLHandler.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/FederationROLHandler.java
@@ -14,6 +14,7 @@
 
 import javax.naming.NamingException;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.antlr.v4.runtime.ANTLRInputStream;
 import org.antlr.v4.runtime.BailErrorStrategy;
 import org.antlr.v4.runtime.CommonTokenStream;
@@ -54,6 +55,7 @@
 import mil.af.rl.rol.RolParser;
 import mil.af.rl.rol.value.DataFeedMetadata;
 import mil.af.rl.rol.value.MissionMetadata;
+import tak.server.federation.rol.MissionEnterpriseSyncRolVisitor;
 import tak.server.feeds.DataFeedDTO;
 import tak.server.feeds.DataFeed.DataFeedType;
 
@@ -67,18 +69,15 @@ public class FederationROLHandler {
 
 	protected RemoteUtil remoteUtil;
 
-	protected CoreConfig coreConfig;
-	
 	protected DataFeedRepository dataFeedRepository;
-	
+
 	@Autowired
-    private InputManager inputManager;
+	private InputManager inputManager;
 
-	public FederationROLHandler(MissionService missionService, EnterpriseSyncService syncService, RemoteUtil remoteUtil, CoreConfig coreConfig, DataFeedRepository dataFeedRepository) throws RemoteException {
+	public FederationROLHandler(MissionService missionService, EnterpriseSyncService syncService, RemoteUtil remoteUtil, DataFeedRepository dataFeedRepository) throws RemoteException {
 		this.missionService = missionService;
 		this.syncService = syncService;
 		this.remoteUtil = remoteUtil;
-		this.coreConfig = coreConfig;
 		this.dataFeedRepository = dataFeedRepository;
 	}
 
@@ -138,16 +137,16 @@ class FederationProcessorFactory {
 
 		FederationProcessor<ROL> newProcessor(String resource, String operation, Object parameters, NavigableSet<Group> groups) {
 			switch (Resource.valueOf(resource.toUpperCase())) {
-			case PACKAGE:
-				throw new UnsupportedOperationException("federated mission package processing occurs in core - this ROL should not have been sent");
-			case MISSION:
-				return new FederationMissionProcessor(resource, operation, parameters, groups);
-			case DATA_FEED:
-				return new FederationDataFeedProcessor(resource, operation, parameters, groups);
-			case RESOURCE:
-				return new FederationSyncResourceProcessor(resource, operation, (com.bbn.marti.sync.model.Resource) parameters, groups);
-			default:
-				throw new IllegalArgumentException("invalid federation processor kind " + resource);
+				case PACKAGE:
+					throw new UnsupportedOperationException("federated mission package processing occurs in core - this ROL should not have been sent");
+				case MISSION:
+					return new FederationMissionProcessor(resource, operation, parameters, groups);
+				case DATA_FEED:
+					return new FederationDataFeedProcessor(resource, operation, parameters, groups);
+				case RESOURCE:
+					return new FederationSyncResourceProcessor(resource, operation, (com.bbn.marti.sync.model.Resource) parameters, groups);
+				default:
+					throw new IllegalArgumentException("invalid federation processor kind " + resource);
 			}
 		}
 	}
@@ -167,6 +166,8 @@ private class FederationMissionProcessor implements FederationProcessor<ROL> {
 		@Override
 		public void process(ROL rol) {
 
+			CoreConfig coreConfig = CoreConfigFacade.getInstance();
+
 			if (!coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
 				if (logger.isDebugEnabled()) {
 					logger.debug("mission federation disabled in config");
@@ -175,24 +176,24 @@ public void process(ROL rol) {
 			}
 
 			switch (op.toLowerCase(Locale.ENGLISH)) {
-			case "create":
-				processCreate(rol);
-				break;
-			case "delete":
-				if (requireNonNull(coreConfig.getRemoteConfiguration().getFederation(), "federation CoreConfig").isAllowFederatedDelete()) {
-					processDelete(rol);
-				} else {
-					logger.info("ignoring federated 'delete mission' command: federated delete is disabled in CoreConfig");
-				}
+				case "create":
+					processCreate(rol);
+					break;
+				case "delete":
+					if (requireNonNull(coreConfig.getRemoteConfiguration().getFederation(), "federation CoreConfig").isAllowFederatedDelete()) {
+						processDelete(rol);
+					} else {
+						logger.info("ignoring federated 'delete mission' command: federated delete is disabled in CoreConfig");
+					}
 
-				break;
-			case "update":
-				processUpdate(rol);
-				break;
-			case "assign":
-				processAssign(rol);
-				break;
-			default:
+					break;
+				case "update":
+					processUpdate(rol);
+					break;
+				case "assign":
+					processAssign(rol);
+					break;
+				default:
 			}
 		}
 
@@ -205,16 +206,16 @@ private void processCreate(ROL rol) {
 			if (parameters instanceof MissionMetadata) {
 				MissionMetadata md = (MissionMetadata) parameters;
 				int defaultRoleId = (int) md.getDefaultRoleId();
-				
+
 				MissionRole missionRole = null;
 				if (defaultRoleId > 0) {
 					Role defaultRole = MissionRole.Role.values()[defaultRoleId - 1];
 					missionRole = new MissionRole(defaultRole);
 					missionRole.setId(md.getDefaultRoleId());
 				}
-				
+
 				if (!missionService.exists(md.getName(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)))) {
-					missionService.createMission(md.getName(), md.getCreatorUid(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)), 
+					missionService.createMission(md.getName(), md.getCreatorUid(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)),
 							md.getDescription(), md.getChatRoom(), md.getBaseLayer(), md.getBbox(), md.getPath(), md.getClassification(), md.getTool(),
 							md.getPasswordHash(), missionRole, md.getExpiration(), md.getBoundingPolygon(), md.getInviteOnly());
 				}
@@ -268,92 +269,94 @@ private void processUpdate(ROL rol) {
 					logger.debug("mission update details: " + mud);
 				}
 
+				CoreConfig coreConfig = CoreConfigFacade.getInstance();
+
 				switch (requireNonNull(mud.getChangeType(), "mission update change type")) {
-				case ADD_CONTENT:
+					case ADD_CONTENT:
 
-					if (!missionService.exists(mud.getMissionName(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)))) {
-						missionService.createMission(mud.getMissionName(), mud.getMissionCreatorUid(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)), mud.getMissionDescription(), mud.getMissionChatRoom(), null, null, null, null, mud.getMissionTool(), null, null, null, null, false);
-					}
+						if (!missionService.exists(mud.getMissionName(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)))) {
+							missionService.createMission(mud.getMissionName(), mud.getMissionCreatorUid(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)), mud.getMissionDescription(), mud.getMissionChatRoom(), null, null, null, null, mud.getMissionTool(), null, null, null, null, false);
+						}
 
-					if (logger.isDebugEnabled()) {
-						logger.debug("adding mission content");
-					}
-					missionService.addMissionContent(mud.getMissionName(), mud.getContent(), mud.getCreatorUid(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)));
+						if (logger.isDebugEnabled()) {
+							logger.debug("adding mission content");
+						}
+						missionService.addMissionContent(mud.getMissionName(), mud.getContent(), mud.getCreatorUid(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)));
 
-					if (logger.isDebugEnabled()) {
-						logger.debug("adding mission content complete");
-					}
-					break;
-				case REMOVE_CONTENT:
-					try {
-						if (requireNonNull(coreConfig.getRemoteConfiguration().getFederation(), "federation CoreConfig").isAllowFederatedDelete()) {
+						if (logger.isDebugEnabled()) {
+							logger.debug("adding mission content complete");
+						}
+						break;
+					case REMOVE_CONTENT:
+						try {
+							if (requireNonNull(coreConfig.getRemoteConfiguration().getFederation(), "federation CoreConfig").isAllowFederatedDelete()) {
 
-							String hash = null;
-							String uid = null;
+								String hash = null;
+								String uid = null;
 
-							if (!mud.getContent().getHashes().isEmpty()) {
-								hash = mud.getContent().getHashes().get(0);
-							}
+								if (!mud.getContent().getHashes().isEmpty()) {
+									hash = mud.getContent().getHashes().get(0);
+								}
 
-							if (!mud.getContent().getUids().isEmpty()) {
-								uid = mud.getContent().getUids().get(0);
-							}
+								if (!mud.getContent().getUids().isEmpty()) {
+									uid = mud.getContent().getUids().get(0);
+								}
 
-							missionService.deleteMissionContent(mud.getMissionName(), hash, uid, mud.getCreatorUid(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)));
+								missionService.deleteMissionContent(mud.getMissionName(), hash, uid, mud.getCreatorUid(), remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)));
 
-						} else {
-							logger.info("ignoring federated delete content - disabled in CoreConfig");
+							} else {
+								logger.info("ignoring federated delete content - disabled in CoreConfig");
+							}
+						} catch (Exception e) {
+							logger.warn("exception accessing remote CoreConfig", e);
 						}
-					} catch (Exception e) {
-						logger.warn("exception accessing remote CoreConfig", e);
-					}
-					break;
-				default:
-					throw new IllegalArgumentException("invalid mission change type: " + mud.getChangeType());
+						break;
+					default:
+						throw new IllegalArgumentException("invalid mission change type: " + mud.getChangeType());
 				}
 			} else if (parameters instanceof MissionUpdateDetailsForMapLayer) {
-				
+
 				MissionUpdateDetailsForMapLayer mud = (MissionUpdateDetailsForMapLayer) parameters;
 
 				if (logger.isDebugEnabled()) {
 					logger.debug("MissionUpdateDetailsForMapLayer: " + mud);
 				}
-				
+
 				if (mud.getType() == MissionUpdateDetailsForMapLayerType.ADD_MAPLAYER_TO_MISSION) {
 					missionService.addMapLayerToMission(mud.getMissionName(), mud.getCreatorUid(), mud.getMission(), mud.getMapLayer());
-					
+
 				} else if (mud.getType() ==  MissionUpdateDetailsForMapLayerType.UPDATE_MAPLAYER) {
 					missionService.updateMapLayer(mud.getMissionName(), mud.getCreatorUid(), mud.getMission(), mud.getMapLayer());
-					
+
 				} else if (mud.getType() == MissionUpdateDetailsForMapLayerType.REMOVE_MAPLAYER_FROM_MISSION) {
 					missionService.removeMapLayerFromMission(mud.getMissionName(), mud.getCreatorUid(), mud.getMission(), mud.getMapLayer().getUid());
-				
+
 				} else {
 					throw new IllegalArgumentException("invalid MissionUpdateDetailsForMapLayerType: " + mud.getType());
 				}
 			} else if (parameters instanceof MissionUpdateDetailsForMissionLayer){
-				
+
 				MissionUpdateDetailsForMissionLayer mud = (MissionUpdateDetailsForMissionLayer) parameters;
 
 				if (logger.isDebugEnabled()) {
 					logger.debug("MissionUpdateDetailsForMissionLayer: " + mud);
 				}
-				
+
 				if (mud.getType() == MissionUpdateDetailsForMissionLayerType.ADD_MISSION_LAYER_TO_MISSION) {
 					String groupVector = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
 					missionService.addMissionLayer(mud.getMissionName(), mud.getMission(), mud.getUid(), mud.getName(), mud.getMissionLayerType(), mud.getParentUid(), mud.getAfter(), mud.getCreatorUid(), groupVector);
-					
+
 				} else if (mud.getType() == MissionUpdateDetailsForMissionLayerType.REMOVE_MISSION_LAYER_FROM_MISSION) {
 					String groupVector = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
 					missionService.removeMissionLayer(mud.getMissionName(), mud.getMission(), mud.getLayerUid(), mud.getCreatorUid(), groupVector);
 				} else {
 					throw new IllegalArgumentException("invalid MissionUpdateDetailsForMissionLayerType: " + mud.getType());
-				}		
-				
+				}
+
 			} else {
 				throw new IllegalArgumentException("invalid parameters object type for mission update action: " + parameters.getClass().getSimpleName());
 			}
-			
+
 		}
 
 		private void processAssign(ROL rol) {
@@ -373,19 +376,19 @@ private void processAssign(ROL rol) {
 							remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)));
 				}
 			}else if (parameters instanceof MissionExpiration) {
-				
+
 				MissionExpiration missionExpiration = (MissionExpiration) parameters;
-				
-				missionService.setExpiration(missionExpiration.getMissionName(), missionExpiration.getMissionExpiration(), 
+
+				missionService.setExpiration(missionExpiration.getMissionName(), missionExpiration.getMissionExpiration(),
 						remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)));
-				
+
 			}else {
 				throw new IllegalArgumentException("ROL assign mission does not have correct parameters");
 			}
-			
+
 		}
 	}
-	
+
 	private class FederationDataFeedProcessor implements FederationProcessor<ROL> {
 
 		private final String op;
@@ -399,7 +402,10 @@ private class FederationDataFeedProcessor implements FederationProcessor<ROL> {
 		}
 
 		@Override
-		public void process(ROL rol) {			
+		public void process(ROL rol) {
+
+			CoreConfig coreConfig = CoreConfigFacade.getInstance();
+
 			if (!coreConfig.getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
 				if (logger.isDebugEnabled()) {
 					logger.debug("data feed federation disabled in config");
@@ -408,21 +414,21 @@ public void process(ROL rol) {
 			}
 
 			switch (op.toLowerCase(Locale.ENGLISH)) {
-			case "create":
-				processCreate(rol);
-				break;
-			case "update":
-				processUpdate(rol);
-				break;
-			case "delete":
-				if (requireNonNull(coreConfig.getRemoteConfiguration().getFederation(), "federation CoreConfig").isAllowFederatedDelete()) {
-					processDelete(rol);
-				} else {
-					logger.info("ignoring federated 'delete mission feed' command: federated delete is disabled in CoreConfig");
-				}
+				case "create":
+					processCreate(rol);
+					break;
+				case "update":
+					processUpdate(rol);
+					break;
+				case "delete":
+					if (requireNonNull(coreConfig.getRemoteConfiguration().getFederation(), "federation CoreConfig").isAllowFederatedDelete()) {
+						processDelete(rol);
+					} else {
+						logger.info("ignoring federated 'delete mission feed' command: federated delete is disabled in CoreConfig");
+					}
 
-				break;
-			default:
+					break;
+				default:
 			}
 		}
 
@@ -433,34 +439,34 @@ private void processCreate(ROL rol) {
 
 			if (parameters instanceof DataFeedMetadata) {
 				DataFeedMetadata meta = (DataFeedMetadata) parameters;
-				
+
 				String groupVector = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
-					
+
 				// add a federated data feed to the data feeds table if it doesn't exist
 				List<DataFeedDTO> datafeeds = dataFeedRepository.getDataFeedByUUID(meta.getDataFeedUid());
 				if (datafeeds == null || datafeeds.size() == 0) {
-					long dataFeedId = dataFeedRepository.addDataFeed(meta.getDataFeedUid(), meta.getFeedName(), DataFeedType.Federation.ordinal(), 
-							meta.getAuthType(), -1, false, null, null, null, meta.isArchive(), false, meta.isArchiveOnly(), 2, null, meta.isSync(), 
+					long dataFeedId = dataFeedRepository.addDataFeed(meta.getDataFeedUid(), meta.getFeedName(), DataFeedType.Federation.ordinal(),
+							meta.getAuthType(), -1, false, null, null, null, meta.isArchive(), false, meta.isArchiveOnly(), 2, null, meta.isSync(),
 							meta.getSyncCacheRetentionSeconds(), groupVector, true, false, null, null, null, null);
-					
+
 					if (meta.getTags() != null && meta.getTags().size() > 0)
-						dataFeedRepository.addDataFeedTags(dataFeedId, meta.getTags());
-					
+						dataFeedRepository.addDataFeedTags(dataFeedId, meta.getTags().toArray(String[]::new));
+
 					// add/update the input metrics for this feed so we can track it in the UI
 					DataFeed dataFeedConfig = dataFeedRepository.getDataFeedByUUID(meta.getDataFeedUid()).get(0).toInput();
 					inputManager.updateFederationDataFeed(dataFeedConfig);
 				}
-				
+
 				Mission mission = missionService.getMission(meta.getMissionName(), groupVector);
-				// check mission exists before making feed					
+				// check mission exists before making feed
 				if (mission != null) {
 					// create mission feed association
-					missionService.addFeedToMission(meta.getMissionFeedUid(), meta.getMissionName(), "", mission, meta.getDataFeedUid(), meta.getFilterPolygon(), 
+					missionService.addFeedToMission(meta.getMissionFeedUid(), meta.getMissionName(), "", mission, meta.getDataFeedUid(), meta.getFilterPolygon(),
 							meta.getFilterCotTypes(), meta.getFilterCallsign());
 				}
 			}
 		}
-		
+
 		private void processUpdate(ROL rol) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("recieved ROL update feed from core " + rol);
@@ -468,49 +474,49 @@ private void processUpdate(ROL rol) {
 
 			if (parameters instanceof DataFeedMetadata) {
 				DataFeedMetadata meta = (DataFeedMetadata) parameters;
-				
+
 				String groupVector = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
-					
+
 				// add a federated data feed to the data feeds table, or update if it exists
 				List<DataFeedDTO> datafeeds = dataFeedRepository.getDataFeedByUUID(meta.getDataFeedUid());
 				if (datafeeds == null || datafeeds.size() == 0) {
-					long dataFeedId = dataFeedRepository.addDataFeed(meta.getDataFeedUid(), meta.getFeedName(), DataFeedType.Federation.ordinal(), 
-							meta.getAuthType(), -1, false, null, null, null, meta.isArchive(), false, meta.isArchiveOnly(), 2, null, meta.isSync(), 
+					long dataFeedId = dataFeedRepository.addDataFeed(meta.getDataFeedUid(), meta.getFeedName(), DataFeedType.Federation.ordinal(),
+							meta.getAuthType(), -1, false, null, null, null, meta.isArchive(), false, meta.isArchiveOnly(), 2, null, meta.isSync(),
 							meta.getSyncCacheRetentionSeconds(), groupVector, true, false, null, null, null, null);
-					dataFeedRepository.addDataFeedTags(dataFeedId, meta.getTags());
+					dataFeedRepository.addDataFeedTags(dataFeedId, meta.getTags().toArray(String[]::new));
 				} else {
 					DataFeedDTO dataFeed = datafeeds.get(0);
-					
+
 					// TODO: update this to support predicate data feeds
-					dataFeedRepository.updateDataFeed(meta.getDataFeedUid(), meta.getFeedName(), DataFeedType.Federation.ordinal(), 
-							meta.getAuthType(), -1, false, null, null, null, meta.isArchive(), false, meta.isArchiveOnly(), 2, null, 
+					dataFeedRepository.updateDataFeed(meta.getDataFeedUid(), meta.getFeedName(), DataFeedType.Federation.ordinal(),
+							meta.getAuthType(), -1, false, null, null, null, meta.isArchive(), false, meta.isArchiveOnly(), 2, null,
 							meta.isSync(), meta.getSyncCacheRetentionSeconds(), true, false, null, null, null, null);
-					
+
 					dataFeedRepository.removeAllDataFeedTagsById(dataFeed.getId());
-					
+
 					if (meta.getTags() != null && meta.getTags().size() > 0)
-						dataFeedRepository.addDataFeedTags(dataFeed.getId(), meta.getTags());
+						dataFeedRepository.addDataFeedTags(dataFeed.getId(), meta.getTags().toArray(String[]::new));
 				}
-				
+
 				// add/update the input metrics for this feed so we can track it in the UI
 				DataFeed dataFeedConfig = dataFeedRepository.getDataFeedByUUID(meta.getDataFeedUid()).get(0).toInput();
 				inputManager.updateFederationDataFeed(dataFeedConfig);
 			}
 		}
-		
+
 		private void processDelete(ROL rol) {
 
 			if (logger.isDebugEnabled()) {
 				logger.debug("recieved ROL delete mission feed from core " + rol);
 			}
-			
+
 			if (parameters instanceof DataFeedMetadata) {
 				DataFeedMetadata meta = (DataFeedMetadata) parameters;
-				
+
 				String groupVector = remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups));
-				
-				// if there is a mission in the delete request, remove the mission feed	
-				if (!Strings.isNullOrEmpty(meta.getMissionName())) {	
+
+				// if there is a mission in the delete request, remove the mission feed
+				if (!Strings.isNullOrEmpty(meta.getMissionName())) {
 					Mission mission = missionService.getMission(meta.getMissionName(), groupVector);
 					missionService.removeFeedFromMission(meta.getMissionName(), "", mission, meta.getMissionFeedUid());
 				}
@@ -546,15 +552,15 @@ private class FederationSyncResourceProcessor implements FederationProcessor<ROL
 		public void process(ROL rol) {
 
 			switch (op.toLowerCase(Locale.ENGLISH)) {
-			case "create":
-				processCreate(rol);
-				break;
-			case "delete":
-				processDelete(rol);
-				break;
-			case "update":
-				processUpdate(rol);
-			default:
+				case "create":
+					processCreate(rol);
+					break;
+				case "delete":
+					processDelete(rol);
+					break;
+				case "update":
+					processUpdate(rol);
+				default:
 			}
 		}
 
@@ -595,6 +601,8 @@ private void processDelete(ROL rol) {
 				logger.debug("recieved ROL delete resource from core " + rol);
 			}
 
+			CoreConfig coreConfig = CoreConfigFacade.getInstance();
+
 			if (!coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
 				if (logger.isDebugEnabled()) {
 					logger.debug("mission federation disabled in config");
@@ -624,6 +632,8 @@ private void processUpdate(ROL rol) {
 				logger.debug("recieved ROL update resource from core " + rol);
 			}
 
+			CoreConfig coreConfig = CoreConfigFacade.getInstance();
+
 			if (!coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
 				if (logger.isDebugEnabled()) {
 					logger.debug("mission federation disabled in config");
@@ -641,7 +651,7 @@ private void processUpdate(ROL rol) {
 							remoteUtil.bitVectorToString(remoteUtil.getBitVectorForGroups(groups)));
 				}
 			} catch (IllegalArgumentException | IntrusionException | IllegalStateException | SQLException
-					| NamingException | ValidationException e) {
+					 | NamingException | ValidationException e) {
 				if (logger.isDebugEnabled()) {
 					logger.debug("exception executing federated enterprise sync update", e);
 				}
@@ -651,13 +661,15 @@ private void processUpdate(ROL rol) {
 	}
 
 	private boolean isMissionAllowed(String tool) {
+
+		CoreConfig coreConfig = CoreConfigFacade.getInstance();
 		tool = tool == null ? "public" : tool;
 		boolean onlyFederatePublic = coreConfig.getRemoteConfiguration().getFederation().isFederateOnlyPublicMissions();
 		boolean isVBM = coreConfig.getRemoteConfiguration().getVbm().isEnabled();
-		
+
 		if (tool.equals("public")) {
 			return true;
-		} else if(tool.equals(coreConfig.getRemoteConfiguration().getNetwork().getMissionCopTool()) && onlyFederatePublic) {
+		} else if (tool.equals(coreConfig.getRemoteConfiguration().getNetwork().getMissionCopTool()) && onlyFederatePublic) {
 			return isVBM;
 		} else {
 			if (onlyFederatePublic) return false;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionFederationAspect.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionFederationAspect.java
index 8d1c2631..80acfd70 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionFederationAspect.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionFederationAspect.java
@@ -3,6 +3,7 @@
 import java.rmi.RemoteException;
 import java.util.NavigableSet;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.AfterReturning;
 import org.aspectj.lang.annotation.Aspect;
@@ -34,253 +35,250 @@
 @Aspect
 @Configurable
 public class MissionFederationAspect {
-    
-    private static final Logger logger = LoggerFactory.getLogger(MissionFederationAspect.class);
-    
-    @Autowired
-    private MissionFederationManager mfm;
-    
-    @Autowired
-    private GroupManager gm;
-    
-    @Autowired
-    private CoreConfig coreConfig;
-    
-
-    // If we were using AspectJ instead of Spring AOP - something like !adviceexecution() would avoid the stack tracing
-    // or name this pointcut and use !within(A)
-    @AfterReturning(value = "execution(* com.bbn.marti.sync.service.MissionService.createMission(..))", returning="returnValue")
-    public void createMission(JoinPoint jp, Object returnValue) throws RemoteException {
+
+	private static final Logger logger = LoggerFactory.getLogger(MissionFederationAspect.class);
+
+	@Autowired
+	private MissionFederationManager mfm;
+
+	@Autowired
+	private GroupManager gm;
+
+	// If we were using AspectJ instead of Spring AOP - something like !adviceexecution() would avoid the stack tracing
+	// or name this pointcut and use !within(A)
+	@AfterReturning(value = "execution(* com.bbn.marti.sync.service.MissionService.createMission(..))", returning="returnValue")
+	public void createMission(JoinPoint jp, Object returnValue) throws RemoteException {
 
 		if (!isMissionFederationEnabled()) return;
-    	
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled())  {
-    				logger.debug("skipping cyclic mission aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {    		
-    			logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		    		
-    		Mission mission = (Mission) returnValue;
-    		
-    		NavigableSet<Group> groups = gm.groupVectorToGroupSet((String) jp.getArgs()[2]);
-    		MissionRole defaultRole = (MissionRole) jp.getArgs()[11];
-    		
-    		MissionMetadata meta = MissionActionROLConverter.missionToROLMissionMetadata(mission);
-    		
-    		if (defaultRole != null) {
-    			meta.setDefaultRoleId(defaultRole.getId());    			
-    		}
-   
-    		// federated mission creation
-    		mfm.createMission(meta, groups);
-    		
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("intercepted mission create - name: " + mission.getName() + " creatorUid: " + mission.getCreatorUid() 
-    			+ " description: " + mission.getDescription() + " chatRoom: " + mission.getChatRoom() + " tool: " + mission.getTool() + " groups: ");
-    		}
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing create mission advice: " + e);
-    		}
-    	}
-    }
-    
-    @AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.deleteMission(..))")
-    public void deleteMission(JoinPoint jp) throws RemoteException {
-
-    	if (!isMissionFederationEnabled() || !isMissionFederatedDeleteEnabled()) return;
-    	
-    	
-    	if (!coreConfig.getRemoteConfiguration().getFederation().isAllowFederatedDelete()) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("federated mission deletion disabled in config");
-    		}
-    		return;
-    	}
-    	
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic mission aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		
-    		// federated mission creation
-    		mfm.deleteMission((String) jp.getArgs()[0], (String) jp.getArgs()[1], gm.groupVectorToGroupSet((String) jp.getArgs()[2]));
-    		
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing delete mission advice: ", e);
-    		}
-    	}
-    }
-   
-    
-    @AfterReturning(value = "execution(* com.bbn.marti.sync.service.MissionService.addFeedToMission(..))", returning="returnValue")
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled())  {
+					logger.debug("skipping cyclic mission aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			Mission mission = (Mission) returnValue;
+
+			NavigableSet<Group> groups = gm.groupVectorToGroupSet((String) jp.getArgs()[2]);
+			MissionRole defaultRole = (MissionRole) jp.getArgs()[11];
+
+			MissionMetadata meta = MissionActionROLConverter.missionToROLMissionMetadata(mission);
+
+			if (defaultRole != null) {
+				meta.setDefaultRoleId(defaultRole.getId());
+			}
+
+			// federated mission creation
+			mfm.createMission(meta, groups);
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("intercepted mission create - name: " + mission.getName() + " creatorUid: " + mission.getCreatorUid()
+						+ " description: " + mission.getDescription() + " chatRoom: " + mission.getChatRoom() + " tool: " + mission.getTool() + " groups: ");
+			}
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing create mission advice: " + e);
+			}
+		}
+	}
+
+	@AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.deleteMission(..))")
+	public void deleteMission(JoinPoint jp) throws RemoteException {
+
+		if (!isMissionFederationEnabled() || !isMissionFederatedDeleteEnabled()) return;
+
+
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowFederatedDelete()) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("federated mission deletion disabled in config");
+			}
+			return;
+		}
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic mission aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			// federated mission creation
+			mfm.deleteMission((String) jp.getArgs()[0], (String) jp.getArgs()[1], gm.groupVectorToGroupSet((String) jp.getArgs()[2]));
+
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing delete mission advice: ", e);
+			}
+		}
+	}
+
+
+	@AfterReturning(value = "execution(* com.bbn.marti.sync.service.MissionService.addFeedToMission(..))", returning="returnValue")
 	public void addDataFeedToMission(JoinPoint jp, Object returnValue) {
-    	if (!isMissionFederationEnabled() || !isMissionDataFeedFederationEnabled()) return;
-
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled())  {
-    				logger.debug("skipping cyclic mission aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {    		
-    			logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		
-    		MissionFeed missionFeed = (MissionFeed) returnValue;
-    		DataFeed dataFeed = coreConfig.getRemoteConfiguration()
-    					.getNetwork()
-    					.getDatafeed()
-    					.stream()
-    					.filter(df -> df.getUuid().equals(missionFeed.getDataFeedUid()))
-    					.findFirst().orElse(null);
-    		
-    		NavigableSet<Group> groups = gm.groupVectorToGroupSet(missionFeed.getMission().getGroupVector());
-    		
-    		DataFeedMetadata meta = new DataFeedMetadata();
-    		meta.setMissionName(missionFeed.getMission().getName());
-    		meta.setFilterPolygon(missionFeed.getFilterPolygon());
-    		meta.setFilterCallsign(missionFeed.getFilterCallsign());
-    		meta.setFilterCotTypes(missionFeed.getFilterCotTypes());
-    		meta.setDataFeedUid(missionFeed.getDataFeedUid());
-    		meta.setMissionFeedUid(missionFeed.getUid());
-    		meta.setArchive(dataFeed.isArchive());
-    		meta.setArchiveOnly(dataFeed.isArchiveOnly());
-    		meta.setSync(dataFeed.isSync());
-    		meta.setFeedName(dataFeed.getName());
-    		meta.setAuthType(dataFeed.getAuth().toString());
-    		meta.setTags(dataFeed.getTag());
-    		   
-    		// federated mission feed creation
-    		mfm.createMissionFeed(missionFeed.getMission(), meta, groups);
-
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("intercepted mission feed create - mission name: " + missionFeed.getMission().getName() + " dataFeedUid: " + missionFeed.getDataFeedUid());
-    		}
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing create mission advice: " + e);
-    		}
-    	}
+		if (!isMissionFederationEnabled() || !isMissionDataFeedFederationEnabled()) return;
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled())  {
+					logger.debug("skipping cyclic mission aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			MissionFeed missionFeed = (MissionFeed) returnValue;
+
+			DataFeed dataFeed = CoreConfigFacade.getInstance().getRemoteConfiguration()
+					.getNetwork()
+					.getDatafeed()
+					.stream()
+					.filter(df -> df.getUuid().equals(missionFeed.getDataFeedUid()))
+					.findFirst().orElse(null);
+
+			NavigableSet<Group> groups = gm.groupVectorToGroupSet(missionFeed.getMission().getGroupVector());
+
+			DataFeedMetadata meta = new DataFeedMetadata();
+			meta.setMissionName(missionFeed.getMission().getName());
+			meta.setFilterPolygon(missionFeed.getFilterPolygon());
+			meta.setFilterCallsign(missionFeed.getFilterCallsign());
+			meta.setFilterCotTypes(missionFeed.getFilterCotTypes());
+			meta.setDataFeedUid(missionFeed.getDataFeedUid());
+			meta.setMissionFeedUid(missionFeed.getUid());
+			meta.setArchive(dataFeed.isArchive());
+			meta.setArchiveOnly(dataFeed.isArchiveOnly());
+			meta.setSync(dataFeed.isSync());
+			meta.setFeedName(dataFeed.getName());
+			meta.setAuthType(dataFeed.getAuth().toString());
+			meta.setTags(dataFeed.getTag());
+
+			// federated mission feed creation
+			mfm.createMissionFeed(missionFeed.getMission(), meta, groups);
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("intercepted mission feed create - mission name: " + missionFeed.getMission().getName() + " dataFeedUid: " + missionFeed.getDataFeedUid());
+			}
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing create mission advice: " + e);
+			}
+		}
 	}
 
-    @AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.removeFeedFromMission(..))")
+	@AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.removeFeedFromMission(..))")
 	public void removeDataFeedFromMission(JoinPoint jp) {
-    	
-    	if (!isMissionFederationEnabled() || !isMissionFederatedDeleteEnabled() || !isMissionDataFeedFederationEnabled()) return;
-    	
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic mission aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		
-    		String missionName = (String) jp.getArgs()[0];
-    		String creatorUid = (String) jp.getArgs()[1];
-    		Mission mission = (Mission) jp.getArgs()[2];
-    		String missionFeedUid = (String) jp.getArgs()[3];
-    		
-    		DataFeedMetadata meta = new DataFeedMetadata();
-    		meta.setMissionName(missionName);
-    		meta.setMissionFeedUid(missionFeedUid);
-    		
-    		NavigableSet<Group> groups = gm.groupVectorToGroupSet(mission.getGroupVector());
-    		
-    		// federated mission feed delete
-    		mfm.deleteMissionFeed(mission, meta, groups);
-    		 		
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing delete mission advice: ", e);
-    		}
-    	}
+
+		if (!isMissionFederationEnabled() || !isMissionFederatedDeleteEnabled() || !isMissionDataFeedFederationEnabled()) return;
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic mission aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			String missionName = (String) jp.getArgs()[0];
+			String creatorUid = (String) jp.getArgs()[1];
+			Mission mission = (Mission) jp.getArgs()[2];
+			String missionFeedUid = (String) jp.getArgs()[3];
+
+			DataFeedMetadata meta = new DataFeedMetadata();
+			meta.setMissionName(missionName);
+			meta.setMissionFeedUid(missionFeedUid);
+
+			NavigableSet<Group> groups = gm.groupVectorToGroupSet(mission.getGroupVector());
+
+			// federated mission feed delete
+			mfm.deleteMissionFeed(mission, meta, groups);
+
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing delete mission advice: ", e);
+			}
+		}
+	}
+
+	@AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.addMissionContent(..))")
+	public void addMissionContent(JoinPoint jp) throws RemoteException {
+
+		if (!isMissionFederationEnabled()) return;
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic mission aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("addMissionContent advice " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			// federated add mission content
+			mfm.addMissionContent((String) jp.getArgs()[0], (MissionContent) jp.getArgs()[1], (String) jp.getArgs()[2], gm.groupVectorToGroupSet((String) jp.getArgs()[3]));
+
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing create mission advice: " + e);
+			}
+		}
+	}
+
+	@AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.deleteMissionContent(..))")
+	public void deleteMissionContent(JoinPoint jp) throws RemoteException {
+
+		if (!isMissionFederationEnabled() || !isMissionFederatedDeleteEnabled()) return;
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic mission aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("addMissionContent advice " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			// federated add mission content
+			mfm.deleteMissionContent((String) jp.getArgs()[0], (String) jp.getArgs()[1], (String) jp.getArgs()[2], (String) jp.getArgs()[3], gm.groupVectorToGroupSet((String) jp.getArgs()[4]));
+
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing create mission advice: " + e);
+			}
+		}
 	}
-    
-    @AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.addMissionContent(..))")
-    public void addMissionContent(JoinPoint jp) throws RemoteException {
-
-    	if (!isMissionFederationEnabled()) return;
-    	
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic mission aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("addMissionContent advice " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		
-    		// federated add mission content
-    		mfm.addMissionContent((String) jp.getArgs()[0], (MissionContent) jp.getArgs()[1], (String) jp.getArgs()[2], gm.groupVectorToGroupSet((String) jp.getArgs()[3]));
-    		
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing create mission advice: " + e);
-    		}
-    	}
-    }
-    
-    @AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.deleteMissionContent(..))")
-    public void deleteMissionContent(JoinPoint jp) throws RemoteException {
-
-    	if (!isMissionFederationEnabled() || !isMissionFederatedDeleteEnabled()) return;
-    	
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic mission aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("addMissionContent advice " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		
-    		// federated add mission content
-    		mfm.deleteMissionContent((String) jp.getArgs()[0], (String) jp.getArgs()[1], (String) jp.getArgs()[2], (String) jp.getArgs()[3], gm.groupVectorToGroupSet((String) jp.getArgs()[4]));
-    		
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing create mission advice: " + e);
-    		}
-    	}
-    }
 
 	@AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.setParent(..))")
 	public void setParent(JoinPoint jp) throws RemoteException {
-    	
+
 		if (!isMissionFederationEnabled()) return;
 
 		try {
@@ -309,7 +307,7 @@ public void setParent(JoinPoint jp) throws RemoteException {
 	@AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.clearParent(..))")
 	public void clearParent(JoinPoint jp) throws RemoteException {
 
-    	if (!isMissionFederationEnabled()) return;
+		if (!isMissionFederationEnabled()) return;
 
 		try {
 
@@ -333,10 +331,10 @@ public void clearParent(JoinPoint jp) throws RemoteException {
 			}
 		}
 	}
-	
+
 	@AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.setExpiration(..))")
 	public void setExpiration(JoinPoint jp) throws RemoteException {
-    	
+
 		if (!isMissionFederationEnabled()) return;
 
 		try {
@@ -355,7 +353,7 @@ public void setExpiration(JoinPoint jp) throws RemoteException {
 			String missionName = (String) jp.getArgs()[0];
 			Long expiration = (Long) jp.getArgs()[1];
 			String groupVector = (String) jp.getArgs()[2];
-			
+
 			mfm.setExpiration(missionName, expiration, gm.groupVectorToGroupSet(groupVector));
 
 		} catch (Exception e) {
@@ -364,37 +362,37 @@ public void setExpiration(JoinPoint jp) throws RemoteException {
 			}
 		}
 	}
-	
-    @AfterReturning(value = "execution(* com.bbn.marti.sync.service.MissionService.addMissionLayer(..))", returning="returnValue")
+
+	@AfterReturning(value = "execution(* com.bbn.marti.sync.service.MissionService.addMissionLayer(..))", returning="returnValue")
 	public void addMissionLayer(JoinPoint jp, Object returnValue) {
-    	
-    	if (!isMissionFederationEnabled()) return;
-
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic addMissionLayer aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("addMissionLayer aspect " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		
-    		if (returnValue == null) {
-    			logger.error("MissionLayer is null in addMissionLayer");
-    			return;
-    		}
-    		
-    		MissionLayer missionLayer = (MissionLayer) returnValue;
+
+		if (!isMissionFederationEnabled()) return;
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic addMissionLayer aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("addMissionLayer aspect " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			if (returnValue == null) {
+				logger.error("MissionLayer is null in addMissionLayer");
+				return;
+			}
+
+			MissionLayer missionLayer = (MissionLayer) returnValue;
 
 			String missionName = (String) jp.getArgs()[0];
-    		Mission mission = (Mission) jp.getArgs()[1];
+			Mission mission = (Mission) jp.getArgs()[1];
 			String uid = (String) jp.getArgs()[2];
 			String name = (String) jp.getArgs()[3];
-    		MissionLayer.Type missionLayerType = (MissionLayer.Type) jp.getArgs()[4];
+			MissionLayer.Type missionLayerType = (MissionLayer.Type) jp.getArgs()[4];
 			String parentUid = (String) jp.getArgs()[5];
 			String afterUid = (String) jp.getArgs()[6];
 			String creatorUid = (String) jp.getArgs()[7];
@@ -403,210 +401,213 @@ public void addMissionLayer(JoinPoint jp, Object returnValue) {
 			NavigableSet<Group> groups = gm.groupVectorToGroupSet(groupVector);
 
 			MissionUpdateDetailsForMissionLayer missionUpdateDetailsForMissionLayer = new MissionUpdateDetailsForMissionLayer();
-    		missionUpdateDetailsForMissionLayer.setType(MissionUpdateDetailsForMissionLayerType.ADD_MISSION_LAYER_TO_MISSION);
-    		missionUpdateDetailsForMissionLayer.setMissionName(missionName);
-    		missionUpdateDetailsForMissionLayer.setMission(mission);
+			missionUpdateDetailsForMissionLayer.setType(MissionUpdateDetailsForMissionLayerType.ADD_MISSION_LAYER_TO_MISSION);
+			missionUpdateDetailsForMissionLayer.setMissionName(missionName);
+			missionUpdateDetailsForMissionLayer.setMission(mission);
 			missionUpdateDetailsForMissionLayer.setUid(uid);
 			missionUpdateDetailsForMissionLayer.setName(name);
-    		missionUpdateDetailsForMissionLayer.setMissionLayerType(missionLayerType);
+			missionUpdateDetailsForMissionLayer.setMissionLayerType(missionLayerType);
 			missionUpdateDetailsForMissionLayer.setParentUid(parentUid);
 			missionUpdateDetailsForMissionLayer.setAfter(afterUid);
-    		missionUpdateDetailsForMissionLayer.setCreatorUid(creatorUid);
-    		
-    		mfm.addMissionLayer(missionUpdateDetailsForMissionLayer, groups);
-
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing addMissionLayer: " + e);
-    		}
-    	}
+			missionUpdateDetailsForMissionLayer.setCreatorUid(creatorUid);
+
+			mfm.addMissionLayer(missionUpdateDetailsForMissionLayer, groups);
+
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing addMissionLayer: " + e);
+			}
+		}
 	}
-	
-    @AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.removeMissionLayer(..))")
-    public void removeMissionLayer(JoinPoint jp) throws RemoteException {
-
-    	if (!isMissionFederationEnabled()) return;
-    	
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic mission aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		
-    		String missionName = (String)jp.getArgs()[0];
-    		Mission mission = (Mission) jp.getArgs()[1];
-    		String layerUid = (String)jp.getArgs()[2];
-    		String creatorUid = (String)jp.getArgs()[3];
-    		String groupVector = (String) jp.getArgs()[4];
-    		
-    		MissionUpdateDetailsForMissionLayer missionUpdateDetailsForMissionLayer = new MissionUpdateDetailsForMissionLayer();
-    		missionUpdateDetailsForMissionLayer.setType(MissionUpdateDetailsForMissionLayerType.REMOVE_MISSION_LAYER_FROM_MISSION);
-    		missionUpdateDetailsForMissionLayer.setMissionName(missionName);
-    		missionUpdateDetailsForMissionLayer.setMission(mission);
-    		missionUpdateDetailsForMissionLayer.setLayerUid(layerUid);
-    		missionUpdateDetailsForMissionLayer.setCreatorUid(creatorUid);
-    		
-    		mfm.deleteMissionLayer(missionUpdateDetailsForMissionLayer, gm.groupVectorToGroupSet(groupVector));
-    		
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing delete mission advice: ", e);
-    		}
-    	}
-    }
-    
-    @AfterReturning(value = "execution(* com.bbn.marti.sync.service.MissionService.addMapLayerToMission(..))", returning="returnValue")
+
+	@AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.removeMissionLayer(..))")
+	public void removeMissionLayer(JoinPoint jp) throws RemoteException {
+
+		if (!isMissionFederationEnabled()) return;
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic mission aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			String missionName = (String)jp.getArgs()[0];
+			Mission mission = (Mission) jp.getArgs()[1];
+			String layerUid = (String)jp.getArgs()[2];
+			String creatorUid = (String)jp.getArgs()[3];
+			String groupVector = (String) jp.getArgs()[4];
+
+			MissionUpdateDetailsForMissionLayer missionUpdateDetailsForMissionLayer = new MissionUpdateDetailsForMissionLayer();
+			missionUpdateDetailsForMissionLayer.setType(MissionUpdateDetailsForMissionLayerType.REMOVE_MISSION_LAYER_FROM_MISSION);
+			missionUpdateDetailsForMissionLayer.setMissionName(missionName);
+			missionUpdateDetailsForMissionLayer.setMission(mission);
+			missionUpdateDetailsForMissionLayer.setLayerUid(layerUid);
+			missionUpdateDetailsForMissionLayer.setCreatorUid(creatorUid);
+
+			mfm.deleteMissionLayer(missionUpdateDetailsForMissionLayer, gm.groupVectorToGroupSet(groupVector));
+
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing delete mission advice: ", e);
+			}
+		}
+	}
+
+	@AfterReturning(value = "execution(* com.bbn.marti.sync.service.MissionService.addMapLayerToMission(..))", returning="returnValue")
 	public void addMapLayerToMission(JoinPoint jp, Object returnValue) {
-    	if (!isMissionFederationEnabled()) return;
-
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled())  {
-    				logger.debug("skipping cyclic mission aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {    		
-    			logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		
-    		if (returnValue == null) {
-    			logger.error("MapLayer is null in addMapLayerToMission");
-    			return;
-    		}
-    		
-    		MapLayer mapLayer = (MapLayer) returnValue;
-    	
-    		NavigableSet<Group> groups = gm.groupVectorToGroupSet(mapLayer.getMission().getGroupVector());
-    		    		
-    		String missionName = (String) jp.getArgs()[0];
-    		String creatorUid = (String) jp.getArgs()[1];
-    		Mission mission = (Mission) jp.getArgs()[2];
+		if (!isMissionFederationEnabled()) return;
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled())  {
+					logger.debug("skipping cyclic mission aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			if (returnValue == null) {
+				logger.error("MapLayer is null in addMapLayerToMission");
+				return;
+			}
+
+			MapLayer mapLayer = (MapLayer) returnValue;
+
+			NavigableSet<Group> groups = gm.groupVectorToGroupSet(mapLayer.getMission().getGroupVector());
+
+			String missionName = (String) jp.getArgs()[0];
+			String creatorUid = (String) jp.getArgs()[1];
+			Mission mission = (Mission) jp.getArgs()[2];
 //    		MapLayer mapLayer = (MapLayer) jp.getArgs()[3]; // use the return value instead of the input parameter
-    		
-    		MissionUpdateDetailsForMapLayer missionUpdateDetailsForMapLayer = new MissionUpdateDetailsForMapLayer();
-    		missionUpdateDetailsForMapLayer.setType(MissionUpdateDetailsForMapLayerType.ADD_MAPLAYER_TO_MISSION);
-    		missionUpdateDetailsForMapLayer.setMissionName(missionName);
-    		missionUpdateDetailsForMapLayer.setCreatorUid(creatorUid);
-    		missionUpdateDetailsForMapLayer.setMission(mission);
-    		missionUpdateDetailsForMapLayer.setMapLayer(mapLayer);
-    		
-    		mfm.addMapLayerToMission(missionUpdateDetailsForMapLayer, groups);
-
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("intercepted addMapLayerToMission - mapLayer: " + mapLayer.getName());
-    		}
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing addMapLayerToMission advice: " + e);
-    		}
-    	}
+
+			MissionUpdateDetailsForMapLayer missionUpdateDetailsForMapLayer = new MissionUpdateDetailsForMapLayer();
+			missionUpdateDetailsForMapLayer.setType(MissionUpdateDetailsForMapLayerType.ADD_MAPLAYER_TO_MISSION);
+			missionUpdateDetailsForMapLayer.setMissionName(missionName);
+			missionUpdateDetailsForMapLayer.setCreatorUid(creatorUid);
+			missionUpdateDetailsForMapLayer.setMission(mission);
+			missionUpdateDetailsForMapLayer.setMapLayer(mapLayer);
+
+			mfm.addMapLayerToMission(missionUpdateDetailsForMapLayer, groups);
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("intercepted addMapLayerToMission - mapLayer: " + mapLayer.getName());
+			}
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing addMapLayerToMission advice: " + e);
+			}
+		}
 	}
-    
-    @AfterReturning(value = "execution(* com.bbn.marti.sync.service.MissionService.updateMapLayer(..))", returning="returnValue")
+
+	@AfterReturning(value = "execution(* com.bbn.marti.sync.service.MissionService.updateMapLayer(..))", returning="returnValue")
 	public void updateMapLayer(JoinPoint jp, Object returnValue) {
-    	if (!isMissionFederationEnabled()) return;
-
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled())  {
-    				logger.debug("skipping cyclic mission aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {    		
-    			logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		
-    		if (returnValue == null) {
-    			logger.error("MapLayer is null in addMapLayerToMission");
-    			return;
-    		}
-    		
-    		MapLayer mapLayer = (MapLayer) returnValue;
-    		
-    		NavigableSet<Group> groups = gm.groupVectorToGroupSet(mapLayer.getMission().getGroupVector());
-    		
-      		String missionName = (String) jp.getArgs()[0];
-    		String creatorUid = (String) jp.getArgs()[1];
-    		Mission mission = (Mission) jp.getArgs()[2];
+		if (!isMissionFederationEnabled()) return;
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled())  {
+					logger.debug("skipping cyclic mission aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			if (returnValue == null) {
+				logger.error("MapLayer is null in addMapLayerToMission");
+				return;
+			}
+
+			MapLayer mapLayer = (MapLayer) returnValue;
+
+			NavigableSet<Group> groups = gm.groupVectorToGroupSet(mapLayer.getMission().getGroupVector());
+
+			String missionName = (String) jp.getArgs()[0];
+			String creatorUid = (String) jp.getArgs()[1];
+			Mission mission = (Mission) jp.getArgs()[2];
 //    		MapLayer mapLayer = (MapLayer) jp.getArgs()[3]; // use the return value instead of the input parameter
-    		
-    		MissionUpdateDetailsForMapLayer missionUpdateDetailsForMapLayer = new MissionUpdateDetailsForMapLayer();
-    		missionUpdateDetailsForMapLayer.setType(MissionUpdateDetailsForMapLayerType.UPDATE_MAPLAYER);
-    		missionUpdateDetailsForMapLayer.setMissionName(missionName);
-    		missionUpdateDetailsForMapLayer.setCreatorUid(creatorUid);
-    		missionUpdateDetailsForMapLayer.setMission(mission);
-    		missionUpdateDetailsForMapLayer.setMapLayer(mapLayer);
-    		
-    		mfm.updateMapLayer(missionUpdateDetailsForMapLayer, groups);
-
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("intercepted updateMapLayer - mapLayer: " + mapLayer.getName());
-    		}
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing updateMapLayer advice: " + e);
-    		}
-    	}
+
+			MissionUpdateDetailsForMapLayer missionUpdateDetailsForMapLayer = new MissionUpdateDetailsForMapLayer();
+			missionUpdateDetailsForMapLayer.setType(MissionUpdateDetailsForMapLayerType.UPDATE_MAPLAYER);
+			missionUpdateDetailsForMapLayer.setMissionName(missionName);
+			missionUpdateDetailsForMapLayer.setCreatorUid(creatorUid);
+			missionUpdateDetailsForMapLayer.setMission(mission);
+			missionUpdateDetailsForMapLayer.setMapLayer(mapLayer);
+
+			mfm.updateMapLayer(missionUpdateDetailsForMapLayer, groups);
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("intercepted updateMapLayer - mapLayer: " + mapLayer.getName());
+			}
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing updateMapLayer advice: " + e);
+			}
+		}
 	}
-    
-    @AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.removeMapLayerFromMission(..))")
+
+	@AfterReturning("execution(* com.bbn.marti.sync.service.MissionService.removeMapLayerFromMission(..))")
 	public void removeMapLayerFromMission(JoinPoint jp) {
-    	
-    	if (!isMissionFederationEnabled()) return;
-    	
-    	try {
-    		
-    		if (isCyclic()) {
-    			if (logger.isDebugEnabled()) {
-    				logger.debug("skipping cyclic mission aspect execution");
-    			}
-    			return;
-    		}
-    		
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
-    		}
-    		    		
-    		String missionName = (String) jp.getArgs()[0];
-    		String creatorUid = (String) jp.getArgs()[1];
-    		Mission mission = (Mission) jp.getArgs()[2];
-    		String mapLayerUid = (String) jp.getArgs()[3];
-    		
-    		NavigableSet<Group> groups = gm.groupVectorToGroupSet(mission.getGroupVector());
-    		
-    		MissionUpdateDetailsForMapLayer missionUpdateDetailsForMapLayer = new MissionUpdateDetailsForMapLayer();
-    		missionUpdateDetailsForMapLayer.setType(MissionUpdateDetailsForMapLayerType.REMOVE_MAPLAYER_FROM_MISSION);
-    		missionUpdateDetailsForMapLayer.setMissionName(missionName);
-    		missionUpdateDetailsForMapLayer.setCreatorUid(creatorUid);
-    		missionUpdateDetailsForMapLayer.setMission(mission);
-    		MapLayer mapLayer = new MapLayer();
-    		mapLayer.setUid(mapLayerUid);
-    		missionUpdateDetailsForMapLayer.setMapLayer(mapLayer);
-    		
-    		mfm.removeMapLayerFromMission(missionUpdateDetailsForMapLayer, groups);
-    		 		
-    	} catch (Exception e) {
-    		if (logger.isDebugEnabled()) {
-    			logger.debug("exception executing delete mission advice: ", e);
-    		}
-    	}
+
+		if (!isMissionFederationEnabled()) return;
+
+		try {
+
+			if (isCyclic()) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("skipping cyclic mission aspect execution");
+				}
+				return;
+			}
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("mission advice " + jp.getSignature().getName() + " " + jp.getKind());
+			}
+
+			String missionName = (String) jp.getArgs()[0];
+			String creatorUid = (String) jp.getArgs()[1];
+			Mission mission = (Mission) jp.getArgs()[2];
+			String mapLayerUid = (String) jp.getArgs()[3];
+
+			NavigableSet<Group> groups = gm.groupVectorToGroupSet(mission.getGroupVector());
+
+			MissionUpdateDetailsForMapLayer missionUpdateDetailsForMapLayer = new MissionUpdateDetailsForMapLayer();
+			missionUpdateDetailsForMapLayer.setType(MissionUpdateDetailsForMapLayerType.REMOVE_MAPLAYER_FROM_MISSION);
+			missionUpdateDetailsForMapLayer.setMissionName(missionName);
+			missionUpdateDetailsForMapLayer.setCreatorUid(creatorUid);
+			missionUpdateDetailsForMapLayer.setMission(mission);
+			MapLayer mapLayer = new MapLayer();
+			mapLayer.setUid(mapLayerUid);
+			missionUpdateDetailsForMapLayer.setMapLayer(mapLayer);
+
+			mfm.removeMapLayerFromMission(missionUpdateDetailsForMapLayer, groups);
+
+		} catch (Exception e) {
+			if (logger.isDebugEnabled()) {
+				logger.debug("exception executing delete mission advice: ", e);
+			}
+		}
 	}
-    
-    private boolean isMissionFederationEnabled() {
+
+	private boolean isMissionFederationEnabled() {
 		boolean isEnabled = true;
+
+		CoreConfig coreConfig = CoreConfigFacade.getInstance();
+
 		if (!coreConfig.getRemoteConfiguration().getFederation().isEnableFederation()) {
 			isEnabled = false;
 		}
@@ -621,7 +622,7 @@ private boolean isMissionFederationEnabled() {
 	}
 
 	private boolean isMissionFederatedDeleteEnabled() {
-		if (!coreConfig.getRemoteConfiguration().getFederation().isAllowFederatedDelete()) {
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowFederatedDelete()) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("mission federation delete disabled in config");
 			}
@@ -629,11 +630,11 @@ private boolean isMissionFederatedDeleteEnabled() {
 		}
 		return true;
 	}
-	
+
 	private boolean isMissionDataFeedFederationEnabled() {
 		boolean isEnabled = true;
 
-		if (!coreConfig.getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation()) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("data feed federation disabled in config");
 			}
@@ -641,22 +642,22 @@ private boolean isMissionDataFeedFederationEnabled() {
 		}
 		return isEnabled;
 	}
-	
-    private boolean isCyclic() {
-    	StackTraceElement[] stack = new Exception().getStackTrace();
-    	
-    	for (StackTraceElement el : stack) {
-    		
-    		if (logger.isTraceEnabled()) {
-    			logger.trace("stack element: " + el.getClassName());
-    		}
-    		
+
+	private boolean isCyclic() {
+		StackTraceElement[] stack = new Exception().getStackTrace();
+
+		for (StackTraceElement el : stack) {
+
+			if (logger.isTraceEnabled()) {
+				logger.trace("stack element: " + el.getClassName());
+			}
+
 			if (el.getClassName().equals(FederationROLHandler.class.getName())) {
 				return true;
 			}
-		} 
+		}
 
-    	return false;
-    }
+		return false;
+	}
 
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionFederationManagerROL.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionFederationManagerROL.java
index 047f6fbd..c8cff7a1 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionFederationManagerROL.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/federation/MissionFederationManagerROL.java
@@ -7,6 +7,7 @@
 
 import javax.naming.NamingException;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -29,7 +30,6 @@
 import com.bbn.marti.sync.Metadata.Field;
 import com.bbn.marti.sync.model.Mission;
 import com.bbn.marti.sync.model.MissionChange;
-import com.bbn.marti.sync.model.MissionChangeUtils;
 import com.bbn.marti.sync.model.MissionLayer;
 import com.bbn.marti.sync.model.MissionLayer.Type;
 import com.bbn.marti.sync.service.MissionService;
@@ -41,8 +41,8 @@
 
 /*
  * Mission federation manager implementation that federates ROL-encoded representations of Mission API commands.
- * 
- * 
+ *
+ *
  */
 public class MissionFederationManagerROL implements MissionFederationManager {
 
@@ -63,9 +63,6 @@ public class MissionFederationManagerROL implements MissionFederationManager {
 	@Autowired
 	private RemoteUtil remoteUtil;
 
-	@Autowired
-	private CoreConfig coreConfig;
-
 	private final MissionActionROLConverter malrc;
 
 	public MissionFederationManagerROL(MissionActionROLConverter malrc) {
@@ -74,10 +71,10 @@ public MissionFederationManagerROL(MissionActionROLConverter malrc) {
 
 	@Override
 	public void createMission(MissionMetadata missionMeta, NavigableSet<Group> groups) {
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		
+
 		try {
 			if (!isMissionAllowed(missionMeta.getTool())) {
 				if (logger.isDebugEnabled()) {
@@ -87,7 +84,7 @@ public void createMission(MissionMetadata missionMeta, NavigableSet<Group> group
 			}
 
 			try {
-				if (coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
+				if (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()) {
 					fedMgr.submitMissionFederateROL(malrc.createMissionToROL(missionMeta), groups, missionMeta.getName());
 				}
 			} catch (Exception e) {
@@ -104,10 +101,10 @@ public void createMission(MissionMetadata missionMeta, NavigableSet<Group> group
 	@Override
 	public void deleteMission(String name, String creatorUid, NavigableSet<Group> groups) {
 
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		 
+
 		try {
 
 			if (logger.isDebugEnabled()) {
@@ -125,14 +122,15 @@ public void deleteMission(String name, String creatorUid, NavigableSet<Group> gr
 			}
 		}
 	}
-	
+
 	@Override
 	public void createMissionFeed(Mission mission, DataFeedMetadata missionMeta, NavigableSet<Group> groups) {
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) || !(coreConfig.getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()) ||
+				!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
 			return;
 		}
-		
-		try { 
+
+		try {
 			if (isMissionAllowed(mission.getTool())) {
 				fedMgr.submitMissionFederateROL(malrc.createDataFeedToROL(missionMeta), groups, mission.getName());
 			} else {
@@ -145,16 +143,17 @@ public void createMissionFeed(Mission mission, DataFeedMetadata missionMeta, Nav
 				logger.debug("exception constructing or sending feed create federated ROL", e);
 			}
 		}
-	
+
 	}
 
 	@Override
 	public void updateMissionFeed(Mission mission, DataFeedMetadata missionMeta, NavigableSet<Group> groups) {
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) || !(coreConfig.getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()) ||
+				!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
 			return;
 		}
-		
-		try { 
+
+		try {
 			if (isMissionAllowed(mission.getTool())) {
 				fedMgr.submitMissionFederateROL(malrc.updateDataFeedToROL(missionMeta), groups, mission.getName());
 			} else {
@@ -167,16 +166,17 @@ public void updateMissionFeed(Mission mission, DataFeedMetadata missionMeta, Nav
 				logger.debug("exception constructing or sending feed update federated ROL", e);
 			}
 		}
-		
+
 	}
 
 	@Override
 	public void deleteMissionFeed(Mission mission, DataFeedMetadata missionMeta, NavigableSet<Group> groups) {
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation()) || !(coreConfig.getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation()) ||
+				!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
 			return;
 		}
-		
-		try { 
+
+		try {
 			if (isMissionAllowed(mission.getTool())) {
 				fedMgr.submitMissionFederateROL(malrc.deleteDataFeedToROL(missionMeta), groups, mission.getName());
 			} else {
@@ -188,16 +188,16 @@ public void deleteMissionFeed(Mission mission, DataFeedMetadata missionMeta, Nav
 			if (logger.isDebugEnabled()) {
 				logger.debug("exception constructing or sending feed delete federated ROL", e);
 			}
-		}	
+		}
 	}
 
 	@Override
 	public void createDataFeed(DataFeedMetadata feedMeta, NavigableSet<Group> groups) {
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
 			return;
 		}
-		
-		try { 
+
+		try {
 			fedMgr.submitFederateROL(malrc.createDataFeedToROL(feedMeta), groups);
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
@@ -208,11 +208,11 @@ public void createDataFeed(DataFeedMetadata feedMeta, NavigableSet<Group> groups
 
 	@Override
 	public void updateDataFeed(DataFeedMetadata feedMeta, NavigableSet<Group> groups) {
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
 			return;
 		}
-		
-		try { 
+
+		try {
 			fedMgr.submitFederateROL(malrc.updateDataFeedToROL(feedMeta), groups);
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
@@ -223,11 +223,11 @@ public void updateDataFeed(DataFeedMetadata feedMeta, NavigableSet<Group> groups
 
 	@Override
 	public void deleteDataFeed(DataFeedMetadata feedMeta, NavigableSet<Group> groups) {
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowDataFeedFederation())) {
 			return;
 		}
 
-		try { 
+		try {
 			fedMgr.submitFederateROL(malrc.deleteDataFeedToROL(feedMeta), groups);
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
@@ -238,8 +238,8 @@ public void deleteDataFeed(DataFeedMetadata feedMeta, NavigableSet<Group> groups
 
 	@Override
 	public void addMissionContent(String missionName, MissionContent content, String creatorUid, NavigableSet<Group> groups) {
-		
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
 
@@ -263,12 +263,12 @@ public void addMissionContent(String missionName, MissionContent content, String
 				}
 				return;
 			}
-            // TODO: this does not handle the case where the content is a zip format file, e.g, ODT or PDF?
+			// TODO: this does not handle the case where the content is a zip format file, e.g, ODT or PDF?
 			if (isBlockedFileEnabled()) {
 				MissionChange latestMission = missionService.getLatestMissionChangeForContentHash(missionName, content.getHashes().get(0));
-				String fileExt = "." + coreConfig.getRemoteConfiguration().getFederation().getFileFilter().getFileExtension().get(0).trim().toLowerCase();
-				
-				MissionChangeUtils.findAndSetContentResource(latestMission);
+				String fileExt = "." + CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFileFilter().getFileExtension().get(0).trim().toLowerCase();
+
+//				MissionChangeUtils.findAndSetContentResource(latestMission);
 				String name = latestMission.getContentResource().getName();
 				// TODO do we need to check file name instead?
 				if (name != null) {
@@ -295,10 +295,10 @@ public void addMissionContent(String missionName, MissionContent content, String
 	@Override
 	public void deleteMissionContent(String missionName, String hash, String uid, String creatorUid, NavigableSet<Group> groups) {
 
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		
+
 		if (logger.isDebugEnabled()) {
 			logger.debug("intercepted delete mission content: hash: " + hash + " uid: " + uid + " mission name " + missionName + " creator uid " + creatorUid + " groups " + groups);
 		}
@@ -335,11 +335,11 @@ public void archiveMission(String missionName, String serverName, NavigableSet<G
 
 	@Override
 	public void setParent(String missionName, String parentMissionName, NavigableSet<Group> groups) {
-		
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		
+
 		try {
 			MissionHierarchy missionHierarchy = new MissionHierarchy();
 			missionHierarchy.setMissionName(missionName);
@@ -364,11 +364,11 @@ public void setParent(String missionName, String parentMissionName, NavigableSet
 
 	@Override
 	public void clearParent(String missionName, NavigableSet<Group> groups) {
-		
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		
+
 		try {
 			MissionHierarchy missionHierarchy = new MissionHierarchy();
 			missionHierarchy.setMissionName(missionName);
@@ -389,68 +389,68 @@ public void clearParent(String missionName, NavigableSet<Group> groups) {
 			}
 		}
 	}
-	
-	 /*
-     * save file with payload from byte array
-     */
-    @Override
-    public void insertResource(Metadata metadata, byte[] content, NavigableSet<Group> groups) {
-
-    	if (metadata == null) {
-    		return;
-		}
-
-        if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
-
-            if (logger.isDebugEnabled()) {
-                logger.debug("skipping federation of a file  " +  metadata);
-            }
-
-            return;
-        }
-
-        try {
-            if (coreConfig.getRemoteConfiguration().getNetwork().isEsyncEnableCotFilter()) {
-                String cotFilter = coreConfig.getRemoteConfiguration().getNetwork().getEsyncCotFilter();
-                if (cotFilter != null && cotFilter.length() > 0) {
-                    content = DataPackageFileBlocker.blockCoT(metadata, content, cotFilter);
-                    if (content == null) {
-                        if (logger.isDebugEnabled()) {
-                            logger.debug("filtered content is null, not federating enterprise sync insert resource");
-                        }
-                        return;
-                    }
-                }
-            }
-        } catch (Exception e) {
-            logger.error("exception federating enterprise sync insert resource", e);
-        }
-
-        if (isBlockedFileEnabled()) {
-            String fileExt = coreConfig.getRemoteConfiguration().getFederation().getFileFilter().getFileExtension().get(0).trim().toLowerCase();
-            try {
-                byte[] filteredContent = DataPackageFileBlocker.blockResourceContent(metadata, content, fileExt);
-                if (filteredContent != null) {
-                    fedMgr.submitFederateROL(malrc.getInsertResourceROL(metadata, filteredContent), groups);
-                } else {
-                    if (logger.isDebugEnabled()) {
-                        logger.debug("filtered content is null, not federating enterprise sync insert resource");
-                    }
-                }
-            } catch (Exception e) {
-                logger.error("exception federating enterprise sync insert resource", e);
-            }
-        } else { // just let it ROL
-            try {
-                String hash = metadata.getFirst(Field.Hash);
-
-                fedMgr.submitFederateROL(malrc.getInsertResourceROLNoContent(metadata), groups, hash);
-            } catch (IOException e) {
-                logger.error("exception federating enterprise sync insert resource", e);
-            }
-        }
-    }
-	
+
+	/*
+	 * save file with payload from byte array
+	 */
+	@Override
+	public void insertResource(Metadata metadata, byte[] content, NavigableSet<Group> groups) {
+
+		if (metadata == null) {
+			return;
+		}
+
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+
+			if (logger.isDebugEnabled()) {
+				logger.debug("skipping federation of a file  " +  metadata);
+			}
+
+			return;
+		}
+
+		try {
+			if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isEsyncEnableCotFilter()) {
+				String cotFilter = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEsyncCotFilter();
+				if (cotFilter != null && cotFilter.length() > 0) {
+					content = DataPackageFileBlocker.blockCoT(metadata, content, cotFilter);
+					if (content == null) {
+						if (logger.isDebugEnabled()) {
+							logger.debug("filtered content is null, not federating enterprise sync insert resource");
+						}
+						return;
+					}
+				}
+			}
+		} catch (Exception e) {
+			logger.error("exception federating enterprise sync insert resource", e);
+		}
+
+		if (isBlockedFileEnabled()) {
+			String fileExt = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFileFilter().getFileExtension().get(0).trim().toLowerCase();
+			try {
+				byte[] filteredContent = DataPackageFileBlocker.blockResourceContent(metadata, content, fileExt);
+				if (filteredContent != null) {
+					fedMgr.submitFederateROL(malrc.getInsertResourceROL(metadata, filteredContent), groups);
+				} else {
+					if (logger.isDebugEnabled()) {
+						logger.debug("filtered content is null, not federating enterprise sync insert resource");
+					}
+				}
+			} catch (Exception e) {
+				logger.error("exception federating enterprise sync insert resource", e);
+			}
+		} else { // just let it ROL
+			try {
+				String hash = metadata.getFirst(Field.Hash);
+
+				fedMgr.submitFederateROL(malrc.getInsertResourceROLNoContent(metadata), groups, hash);
+			} catch (IOException e) {
+				logger.error("exception federating enterprise sync insert resource", e);
+			}
+		}
+	}
+
 	/*
 	 * save file with payload from InputStream
 	 */
@@ -471,7 +471,7 @@ public void insertResource(Metadata metadata, InputStream contentStream, Navigab
 			logger.debug("metadata json for federated insert resource: " + metadata.toJSONObject() + " hash: " + metadata.getHash());
 		}
 
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 
 			if (logger.isDebugEnabled()) {
 				logger.debug("skipping federation of a file  " +  metadata);
@@ -481,26 +481,26 @@ public void insertResource(Metadata metadata, InputStream contentStream, Navigab
 
 
 		byte[] content = null;
-		
+
 		// need to get content from database / cache instead of being passed in above.
 		try {
-			if (coreConfig.getRemoteConfiguration().getNetwork().isEsyncEnableCotFilter()) {
-				String cotFilter = coreConfig.getRemoteConfiguration().getNetwork().getEsyncCotFilter();
-				
+			if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isEsyncEnableCotFilter()) {
+				String cotFilter = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEsyncCotFilter();
+
 				try {
 					content = syncService.getContentByHash(metadata.getHash(), remoteUtil.bitVectorToString(RemoteUtil.getInstance().getBitVectorForGroups(groups)));
 				} catch (SQLException | NamingException e) {
 					logger.error("exception fetching content for file " + metadata.getHash() + " - not federating this file");
 					return;
 				}
-				
+
 				if (cotFilter != null && cotFilter.length() > 0) {
-					
+
 					if (content == null || content.length == 0) {
 						logger.warn("not trying to federate empty file");
 						return;
 					}
-					
+
 					content = DataPackageFileBlocker.blockCoT(metadata, content, cotFilter);
 					if (content == null) {
 						if (logger.isDebugEnabled()) {  // i.e., the content was blocked
@@ -521,7 +521,7 @@ public void insertResource(Metadata metadata, InputStream contentStream, Navigab
 				logger.error("exception fetching content for file " + metadata.getHash() + " - not federating this file");
 				return;
 			}
-			String fileExt = coreConfig.getRemoteConfiguration().getFederation().getFileFilter().getFileExtension().get(0).trim().toLowerCase();
+			String fileExt = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFileFilter().getFileExtension().get(0).trim().toLowerCase();
 			try {
 				byte[] filteredContent = DataPackageFileBlocker.blockResourceContent(metadata, content, fileExt);
 				if (filteredContent != null) {
@@ -548,7 +548,7 @@ public void insertResource(Metadata metadata, InputStream contentStream, Navigab
 	@Override
 	public void updateMetadata(String hash, String key, String value, NavigableSet<Group> groups) {
 
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
 
@@ -558,14 +558,14 @@ public void updateMetadata(String hash, String key, String value, NavigableSet<G
 			logger.error("exception federating enterprise sync update resource", e);
 		}
 	}
-	
+
 	@Override
 	public void setExpiration(String missionName, Long expiration, NavigableSet<Group> groups) {
-		
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		
+
 		try {
 			MissionExpiration missionExpiration = new MissionExpiration();
 			missionExpiration.setMissionName(missionName);
@@ -587,16 +587,16 @@ public void setExpiration(String missionName, Long expiration, NavigableSet<Grou
 			}
 		}
 	}
-	
+
 	@Override
 	public void addMissionLayer(MissionUpdateDetailsForMissionLayer missionUpdateDetailsForMissionLayer, NavigableSet<Group> groups) {
-		
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		
+
 		try {
-			
+
 			fedMgr.submitMissionFederateROL(malrc.addMissionLayerToROL(missionUpdateDetailsForMissionLayer), groups, missionUpdateDetailsForMissionLayer.getMission().getName());
 
 		} catch (Exception e) {
@@ -605,14 +605,14 @@ public void addMissionLayer(MissionUpdateDetailsForMissionLayer missionUpdateDet
 			}
 		}
 	}
-	
+
 	@Override
 	public void deleteMissionLayer(MissionUpdateDetailsForMissionLayer missionUpdateDetailsForMissionLayer, NavigableSet<Group> groups) {
 
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		 
+
 		try {
 
 			if (logger.isDebugEnabled()) {
@@ -620,90 +620,90 @@ public void deleteMissionLayer(MissionUpdateDetailsForMissionLayer missionUpdate
 			}
 
 			fedMgr.submitMissionFederateROL(malrc.deleteMissionLayerToROL(missionUpdateDetailsForMissionLayer), groups, missionUpdateDetailsForMissionLayer.getMission().getName());
-			
+
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("exception constructing or sending deleteMissionLayer federated ROL", e);
 			}
-		}	
-		
+		}
+
 	}
-	
+
 	@Override
 	public void addMapLayerToMission(MissionUpdateDetailsForMapLayer missionUpdateDetailsForMapLayer, NavigableSet<Group> groups) {
-		
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		
-		try { 
-			
+
+		try {
+
 			fedMgr.submitMissionFederateROL(malrc.addMapLayerToMissionToROL(missionUpdateDetailsForMapLayer), groups, missionUpdateDetailsForMapLayer.getMission().getName());
-			
+
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("exception constructing or sending addMapLayer federated ROL", e);
 			}
 		}
-		
+
 	}
-	
+
 	@Override
 	public void updateMapLayer(MissionUpdateDetailsForMapLayer missionUpdateDetailsForMapLayer, NavigableSet<Group> groups) {
-		
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		
+
 		try {
-			
+
 			fedMgr.submitMissionFederateROL(malrc.updateMapLayerToROL(missionUpdateDetailsForMapLayer), groups, missionUpdateDetailsForMapLayer.getMission().getName());
-			
+
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("exception constructing or sending updateMapLayer federated ROL", e);
 			}
 		}
 	}
-	
+
 	@Override
 	public void removeMapLayerFromMission(MissionUpdateDetailsForMapLayer missionUpdateDetailsForMapLayer, NavigableSet<Group> groups) {
-		
-		if (!(coreConfig.getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
+
+		if (!(CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isAllowMissionFederation())) {
 			return;
 		}
-		
-		try { 
-			
+
+		try {
+
 			fedMgr.submitMissionFederateROL(malrc.removeMapLayerFromMissionToROL(missionUpdateDetailsForMapLayer), groups, missionUpdateDetailsForMapLayer.getMission().getName());
-			
+
 		} catch (Exception e) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("exception constructing or sending updateMapLayer federated ROL", e);
 			}
 		}
-		
+
 	}
 
 	private boolean isBlockedFileEnabled() {
-		String fileExt = coreConfig.getRemoteConfiguration().getFederation().getFileFilter().getFileExtension().get(0).trim().toLowerCase();
-		return (coreConfig.getRemoteConfiguration().getFederation().isEnableDataPackageAndMissionFileFilter() &&
+		String fileExt = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().getFileFilter().getFileExtension().get(0).trim().toLowerCase();
+		return (CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isEnableDataPackageAndMissionFileFilter() &&
 				(! fileExt.isEmpty()));
 	}
 
 	private boolean isMissionAllowed(String tool) {
 		tool = tool == null ? "public" : tool;
-		boolean onlyFederatePublic = coreConfig.getRemoteConfiguration().getFederation().isFederateOnlyPublicMissions();
-		boolean isVBM = coreConfig.getRemoteConfiguration().getVbm().isEnabled();
-		
-		// federate all missions		
+		boolean onlyFederatePublic = CoreConfigFacade.getInstance().getRemoteConfiguration().getFederation().isFederateOnlyPublicMissions();
+		boolean isVBM = CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled();
+
+		// federate all missions
 		if (!onlyFederatePublic) return true;
-		
+
 		else if (tool.equals("public")) {
 			return true;
-		} 
+		}
 		// if tool == cop attribute, always allow if vbm is enabled
-		else if(tool.equals(coreConfig.getRemoteConfiguration().getNetwork().getMissionCopTool())) {
+		else if (tool.equals(CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getMissionCopTool())) {
 			return isVBM;
 		}
 		// disallow if no conditions are met
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/Caveat.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/Caveat.java
index 1606c093..60dcceec 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/Caveat.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/Caveat.java
@@ -5,8 +5,8 @@
 import com.google.common.collect.ComparisonChain;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import javax.persistence.*;
-import javax.xml.bind.annotation.XmlTransient;
+import jakarta.persistence.*;
+import jakarta.xml.bind.annotation.XmlTransient;
 import java.io.Serializable;
 
 @Entity
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/Classification.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/Classification.java
index 754a4ad8..2fb984a1 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/Classification.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/Classification.java
@@ -5,9 +5,9 @@
 import com.google.common.collect.ComparisonChain;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import javax.persistence.*;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
+import jakarta.persistence.*;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlTransient;
 import java.io.Serializable;
 import java.util.Set;
 import java.util.concurrent.ConcurrentSkipListSet;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionChangeUtils.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionChangeUtils.java
deleted file mode 100644
index 34860c1a..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionChangeUtils.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright (c) 2013-2016 Raytheon BBN Technologies. Licensed to US Government with unlimited rights.
- */
-
-package com.bbn.marti.sync.model;
-
-import java.util.Set;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.bbn.marti.maplayer.model.MapLayer;
-import com.bbn.marti.sync.service.MissionService;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-
-public class MissionChangeUtils {
-    
-    private static MissionService missionService;
-    
-    private static MissionService missionService() {
-    	if (missionService == null) {
-    		synchronized (ResourceUtils.class) {
-    			if (missionService == null) {
-    				missionService = SpringContextBeanForApi.getSpringContext().getBean(MissionService.class);
-    			}
-    		}
-    	}
-    	
-    	return missionService;
-    }
-
-    protected static final Logger logger = LoggerFactory.getLogger(MissionChangeUtils.class);
-
-    private static UidDetails findUidDetails(MissionChange missionChange) {
-
-        if (missionChange.getContentUid() != null && missionChange.getTimestamp() != null)   { // FIXME: Why this one check getTimestamp(), but the below use Server time???) 
-            try {
-            	UidDetails uidDetails = missionChange.getUidDetails();
-                if (uidDetails == null) {
-                    uidDetails = new UidDetails();
-                	
-                	if (missionService() == null) {
-                		logger.error("missionService is null");
-                	}
-                	
-                    missionService().hydrate(uidDetails, missionChange.getContentUid(), missionChange.getServerTime());
-                    missionChange.setUidDetails(uidDetails);
-                }
-                return uidDetails;
-            } catch (Exception e) {
-                logger.debug("Exception in findUidDetails!", e);
-            }
-        }
-        return null;
-    }
-    
-    public static void findAndSetUidDetails(MissionChange missionChange) {
-    	UidDetails uidDetails = findUidDetails(missionChange);
-    	missionChange.setUidDetails(uidDetails);
-    }
-
-    private static MissionFeed findMissionFeed(MissionChange missionChange) {
-    	String missionFeedUid = missionChange.getMissionFeedUid();
-        if (missionFeedUid != null) {
-        	
-        	if (missionService() == null) {
-        		logger.error("missionService is null");
-        	}
-        	
-            MissionFeed missionFeed =  missionService().getMissionFeed(missionFeedUid);
-            if (missionFeed == null) {
-                missionFeed = new MissionFeed();
-                missionFeed.setUid(missionFeedUid);
-            }
-            
-            MissionFeedUtils.findAndSetNameForMissionFeed(missionFeed);
-            
-            return missionFeed;
-        }
-
-        return null;
-    }
-
-    public static void findAndSetMissionFeed(MissionChange missionChange) {
-    	MissionFeed missionFeed = findMissionFeed(missionChange);
-    	missionChange.setMissionFeed(missionFeed);
-    }
-    
-    private static MapLayer findMapLayer(MissionChange missionChange) {
-        try {
-        	String mapLayerUid = missionChange.getMapLayerUid();
-            if (mapLayerUid != null) {
-            	
-            	if (missionService() == null) {
-            		logger.error("missionService is null");
-            	}
-            	
-                MapLayer mapLayer = missionService().getMapLayer(mapLayerUid);
-                if (mapLayer == null) {
-                    mapLayer = new MapLayer();
-                    mapLayer.setUid(mapLayerUid);
-                }
-
-                return mapLayer;
-            }
-        } catch (Exception e) {
-            logger.error("exception in findMapLayer", e);
-        }
-
-        return null;
-    }
-    
-    public static void findAndSetMapLayer(MissionChange missionChange) {
-    	MapLayer mapLayer = findMapLayer(missionChange);
-    	missionChange.setMapLayer(mapLayer);
-    }
-    
-    private static ExternalMissionData findExternalMissionData(MissionChange missionChange) {
-    	
-    	if (missionService() == null) {
-    		logger.error("missionService is null");
-    	}
-
-        if (missionChange.getExternalDataUid() != null && missionChange.getExternalDataName()!= null
-                && missionChange.getExternalDataTool()!= null && missionChange.getExternalDataNotes() != null){
-        	ExternalMissionData externalMissionData = missionService().hydrate(
-            		missionChange.getExternalDataUid(), missionChange.getExternalDataName(), missionChange.getExternalDataTool(), missionChange.getExternalDataToken(), missionChange.getExternalDataNotes());
-        	return  externalMissionData;
-        }
-
-        return null;
-    }
-    
-    public static void findAndSetExternalMissionData(MissionChange missionChange) {
-    	ExternalMissionData externalMissionData = findExternalMissionData(missionChange);
-    	missionChange.setExternalMissionData(externalMissionData);
-    }
-
-    public static Resource findContentResource(MissionChange missionChange) {
-
-        Resource resource = null;
-
-        if (missionChange.getContentHash() != null) {
-
-            try {
-                resource = ResourceUtils.fetchResourceByHash(missionChange.getContentHash());
-               
-            } catch (Exception e) {
-                logger.debug("exception fetching resource by hash " + e.getMessage(), e);
-            }
-            
-            // in case the resource has been deleted, just capture the hash
-            if (resource == null) {
-                resource = new Resource();
-                resource.setHash(missionChange.getContentHash());
-                resource.setCreatorUid(null);
-                resource.setFilename(null);
-                resource.setId(null);
-                resource.setKeywords(null);
-                resource.setMimeType(null);
-                resource.setName(null);
-                resource.setSubmissionTime(null);
-                resource.setSize(null);
-                resource.setSubmitter(null);
-                resource.setUid(null);
-            }
-        }
-
-        return resource;
-
-    }
-    
-    public static void findAndSetContentResource(MissionChange missionChange) {
-    	Resource resource = findContentResource(missionChange);
-    	missionChange.setContentResource(resource);
-    }
-    
-	public static void findAndSetTransientValuesForMissionChange(MissionChange missionChange) {
-		
-		findAndSetContentResource(missionChange);
-		findAndSetUidDetails(missionChange);
-		findAndSetMissionFeed(missionChange);
-		findAndSetMapLayer(missionChange);
-        findAndSetExternalMissionData(missionChange);
-
-	}
-}
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionChanges.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionChanges.java
index f42f7f18..e1b6b4fb 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionChanges.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionChanges.java
@@ -3,10 +3,10 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
 import javax.xml.transform.stream.StreamResult;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionFeedUtils.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionFeedUtils.java
deleted file mode 100644
index ff4a1b6f..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionFeedUtils.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package com.bbn.marti.sync.model;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.bbn.marti.sync.service.MissionService;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
-
-import tak.server.feeds.DataFeedDTO;
-
-public class MissionFeedUtils {
-
-    protected static final Logger logger = LoggerFactory.getLogger(MissionFeedUtils.class);
-
-    private static MissionService missionService;
-    
-    private static MissionService missionService() {
-    	if (missionService == null) {
-    		synchronized (ResourceUtils.class) {
-    			if (missionService == null) {
-    				missionService = SpringContextBeanForApi.getSpringContext().getBean(MissionService.class);
-    			}
-    		}
-    	}
-    	
-    	return missionService;
-    }
-
-    private static String findName(MissionFeed missionFeed) {
-    	if (missionFeed.getDataFeedUid() == null) {
-    		return null;
-    	}
-    	
-    	if (missionService() == null) {
-    		logger.error("missionService is null");
-    	}
-        DataFeedDTO dataFeedDao = missionService().getDataFeed(missionFeed.getDataFeedUid());
-        if (dataFeedDao != null) {
-            return dataFeedDao.getName();
-        }
-        return null;
-    }
-    
-    public static void findAndSetNameForMissionFeed(MissionFeed missionFeed) {
-        
-    	String missionFeedName = findName(missionFeed);
-        missionFeed.setName(missionFeedName);
-        
-    }
-
-}
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionInvitation.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionInvitation.java
index 54af615e..0c07304b 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionInvitation.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionInvitation.java
@@ -3,16 +3,16 @@
 import java.io.Serializable;
 import java.util.Date;
 
-import javax.persistence.Cacheable;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.ManyToOne;
-import javax.persistence.Table;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionSubscription.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionSubscription.java
index 34dfe999..0219a101 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionSubscription.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionSubscription.java
@@ -1,6 +1,14 @@
 package com.bbn.marti.sync.model;
 
-import javax.persistence.*;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
 import java.util.Date;
 
 import com.fasterxml.jackson.annotation.JsonFormat;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionUtils.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionUtils.java
deleted file mode 100644
index c4eb26c1..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/MissionUtils.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package com.bbn.marti.sync.model;
-
-import java.util.Set;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class MissionUtils {
-	
-    private static final Logger logger = LoggerFactory.getLogger(MissionUtils.class);
-
-	public static void findAndSetTransientValuesForMission(Mission mission) {
-	
-		Set<MissionFeed> feeds  = mission.getFeeds();
-
-		if (feeds != null) {
-			for (MissionFeed feed: feeds) {
-				MissionFeedUtils.findAndSetNameForMissionFeed(feed);
-			}
-		}
-		
-		Set<MissionChange> missionChanges = mission.getMissionChanges();
-				
-		if (missionChanges != null) {
-			
-	        for (MissionChange missionChange: missionChanges) {
-				MissionChangeUtils.findAndSetTransientValuesForMissionChange(missionChange);
-	        }
-	        
-		}
-		
-	}
-}
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/ResourceUtils.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/ResourceUtils.java
index 40c53381..87b85fa4 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/ResourceUtils.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/model/ResourceUtils.java
@@ -9,7 +9,7 @@
 import com.bbn.marti.remote.exception.NotFoundException;
 import com.bbn.marti.sync.repository.ResourceRepository;
 import com.bbn.marti.sync.service.MissionService;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 public class ResourceUtils{
     
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/CaveatRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/CaveatRepository.java
deleted file mode 100644
index 3c5771c7..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/CaveatRepository.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package com.bbn.marti.sync.repository;
-
-import com.bbn.marti.sync.model.Caveat;
-import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.Modifying;
-import org.springframework.data.jpa.repository.Query;
-import org.springframework.data.repository.query.Param;
-import org.springframework.transaction.annotation.Transactional;
-
-public interface CaveatRepository extends JpaRepository<Caveat, Long> {
-	
-	@Transactional
-	@Modifying
-	@Query(value = "delete from classification_caveat where caveat_id = :caveat_id", nativeQuery = true)
-	void unlinkAllClassifications(@Param("caveat_id") long caveat_id);
-	
-	@Transactional
-	Long deleteByName(String name);
-	
-	Caveat findByName(String name);
-}
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/ClassificationRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/ClassificationRepository.java
deleted file mode 100644
index 7f1f265f..00000000
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/ClassificationRepository.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package com.bbn.marti.sync.repository;
-
-import com.bbn.marti.sync.model.Classification;
-import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.Modifying;
-import org.springframework.data.jpa.repository.Query;
-import org.springframework.data.repository.query.Param;
-import org.springframework.transaction.annotation.Transactional;
-
-public interface ClassificationRepository extends JpaRepository<Classification, Long> {
-	
-//	@Transactional
-//	Long deleteByLevel(String level);
-	
-	@Transactional
-	@Modifying
-	@Query(value = "delete from classification where id = :classification_id", nativeQuery = true)
-	void deleteClassificationOnly(@Param("classification_id") long classification_id);
-	
-	Classification findByLevel(String level);
-	
-	@Transactional
-	@Modifying
-	@Query(value = "delete from classification_caveat where classification_id = :classification_id", nativeQuery = true)
-	void unlinkAllCaveats(@Param("classification_id") long classification_id);
-	
-	@Transactional
-	@Modifying
-	@Query(value = "insert into classification_caveat(classification_id, caveat_id) values (:classification_id, :caveat_id)", nativeQuery = true)
-	void linkCaveat(@Param("classification_id") long classification_id, @Param("caveat_id") long caveat_id);
-
-}
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/DataFeedRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/DataFeedRepository.java
index b96887d4..322c0f5f 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/DataFeedRepository.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/DataFeedRepository.java
@@ -109,7 +109,7 @@ Long updateDataFeedWithGroupVector(@Param("uuid") String uuid, @Param("name") St
 
     @CacheEvict(value = Constants.DATA_FEED_CACHE, allEntries = true)
     @Query(value = "SELECT count(*) FROM insert_data_feed_tags(:id, :tags);", nativeQuery = true)
-    Long addDataFeedTags(@Param("id") Long id, @Param("tags") List<String> tags);
+    Long addDataFeedTags(@Param("id") Long id, @Param("tags") String tags[]);
 
     @CacheEvict(value = Constants.DATA_FEED_CACHE, allEntries = true)
     @Query(value = "delete from data_feed_tag where data_feed_id = :data_feed_id returning data_feed_id", nativeQuery = true)
@@ -120,8 +120,8 @@ Long updateDataFeedWithGroupVector(@Param("uuid") String uuid, @Param("name") St
 
     @CacheEvict(value = Constants.DATA_FEED_CACHE, allEntries = true)
     @Query(value = "SELECT count(*) FROM insert_data_feed_filter_groups(:id, :filterGroups);", nativeQuery = true)
-    Long addDataFeedFilterGroups(@Param("id") Long id, @Param("filterGroups") List<String> filterGroups);
-    
+    Long addDataFeedFilterGroups(@Param("id") Long id, @Param("filterGroups") String filterGroups[]);
+
     @CacheEvict(value = Constants.DATA_FEED_CACHE, allEntries = true)
     @Query(value = "delete from data_feed_filter_group where data_feed_id = :data_feed_id returning data_feed_id", nativeQuery = true)
     List<Long> removeAllDataFeedFilterGroupsById(@Param("data_feed_id") Long id);
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/FederationEventRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/FederationEventRepository.java
index d8038347..ec035049 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/FederationEventRepository.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/FederationEventRepository.java
@@ -3,7 +3,7 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.persistence.Tuple;
+import jakarta.persistence.Tuple;
 
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Query;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionChangeRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionChangeRepository.java
index 71b46d3e..aa799f60 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionChangeRepository.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionChangeRepository.java
@@ -19,7 +19,7 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
     static final String START_END_PRED = "\nand servertime between :start and :end\n";
 
     static final String MISSION_CREATES_AND_DELETES =
-            "select id, false as remote_federated_change, change_type, hash, ts, servertime, uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid\n" +
+            "select id, remote_federated_change, change_type, hash, ts, servertime, uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid\n" +
                     "from mission_change mc\n" +
                     "where mc.mission_id = :missionId\n" +
                     "and change_type between 0 and 1\n" + // mission create and delete change types
@@ -27,7 +27,7 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     START_END_PRED;
 
     static final String HASH_ADDS =
-            "select max(mc.id) as id, false as remote_federated_change, 2 as change_type, mc.hash as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
+            "select max(mc.id) as id, mc.remote_federated_change as remote_federated_change, 2 as change_type, mc.hash as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
                     "from mission_change mc \n" +
                     "inner join resource r on mc.hash = r.hash\n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
@@ -37,10 +37,10 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     "and mc.mission_id = :missionId\n" +
                     "and mc.ts >= m.create_time\n" +
                     START_END_PRED +
-                    "group by mc.hash, mc.creatoruid, mc.mission_id, mc.mission_name\n";
+                    "group by mc.hash, mc.creatoruid, mc.mission_id, mc.mission_name, mc.remote_federated_change\n";
 
     static final String HASH_ADDS_FULL_HISTORY =
-            "select mc.id as id, false as remote_federated_change, 2 as change_type, mc.hash as hash, mc.ts as ts, mc.servertime as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
+            "select mc.id as id, mc.remote_federated_change as remote_federated_change, 2 as change_type, mc.hash as hash, mc.ts as ts, mc.servertime as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
                     "from mission_change mc \n" +
                     "inner join resource r on mc.hash = r.hash\n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
@@ -52,7 +52,7 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     START_END_PRED;
 
     static final String HASH_REMOVES =
-            "select max(mc.id) as id, false as remote_federated_change, 3 as change_type, mc.hash as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
+            "select max(mc.id) as id, mc.remote_federated_change as remote_federated_change, 3 as change_type, mc.hash as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
                     "from mission_change mc \n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     "left join mission_resource mr on mc.hash = mr.resource_hash and mr.mission_id = m.id\n" + // inverse of the add content case
@@ -63,10 +63,10 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     "and mc.mission_id = :missionId\n" +
                     "and mc.ts >= m.create_time\n" +
                     START_END_PRED +
-                    "group by mc.hash, mc.change_type, mc.creatoruid, mc.mission_id, mc.mission_name\n";
+                    "group by mc.hash, mc.change_type, mc.creatoruid, mc.mission_id, mc.mission_name, mc.remote_federated_change\n";
 
     static final String HASH_REMOVES_FULL_HISTORY =
-            "select mc.id as id, false as remote_federated_change, 3 as change_type, mc.hash as hash, mc.ts as ts, mc.servertime as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
+            "select mc.id as id, mc.remote_federated_change as remote_federated_change, 3 as change_type, mc.hash as hash, mc.ts as ts, mc.servertime as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
                     "from mission_change mc \n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     "left join mission_resource mr on mc.hash = mr.resource_hash and mr.mission_id = m.id\n" + // inverse of the add content case
@@ -78,7 +78,7 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     START_END_PRED;
 
     static final String UID_ADDS =
-            "select max(mc.id) as id, false as remote_federated_change, 2 as change_type, null as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, mc.uid as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
+            "select max(mc.id) as id, mc.remote_federated_change as remote_federated_change, 2 as change_type, null as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, mc.uid as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
                     "from mission_change mc\n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     "inner join mission_uid mu on mc.uid = mu.uid and mu.mission_id = m.id\n" +
@@ -87,10 +87,10 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     "and m.id = :missionId\n" +
                     "and mc.ts >= m.create_time\n" +
                     START_END_PRED +
-                    "group by mc.uid, mc.creatoruid, m.id, mc.mission_name\n";
+                    "group by mc.uid, mc.creatoruid, m.id, mc.mission_name, mc.remote_federated_change\n";
 
     static final String UID_ADDS_FULL_HISTORY =
-            "select mc.id as id, false as remote_federated_change, 2 as change_type, null as hash, mc.ts as ts, mc.servertime as servertime, mc.uid as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
+            "select mc.id as id, mc.remote_federated_change as remote_federated_change, 2 as change_type, null as hash, mc.ts as ts, mc.servertime as servertime, mc.uid as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
                     "from mission_change mc\n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     "left join mission_uid mu on mc.uid = mu.uid and mu.mission_id = m.id\n" +
@@ -102,7 +102,7 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     START_END_PRED;
 
     static final String UID_REMOVES =
-            "select max(mc.id) as id, false as remote_federated_change, 3 as change_type, null as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, mc.uid as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
+            "select max(mc.id) as id, mc.remote_federated_change as remote_federated_change, 3 as change_type, null as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, mc.uid as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
                     "from mission_change mc\n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     "left join mission_uid mu on mc.uid = mu.uid and mu.mission_id = m.id\n" +
@@ -113,10 +113,10 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     "and mu.uid is null\n" +
                     "and mc.ts >= m.create_time\n" +
                     START_END_PRED +
-                    "group by mc.uid, mc.creatoruid, m.id, mc.mission_name\n";
+                    "group by mc.uid, mc.creatoruid, m.id, mc.mission_name, mc.remote_federated_change\n";
 
     static final String UID_REMOVES_FULL_HISTORY =
-            "select mc.id as id, false as remote_federated_change, 3 as change_type, null as hash, mc.ts as ts, mc.servertime as servertime, mc.uid as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
+            "select mc.id as id, mc.remote_federated_change as remote_federated_change, 3 as change_type, null as hash, mc.ts as ts, mc.servertime as servertime, mc.uid as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, null as external_data_uid, null as external_data_name, null as external_data_tool, null as external_data_token, null as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
                     "from mission_change mc\n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     "left join mission_uid mu on mc.uid = mu.uid and mu.mission_id = m.id\n" +
@@ -128,7 +128,7 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     START_END_PRED;
 
     static final String EXTERNAL_DATA_ADDS =
-            "select max(mc.id) as id, false as remote_federated_change, 2 as change_type, null as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, mc.external_data_uid as external_data_uid, mc.external_data_name as external_data_name, mc.external_data_tool as external_data_tool, mc.external_data_token as external_data_token, mc.external_data_notes as external_data_notes, null as mission_feed_uid, null as map_layer_uid  \n" +
+            "select max(mc.id) as id, mc.remote_federated_change as remote_federated_change, 2 as change_type, null as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, mc.external_data_uid as external_data_uid, mc.external_data_name as external_data_name, mc.external_data_tool as external_data_tool, mc.external_data_token as external_data_token, mc.external_data_notes as external_data_notes, null as mission_feed_uid, null as map_layer_uid  \n" +
                     "from mission_change mc \n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     "left join mission_external_data med on med.id = mc.external_data_uid and med.mission_id = m.id\n" + //this join needs two criteria in the case of multiple missions and the same resource / or same hash different resource row
@@ -138,10 +138,10 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     "and m.id = :missionId\n" +
                     "and mc.ts >= m.create_time\n" +
                     START_END_PRED +
-                    "group by mc.external_data_uid, mc.external_data_token, mc.external_data_name, mc.external_data_tool, mc.external_data_notes, mc.creatoruid, m.id, mc.mission_name\n";
+                    "group by mc.external_data_uid, mc.external_data_token, mc.external_data_name, mc.external_data_tool, mc.external_data_notes, mc.creatoruid, m.id, mc.mission_name, mc.remote_federated_change\n";
 
     static final String EXTERNAL_DATA_REMOVES =
-            "select max(mc.id) as id, false as remote_federated_change, 3 as change_type, null as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, mc.external_data_uid as external_data_uid, mc.external_data_name as external_data_name, mc.external_data_tool as external_data_tool, mc.external_data_token as external_data_token, mc.external_data_notes as external_data_notes, null as mission_feed_uid, null as map_layer_uid  \n" +
+            "select max(mc.id) as id, mc.remote_federated_change as remote_federated_change, 3 as change_type, null as hash, max(mc.ts) as ts, max(mc.servertime) as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, mc.external_data_uid as external_data_uid, mc.external_data_name as external_data_name, mc.external_data_tool as external_data_tool, mc.external_data_token as external_data_token, mc.external_data_notes as external_data_notes, null as mission_feed_uid, null as map_layer_uid  \n" +
                     "from mission_change mc \n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     //"left join mission_external_data med on med.id = mc.external_data_uid and med.mission_id = m.id\n" + //this join needs two criteria in the case of multiple missions and the same resource / or same hash different resource row
@@ -151,11 +151,11 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     "and m.id = :missionId\n" +
                     "and mc.ts >= m.create_time\n" +
                     START_END_PRED +
-                    "group by mc.external_data_uid, mc.external_data_token, mc.external_data_name, mc.external_data_tool, mc.external_data_notes, mc.creatoruid, m.id, mc.mission_name\n";
+                    "group by mc.external_data_uid, mc.external_data_token, mc.external_data_name, mc.external_data_tool, mc.external_data_notes, mc.creatoruid, m.id, mc.mission_name, mc.remote_federated_change\n";
 
 
     static final String EXTERNAL_DATA_ADDS_FULL_HISTORY =
-            "select mc.id as id, false as remote_federated_change, 2 as change_type, null as hash, mc.ts as ts, mc.servertime as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, mc.external_data_uid as external_data_uid, mc.external_data_name as external_data_name, mc.external_data_tool as external_data_tool, mc.external_data_token as external_data_token, mc.external_data_notes as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
+            "select mc.id as id, mc.remote_federated_change as remote_federated_change, 2 as change_type, null as hash, mc.ts as ts, mc.servertime as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, mc.external_data_uid as external_data_uid, mc.external_data_name as external_data_name, mc.external_data_tool as external_data_tool, mc.external_data_token as external_data_token, mc.external_data_notes as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
                     "from mission_change mc \n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     "left join mission_external_data med on med.id = mc.external_data_uid and med.mission_id = m.id\n" + //this join needs two criteria in the case of multiple missions and the same resource / or same hash different resource row
@@ -167,7 +167,7 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     START_END_PRED;
 
     static final String EXTERNAL_DATA_REMOVES_FULL_HISTORY =
-            "select mc.id as id, false as remote_federated_change, 3 as change_type, null as hash, mc.ts as ts, mc.servertime as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, mc.external_data_uid as external_data_uid, mc.external_data_name as external_data_name, mc.external_data_tool as external_data_tool, mc.external_data_token as external_data_token, mc.external_data_notes as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
+            "select mc.id as id, mc.remote_federated_change as remote_federated_change, 3 as change_type, null as hash, mc.ts as ts, mc.servertime as servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, mc.external_data_uid as external_data_uid, mc.external_data_name as external_data_name, mc.external_data_tool as external_data_tool, mc.external_data_token as external_data_token, mc.external_data_notes as external_data_notes, null as mission_feed_uid, null as map_layer_uid \n" +
                     "from mission_change mc \n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     //"left join mission_external_data med on med.id = mc.external_data_uid and med.mission_id = m.id\n" + //this join needs two criteria in the case of multiple missions and the same resource / or same hash different resource row
@@ -179,7 +179,7 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     START_END_PRED;
 
     static final String MAP_LAYERS =
-            "select mc.id as id, remote_federated_change, change_type, null as hash, ts, servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, external_data_uid, external_data_name, external_data_tool, external_data_token, external_data_notes, mission_feed_uid, map_layer_uid \n" +
+            "select mc.id as id, mc.remote_federated_change as remote_federated_change, change_type, null as hash, ts, servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, external_data_uid, external_data_name, external_data_tool, external_data_token, external_data_notes, mission_feed_uid, map_layer_uid \n" +
                     "from mission_change mc \n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     "where \n" +
@@ -190,7 +190,7 @@ public interface MissionChangeRepository extends JpaRepository<MissionChange, Lo
                     START_END_PRED;
     
     static final String MISSION_FEEDS =
-            "select mc.id as id, remote_federated_change, change_type, null as hash, ts, servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, external_data_uid, external_data_name, external_data_tool, external_data_token, external_data_notes, mission_feed_uid, map_layer_uid \n" +
+            "select mc.id as id, mc.remote_federated_change as remote_federated_change, change_type, null as hash, ts, servertime, null as uid, mc.creatoruid as creatoruid, null as mission_id, mc.mission_name as mission_name, to_timestamp(0) as mission_createTime, external_data_uid, external_data_name, external_data_tool, external_data_token, external_data_notes, mission_feed_uid, map_layer_uid \n" +
                     "from mission_change mc \n" +
                     "inner join mission m on mc.mission_id = m.id\n" +
                     "where \n" +
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionInvitationRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionInvitationRepository.java
index cf4eb8ab..445b3837 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionInvitationRepository.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionInvitationRepository.java
@@ -10,13 +10,9 @@
 
 public interface MissionInvitationRepository extends JpaRepository<MissionInvitation, String> {
 
-//    List<MissionInvitation> findAllByMissionNameIgnoreCase(String missionName);
-    
     List<MissionInvitation> findAllByMissionId(Long missionId);
-
     
     MissionInvitation findByToken(String token);
-//    MissionInvitation findByMissionNameAndTypeAndInvitee(String missionName, String type, String invitee);
 
     MissionInvitation findByMissionIdAndTypeAndInvitee(Long missionId, String type, String invitee);
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionRepository.java
index 07486fef..7dd193b7 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionRepository.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionRepository.java
@@ -4,19 +4,16 @@
 import java.util.List;
 import java.util.UUID;
 
-import org.springframework.cache.annotation.Cacheable;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
-import org.springframework.data.domain.Sort;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
+import org.springframework.transaction.annotation.Transactional;
 
 import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.sync.model.Mission;
-import com.bbn.marti.sync.model.Resource;
-
-import tak.server.cache.MissionCacheResolver;
 
 public interface MissionRepository extends JpaRepository<Mission, Long> {
 	
@@ -25,19 +22,11 @@ public interface MissionRepository extends JpaRepository<Mission, Long> {
     @Query(value = missionAttributes + " from mission where lower(name) = lower(:name) order by id desc limit 1", nativeQuery = true)
     Mission getByNameNoCache(@Param("name") String name);
 
-    @Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER,  key="{#root.args[0] + '-byGuid'}", sync = true)
-    @Query(value = missionAttributes + " from mission where lower(name) = lower(:name) order by id desc limit 1", nativeQuery = true)
-    Mission getByName(@Param("name") String name);
-    
     @Query(value = missionAttributes + " from mission where guid = :guid", nativeQuery = true)
     Mission getByGuidNoCache(@Param("guid") UUID guid);
 
-    @Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER,  key="{#root.args[0] + '-byGuid'}", sync = true)
-    @Query(value = missionAttributes + " from mission where guid = :guid", nativeQuery = true)
-    Mission getByGuid(@Param("guid") UUID missionGuid);
-
     Long findMissionIdByName(String name);
-    
+        
     void deleteByName(String name);
     
     @Query(value = "insert into mission_resource (mission_id, resource_id, resource_hash) values (:mission_id, :resource_id, :hash) returning resource_hash", nativeQuery = true)
@@ -84,10 +73,11 @@ public interface MissionRepository extends JpaRepository<Mission, Long> {
             + "delete from mission_layer cascade where mission_id = :id ;"
             + "delete from maplayer cascade where mission_id = :id ;"
             + "delete from mission_feed cascade where mission_id = :id ;"
-            + "delete from mission cascade where id = :id returning id;", nativeQuery = true)
+            + "delete from mission cascade where id = :id ;", nativeQuery = true)
+    @Modifying // necessary so that spring doesn't expect a result from the query
+    @Transactional
     void deleteMission(@Param("id") Long missionId);
 
-    @Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, key="{#root.methodName, #root.args[0]}")
     @Query(value = "select uid from mission_uid mu inner join mission m on m.id = mu.mission_id where lower(m.name) = lower(?)", nativeQuery = true)
     List<String> getMissionUids(String missionName);
     
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionRoleRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionRoleRepository.java
index 58d8d015..a4c098f9 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionRoleRepository.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionRoleRepository.java
@@ -1,15 +1,11 @@
 package com.bbn.marti.sync.repository;
 
-import org.springframework.cache.annotation.Cacheable;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Query;
 
 import com.bbn.marti.sync.model.MissionRole;
 
-import tak.server.Constants;
-
 public interface MissionRoleRepository extends JpaRepository<MissionRole, String> {
-    @Cacheable(value = Constants.MISSION_ROLE_CACHE)
     MissionRole findFirstByRole(MissionRole.Role role);
     
     @Query(value = "select role from role where id = :roleId", nativeQuery = true)
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionSubscriptionRepository.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionSubscriptionRepository.java
index ce5a6edc..ecf6c2ad 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionSubscriptionRepository.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/repository/MissionSubscriptionRepository.java
@@ -1,17 +1,18 @@
 package com.bbn.marti.sync.repository;
 
-import com.bbn.marti.sync.model.MissionSubscription;
+import java.util.Date;
+import java.util.List;
+
 import org.springframework.cache.annotation.CacheEvict;
-import org.springframework.cache.annotation.Cacheable;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
 import org.springframework.transaction.annotation.Transactional;
-import tak.server.Constants;
 
-import java.util.Date;
-import java.util.List;
+import com.bbn.marti.sync.model.MissionSubscription;
+
+import tak.server.Constants;
 
 public interface MissionSubscriptionRepository extends JpaRepository<MissionSubscription, String> {
 
@@ -39,37 +40,30 @@ void subscribe(@Param("missionId") long missionId, @Param("clientUid") String cl
 
     @Query(value = "select ms.uid, ms.token, null as mission_id, ms.client_uid, ms.username,  ms.create_time, ms.role_id from mission m " +
             "inner join mission_subscription ms on m.id = ms.mission_id where ms.client_uid = :clientUid and lower(m.name) = lower(:missionName)", nativeQuery = true)
-    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
     MissionSubscription findByMissionNameAndClientUidNoMission(@Param("missionName") String missionName, @Param("clientUid") String clientUid);
 
     @Query(value = "select ms.uid, ms.token, null as mission_id, ms.client_uid, ms.username,  ms.create_time, ms.role_id from mission m " +
             "inner join mission_subscription ms on m.id = ms.mission_id where ms.user_name = :username and lower(m.name) = lower(:missionName)", nativeQuery = true)
-    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
     MissionSubscription findByMissionNameAndUsernameNoMission(@Param("missionName") String missionName, @Param("username") String username);
 
-    @Query(value = "select ms.uid, ms.username, ms.token, null as mission_id, ms.client_uid, ms.username, ms.create_time, ms.role_id from mission m " +
+    @Query(value = "select ms.uid, ms.token, null as mission_id, ms.client_uid, ms.username, ms.create_time, ms.role_id from mission m " +
             "inner join mission_subscription ms on m.id = ms.mission_id where ms.client_uid = :clientUid and ( ms.username is null or ms.username = :username ) and lower(m.name) = lower(:missionName)", nativeQuery = true)
-    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
     MissionSubscription findByMissionNameAndClientUidAndUsernameNoMission(@Param("missionName") String missionName, @Param("clientUid") String clientUid, @Param("username") String username);
 
     @Query(value = "select ms.uid, ms.token, null as mission_id, ms.client_uid, ms.username, ms.create_time, ms.role_id from mission m " +
             "inner join mission_subscription ms on m.id = ms.mission_id where lower(m.name) = lower(:missionName) and ms.uid = :uid", nativeQuery = true)
-    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
     MissionSubscription findByUidAndMissionNameNoMission(@Param("uid") String uid, @Param("missionName") String missionName);
 
     @Query(value = "select ms.uid, ms.token, null as mission_id, ms.client_uid, ms.username, ms.create_time, ms.role_id from mission m " +
             "inner join mission_subscription ms on m.id = ms.mission_id where lower(m.name) = lower(:missionName)", nativeQuery = true)
-    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
     List<MissionSubscription> findAllByMissionNameNoMission(@Param("missionName") String missionName);
 
     @Query(value = "select ms.uid, null as token, null as mission_id, ms.client_uid, ms.username, ms.create_time, ms.role_id from mission m " +
             "inner join mission_subscription ms on m.id = ms.mission_id where m.name = :missionName", nativeQuery = true)
-    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
     List<MissionSubscription> findAllByMissionNameNoMissionNoToken(@Param("missionName") String missionName);
 
     @Query(value = "select ms.uid, ms.token, m.id as mission_id, ms.client_uid, ms.username, ms.create_time, ms.role_id from mission m " +
             "inner join mission_subscription ms on m.id = ms.mission_id where m.tool = 'public' ", nativeQuery = true)
-    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
     List<MissionSubscription> findAll();
 }
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/DistributedDataFeedCotService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/DistributedDataFeedCotService.java
index bf2ead70..6da8b69b 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/DistributedDataFeedCotService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/DistributedDataFeedCotService.java
@@ -12,7 +12,7 @@
 import com.bbn.marti.remote.DataFeedCotService;
 import com.bbn.marti.sync.model.Mission;
 import com.bbn.marti.sync.model.MissionFeed;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 import tak.server.cache.DataFeedCotCacheHelper;
 import tak.server.cot.CotEventContainer;
@@ -28,7 +28,7 @@ public class DistributedDataFeedCotService implements DataFeedCotService, Servic
 	private static final long serialVersionUID = 1022295969715185278L;
 
 	private static final Logger logger = LoggerFactory.getLogger(DistributedDataFeedCotService.class);
-	
+
 	private static DistributedDataFeedCotService instance;
 	public static DistributedDataFeedCotService getInstance() {
 		if (instance == null) {
@@ -40,8 +40,8 @@ public static DistributedDataFeedCotService getInstance() {
 		}
 		return instance;
 	}
-	
-	
+
+
 	@Override
 	public void cancel(ServiceContext ctx) {
 		if (logger.isDebugEnabled()) {
@@ -62,7 +62,7 @@ public void execute(ServiceContext ctx) throws Exception {
 			logger.debug("execute method " + getClass().getSimpleName());
 		}
 	}
-	
+
 	private static MissionService missionService;
 	public static MissionService missionService() {
 		if (missionService == null) {
@@ -74,17 +74,17 @@ public static MissionService missionService() {
 		}
 		return missionService;
 	}
-	
+
 	@Override
 	public void sendLatestFeedEvents(Mission mission, MissionFeed missionFeed, List<String> clientUidList, String groupVector) {
-		 missionService().sendLatestFeedEvents(mission, missionFeed, clientUidList, groupVector);
+		missionService().sendLatestFeedEvents(mission, missionFeed, clientUidList, groupVector);
 	}
-	
+
 	@Override
 	public void cacheDataFeedEvent(DataFeed dataFeed, CotEventContainer data) {
 		DataFeedCotCacheHelper.getInstance().cacheDataFeedEvent(dataFeed, data);
 	}
-	
+
 	@Override
 	public Collection<CotEventContainer> getCachedDataFeedEvents(String dataFeedUid) {
 		return DataFeedCotCacheHelper.getInstance().getCachedDataFeedEvents(dataFeedUid);
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionCacheWarmer.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionCacheWarmer.java
index 61ab91fb..a42ee505 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionCacheWarmer.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionCacheWarmer.java
@@ -3,8 +3,9 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -19,22 +20,19 @@ public class MissionCacheWarmer {
 
 	@Autowired
 	private MissionService missionService;
-	
+
 	@Autowired
 	private CommonUtil commonUtil;
-	
+
 	@Autowired
 	private MissionCacheHelper cacheHelper;
-	
-	@Autowired
-	private CoreConfig coreConfig;
-	
+
 	private final Logger logger = LoggerFactory.getLogger(MissionCacheWarmer.class);
-	
+
 	@PostConstruct
 	private void init() {
-		
-		if (coreConfig.getRemoteConfiguration().getBuffer().getQueue().isEnableCacheWarmer()) {
+
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().isEnableCacheWarmer()) {
 
 			try {
 				logger.info("initializing mission cache");
@@ -55,5 +53,5 @@ private void init() {
 				logger.error("exception initializing caches", e);
 			}
 		}
-	}	
+	}
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionPermissionEvaluator.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionPermissionEvaluator.java
index 2a5741c6..894e51c4 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionPermissionEvaluator.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionPermissionEvaluator.java
@@ -2,7 +2,7 @@
 
 import java.io.Serializable;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionService.java
index 9e4b13aa..1488086a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionService.java
@@ -8,9 +8,10 @@
 import java.util.Set;
 import java.util.UUID;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.data.domain.Pageable;
+import org.springframework.data.repository.query.Param;
 import org.springframework.jdbc.core.ResultSetExtractor;
 
 import com.bbn.marti.config.GeospatialFilter;
@@ -284,4 +285,23 @@ ExternalMissionData hydrate(String externalDataUid, String externalDataName, Str
 	boolean validateAccess(Mission mission, HttpServletRequest request);
 
     List<String> getAllCotForString(String uidSearch, String groupVector);
+    
+    void hydrateFeedNameForMission(Mission mission);
+    
+    void hydrateMissionChangesForMission(Mission mission);
+    
+    void hydrateMissionChange(MissionChange missionChange);
+    
+    MissionSubscription getMissionSubcriptionByMissionNameAndClientUidAndUsernameNoMission(String missionName, String clientUid, String username);
+    
+    MissionSubscription getMissionSubscriptionByMissionNameAndClientUidNoMission(String missionName, String clientUid);
+    
+    MissionSubscription getMissionSubscriptionByMissionNameAndUsernameNoMission(String missionName, String username);
+    
+    MissionSubscription getMissionSubscriptionByUidAndMissionNameNoMission(String uid, String missionName);
+    
+    List<MissionSubscription> getMissionSubscriptionsByMissionNameNoMission(String missionName);
+    
+    List<MissionSubscription> getMissionSubscriptionsByMissionNameNoMissionNoToken(String missionName);
+    
 }
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionServiceDefaultImpl.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionServiceDefaultImpl.java
index 526baff6..31e2dccf 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionServiceDefaultImpl.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionServiceDefaultImpl.java
@@ -30,15 +30,17 @@
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.stream.Collectors;
 
-import javax.persistence.EntityNotFoundException;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.persistence.EntityNotFoundException;
+import jakarta.servlet.http.HttpServletRequest;
 import javax.sql.DataSource;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.validator.routines.EmailValidator;
 import org.dom4j.DocumentException;
+import org.hibernate.Hibernate;
 import org.jetbrains.annotations.NotNull;
 import org.locationtech.jts.geom.Polygon;
 import org.slf4j.Logger;
@@ -94,7 +96,6 @@
 import com.bbn.marti.remote.groups.GroupManager;
 import com.bbn.marti.remote.sync.MissionChangeType;
 import com.bbn.marti.remote.sync.MissionContent;
-import com.bbn.marti.remote.util.ConcurrentMultiHashMap;
 import com.bbn.marti.remote.util.DateUtil;
 import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.remote.util.SecureXmlParser;
@@ -110,10 +111,8 @@
 import com.bbn.marti.sync.model.Mission.MissionAdd;
 import com.bbn.marti.sync.model.Mission.MissionAddDetails;
 import com.bbn.marti.sync.model.MissionChange;
-import com.bbn.marti.sync.model.MissionChangeUtils;
 import com.bbn.marti.sync.model.MissionChanges;
 import com.bbn.marti.sync.model.MissionFeed;
-import com.bbn.marti.sync.model.MissionFeedUtils;
 import com.bbn.marti.sync.model.MissionInvitation;
 import com.bbn.marti.sync.model.MissionLayer;
 import com.bbn.marti.sync.model.MissionPermission;
@@ -138,13 +137,12 @@
 import com.bbn.marti.util.TimeUtils;
 import com.bbn.marti.util.missionpackage.ContentType;
 import com.bbn.marti.util.missionpackage.MissionPackage;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.beust.jcommander.internal.Lists;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.base.Strings;
 import com.google.common.collect.Maps;
-import com.google.common.collect.Multimap;
 
 import de.micromata.opengis.kml.v_2_2_0.Kml;
 import io.jsonwebtoken.Claims;
@@ -155,6 +153,7 @@
 import tak.server.cache.MissionCacheHelper;
 import tak.server.cache.MissionCacheResolver;
 import tak.server.cache.MissionLayerCacheResolver;
+import tak.server.cache.UnproxyHelper;
 import tak.server.cot.CotElement;
 import tak.server.cot.CotEventContainer;
 import tak.server.cot.CotParser;
@@ -163,10 +162,10 @@
 import tak.server.ignite.grid.SubscriptionManagerProxyHandler;
 
 /*
- * 
+ *
  * Mission API business logic layer default implementation
- * 
- * 
+ *
+ *
  */
 @SuppressWarnings("deprecation")
 public class MissionServiceDefaultImpl implements MissionService {
@@ -195,8 +194,6 @@ public class MissionServiceDefaultImpl implements MissionService {
 
 	private final KMLService kmlService;
 
-	private final CoreConfig coreConfig;
-
 	private final SubmissionInterface submission;
 
 	private final ExternalMissionDataRepository externalMissionDataRepository;
@@ -222,9 +219,9 @@ public class MissionServiceDefaultImpl implements MissionService {
 	private final CoTCacheHelper cotCacheHelper;
 
 	private final MissionCacheHelper missionCacheHelper;
-
-	private final ClassificationService classificationService;
 	
+	private final ClassificationService classificationService;
+
 	private final FileManagerService fileManagerService;
 
 	private final Logger changeLogger = LoggerFactory.getLogger(Constants.CHANGE_LOGGER);
@@ -256,7 +253,6 @@ public MissionServiceDefaultImpl(
 			com.bbn.marti.sync.EnterpriseSyncService syncStore,
 			JDBCCachingKMLDao kmlDao,
 			KMLService kmlService,
-			CoreConfig coreConfig,
 			SubmissionInterface submission,
 			ExternalMissionDataRepository externalMissionDataRepository,
 			MissionInvitationRepository missionInvitationRepository,
@@ -284,7 +280,6 @@ public MissionServiceDefaultImpl(
 		this.syncStore = syncStore;
 		this.kmlDao = kmlDao;
 		this.kmlService = kmlService;
-		this.coreConfig = coreConfig;
 		this.submission = submission;
 		this.externalMissionDataRepository = externalMissionDataRepository;
 		this.missionInvitationRepository = missionInvitationRepository;
@@ -304,28 +299,35 @@ public MissionServiceDefaultImpl(
 
 	private static final Logger cacheLogger = LoggerFactory.getLogger("missioncache");
 
-	private synchronized MissionService getMissionService() {
+	private MissionService getMissionService() {
 
 		// return the cached missionService if we have one
 		if (missionService != null) {
 			return missionService;
 		}
 
-		try {
-			// cache off and return the missionService bean
-			missionService = SpringContextBeanForApi.getSpringContext()
-					.getBean(com.bbn.marti.sync.service.MissionService.class);
-			return missionService;
-		} catch (Exception e) {
-			// if we have any problems getting bean just return this
-			logger.error("exception trying to get MissionService bean!", e);
-			return this;
+		synchronized (this) {
+
+			if (missionService == null) {
+
+				try {
+					// cache off and return the missionService bean
+					missionService = SpringContextBeanForApi.getSpringContext()
+							.getBean(com.bbn.marti.sync.service.MissionService.class);
+				} catch (Exception e) {
+					// if we have any problems getting bean just return this
+					logger.error("exception trying to get MissionService bean!", e);
+					return this;
+				}
+			}
 		}
+		
+		return missionService;
 	}
 
 	@Override
 	public CotElement getLatestCotElement(String uid, String groupVector, Date end,
-			ResultSetExtractor<CotElement> resultSetExtractor) {
+										  ResultSetExtractor<CotElement> resultSetExtractor) {
 
 		String sql = "select " // query
 				+ "uid, ST_X(event_pt), ST_Y(event_pt), "
@@ -362,34 +364,34 @@ public CotElement getLatestCotForUid(String uid, String groupVector, Date end) {
 		} else {
 			return getLatestCotElement(uid, groupVector, end,
 					new ResultSetExtractor<CotElement>() {
-				@Override
-				public CotElement extractData(ResultSet results) throws SQLException {
-					if (results == null) {
-						throw new IllegalStateException("null result set");
-					}
+						@Override
+						public CotElement extractData(ResultSet results) throws SQLException {
+							if (results == null) {
+								throw new IllegalStateException("null result set");
+							}
 
-					if (!results.next()) {
-						throw new NotFoundException("no results");
-					}
+							if (!results.next()) {
+								throw new NotFoundException("no results");
+							}
 
-					CotElement cotElement = new CotElement();
-
-					cotElement.uid = results.getString(1);
-					cotElement.lon = results.getDouble(2);
-					cotElement.lat = results.getDouble(3);
-					cotElement.hae = results.getString(4);
-					cotElement.cottype = results.getString(5);
-					cotElement.servertime = results.getTimestamp(6);
-					cotElement.le = results.getDouble(7);
-					cotElement.detailtext = results.getString(8);
-					cotElement.cotId = results.getLong(9);
-					cotElement.how = results.getString(10);
-					cotElement.staletime = results.getTimestamp(11);
-					cotElement.ce = results.getDouble(12);
-
-					return cotElement;
-				}
-			});
+							CotElement cotElement = new CotElement();
+
+							cotElement.uid = results.getString(1);
+							cotElement.lon = results.getDouble(2);
+							cotElement.lat = results.getDouble(3);
+							cotElement.hae = results.getString(4);
+							cotElement.cottype = results.getString(5);
+							cotElement.servertime = results.getTimestamp(6);
+							cotElement.le = results.getDouble(7);
+							cotElement.detailtext = results.getString(8);
+							cotElement.cotId = results.getLong(9);
+							cotElement.how = results.getString(10);
+							cotElement.staletime = results.getTimestamp(11);
+							cotElement.ce = results.getDouble(12);
+
+							return cotElement;
+						}
+					});
 		}
 	}
 
@@ -430,34 +432,34 @@ public List<CotElement> getCotElementsByTimeAndBbox(
 
 			return new JdbcTemplate(dataSource).query(sql, params,
 					new ResultSetExtractor<List<CotElement>>() {
-				@Override
-				public List<CotElement> extractData(ResultSet results) throws SQLException {
-					if (results == null) {
-						throw new IllegalStateException("null result set");
-					}
+						@Override
+						public List<CotElement> extractData(ResultSet results) throws SQLException {
+							if (results == null) {
+								throw new IllegalStateException("null result set");
+							}
 
-					LinkedList<CotElement> cotElements = new LinkedList<>();
-					while (results.next()) {
-						CotElement cotElement = new CotElement();
-						cotElement.uid = results.getString(1);
-						cotElement.lon = results.getDouble(2);
-						cotElement.lat = results.getDouble(3);
-						cotElement.hae = results.getString(4);
-						cotElement.cottype = results.getString(5);
-						cotElement.servertime = results.getTimestamp(6);
-						cotElement.le = results.getDouble(7);
-						cotElement.detailtext = results.getString(8);
-						cotElement.cotId = results.getLong(9);
-						cotElement.how = results.getString(10);
-						cotElement.staletime = results.getTimestamp(11);
-						cotElement.ce = results.getDouble(12);
-
-						cotElements.add(cotElement);
-					}
+							LinkedList<CotElement> cotElements = new LinkedList<>();
+							while (results.next()) {
+								CotElement cotElement = new CotElement();
+								cotElement.uid = results.getString(1);
+								cotElement.lon = results.getDouble(2);
+								cotElement.lat = results.getDouble(3);
+								cotElement.hae = results.getString(4);
+								cotElement.cottype = results.getString(5);
+								cotElement.servertime = results.getTimestamp(6);
+								cotElement.le = results.getDouble(7);
+								cotElement.detailtext = results.getString(8);
+								cotElement.cotId = results.getLong(9);
+								cotElement.how = results.getString(10);
+								cotElement.staletime = results.getTimestamp(11);
+								cotElement.ce = results.getDouble(12);
+
+								cotElements.add(cotElement);
+							}
 
-					return cotElements;
-				}
-			});
+							return cotElements;
+						}
+					});
 
 		} catch (Exception e) {
 			logger.error("exception in getCotElementsByTimeAndBbox! " + e.getMessage());
@@ -507,39 +509,39 @@ private Map<String, Map<String, List<String>>> getMissionKeywordsMap(Long missio
 		return new JdbcTemplate(dataSource).query(sql,
 				new Object[] { missionId, missionId },
 				new ResultSetExtractor< Map<String, Map<String, List<String>>> >() {
-			@Override
-			public Map<String, Map<String, List<String>>> extractData(ResultSet results) throws SQLException {
-				if (results == null) {
-					throw new IllegalStateException("null result set");
-				}
+					@Override
+					public Map<String, Map<String, List<String>>> extractData(ResultSet results) throws SQLException {
+						if (results == null) {
+							throw new IllegalStateException("null result set");
+						}
 
-				Map<String, List<String>> uidMap = new HashMap<>();
-				Map<String, List<String>> resourceMap = new HashMap<>();
+						Map<String, List<String>> uidMap = new HashMap<>();
+						Map<String, List<String>> resourceMap = new HashMap<>();
 
-				Map<String, Map<String, List<String>>> keywordMap = new HashMap<>();
-				keywordMap.put("uid", uidMap);
-				keywordMap.put("resource", resourceMap);
+						Map<String, Map<String, List<String>>> keywordMap = new HashMap<>();
+						keywordMap.put("uid", uidMap);
+						keywordMap.put("resource", resourceMap);
 
-				while (results.next()) {
+						while (results.next()) {
 
-					String type = results.getString(1);
-					String key = results.getString(2);
-					String keyword = results.getString(3);
+							String type = results.getString(1);
+							String key = results.getString(2);
+							String keyword = results.getString(3);
 
-					List<String> keywords = null;
+							List<String> keywords = null;
 
-					if (type.compareTo("uid") == 0) {
-						keywords = getKeywordList(key, uidMap);
-					} else if (type.compareTo("hash") == 0) {
-						keywords = getKeywordList(key, resourceMap);
-					}
+							if (type.compareTo("uid") == 0) {
+								keywords = getKeywordList(key, uidMap);
+							} else if (type.compareTo("hash") == 0) {
+								keywords = getKeywordList(key, resourceMap);
+							}
 
-					keywords.add(keyword);
-				}
+							keywords.add(keyword);
+						}
 
-				return keywordMap;
-			}
-		});
+						return keywordMap;
+					}
+				});
 	}
 
 	@Override
@@ -558,38 +560,38 @@ public List<CotElement> getAllCotForUid(String uid, Date start, Date end, String
 		return new JdbcTemplate(dataSource).query(sql,
 				new Object[] { uid, start, end, groupVector }, // parameters
 				new ResultSetExtractor<List<CotElement>>() {
-			@Override public List<CotElement> extractData(ResultSet results) throws SQLException {
-				if (results == null) {
-					throw new IllegalStateException("null result set");
-				}
+					@Override public List<CotElement> extractData(ResultSet results) throws SQLException {
+						if (results == null) {
+							throw new IllegalStateException("null result set");
+						}
 
-				if (!results.next()) {
-					throw new NotFoundException("no results");
-				}
+						if (!results.next()) {
+							throw new NotFoundException("no results");
+						}
 
-				List<CotElement> cotElements = new ArrayList<CotElement>();
+						List<CotElement> cotElements = new ArrayList<CotElement>();
 
-				do {
-					CotElement cotElement = new CotElement();
+						do {
+							CotElement cotElement = new CotElement();
 
-					cotElement.cottype = results.getString(1);
-					cotElement.servertime = results.getTimestamp(2);
-					cotElement.staletime = results.getTimestamp(3);
-					cotElement.how = results.getString(4);
-					cotElement.hae = results.getString(5);
-					cotElement.ce = results.getDouble(6);
-					cotElement.le = results.getDouble(7);
-					cotElement.detailtext = results.getString(8);
-					cotElement.lon = results.getDouble(9);
-					cotElement.lat = results.getDouble(10);
-					cotElement.uid = results.getString(11);
+							cotElement.cottype = results.getString(1);
+							cotElement.servertime = results.getTimestamp(2);
+							cotElement.staletime = results.getTimestamp(3);
+							cotElement.how = results.getString(4);
+							cotElement.hae = results.getString(5);
+							cotElement.ce = results.getDouble(6);
+							cotElement.le = results.getDouble(7);
+							cotElement.detailtext = results.getString(8);
+							cotElement.lon = results.getDouble(9);
+							cotElement.lat = results.getDouble(10);
+							cotElement.uid = results.getString(11);
 
-					cotElements.add(cotElement);
-				} while (results.next());
+							cotElements.add(cotElement);
+						} while (results.next());
 
-				return cotElements;
-			}
-		});
+						return cotElements;
+					}
+				});
 	}
 
 	@Override
@@ -630,7 +632,7 @@ public boolean deleteAllCotForUids(List<String> uids, String groupVector) {
 					new Object[] {
 							uidArray,
 							groupVector
-			});
+					});
 
 			return updated > 0;
 
@@ -920,12 +922,12 @@ public Mission hydrate(Mission mission, boolean hydrateDetails) {
 		if (mission.getContents().size() > 0) {
 			Set<Resource> resources = mission.getContents();
 			Map<Integer, List<String>> keywordMap = getMissionService().getCachedResources(mission.getName(), resources);  // hydrate resources!
-			for (Resource resource : resources) {
-				List<String> keywords = keywordMap.get(resource.getId());
-				resource.setKeywords(keywords);
-				resourceMap.put(resource.getHash(), resource);
+				for (Resource resource : resources) {
+					List<String> keywords = keywordMap.get(resource.getId());
+					resource.setKeywords(keywords);
+					resourceMap.put(resource.getHash(), resource);
+				}
 			}
-		}
 
 		Metrics.timer("method-exec-timer-hydrateMission-hashes", "takserver", "MissionService").record(Duration.ofMillis(System.currentTimeMillis() - start));
 
@@ -1256,7 +1258,7 @@ public UidDetails hydrate(@NotNull UidDetails uidDetails, String uid, Date times
 
 	@Override
 	public ExternalMissionData hydrate(String externalDataUid, String externalDataName, String externalDataTool,
-			String externalDataToken, String externalDataNotes) {
+									   String externalDataToken, String externalDataNotes) {
 
 		try {
 			String urlData = null;
@@ -1354,6 +1356,9 @@ public void missionInvite(Mission mission, MissionInvitation missionInvitation)
 					}
 
 					try {
+
+						CoreConfig coreConfig = CoreConfigFacade.getInstance();
+
 						// notify this user via email if the username is an email address and email is configured
 						if (EmailValidator.getInstance().isValid(missionInvitation.getInvitee()) &&
 								coreConfig.getRemoteConfiguration().getEmail() != null) {
@@ -1438,17 +1443,18 @@ public void missionUninvite(
 		String sql = "delete from mission_invitation where mission_name = :missionName and " +
 				" lower(invitee) = lower(:invitee) and type = :type";
 		new NamedParameterJdbcTemplate(dataSource).update(sql, namedParameters);
+
 	}
 
 	@Override
 	public List<MissionInvitation> getMissionInvitations(String missionName) {
-		
+
 		Long missionId = missionRepository.getLatestMissionIdForName(missionService.trimName(missionName.toLowerCase()));
-		
+
 		if (missionId == null) {
 			throw new NotFoundException("mission " + missionName + " does not exist.");
 		}
-		
+
 		return missionInvitationRepository.findAllByMissionId(missionId);
 	}
 
@@ -1576,7 +1582,7 @@ public List<Map.Entry<String, String>> getAllMissionSubscriptions()  {
 		}
 		return results;
 	}
-	
+
 	private AtomicInteger addCount = new AtomicInteger();
 
 
@@ -1604,11 +1610,14 @@ public Mission addMissionContentAtTime(String missionName, MissionContent missio
 			contentMap.putAll(missionContent.getPaths());
 		}
 
+		CoreConfig coreConfig = CoreConfigFacade.getInstance();
+
 		for (Map.Entry<String, List<MissionContent>> pathContentEntry : contentMap.entrySet()) {
 
 			String path = pathContentEntry.getKey();
 			List<MissionContent> contents = pathContentEntry.getValue();
 
+
 			for (MissionContent content : contents) {
 
 				String after = content.getAfter();
@@ -1737,24 +1746,24 @@ public Mission addMissionContentAtTime(String missionName, MissionContent missio
 			addCount.addAndGet(changes.size());
 			changeLogger.debug("mission changes to save: " + changes.size() + " total changes: " + addCount.get());
 		}
-		
+
 		for (MissionChange change : changes) {
-		
+
 			try {
-				
+
 				MissionChanges missionChanges = new MissionChanges();
 				missionChanges.add(change);
 
-				MissionChangeUtils.findAndSetTransientValuesForMissionChange(change);
-				
+				hydrateMissionChange(change);
+
 				String changeXml = commonUtil.toXml(missionChanges);
-				
+
 				if (changeLogger.isTraceEnabled()) {
 					changeLogger.trace(" announcing change " +  changeXml);
 				}
-				
+
 				subscriptionManager.announceMissionChange(missionName, ChangeType.CONTENT, creatorUid, mission.getTool(), changeXml, xmlContentForNotification);
-				
+
 				if (logger.isDebugEnabled()) {
 					logger.debug("mission change announced");
 				}
@@ -1783,7 +1792,7 @@ public Mission addMissionContent(String missionName, MissionContent content,  St
 	}
 
 	public Metadata addToEnterpriseSync(byte[] contents, String name, String mimeType, List<String> keywords,
-			String groupVector, Date submissionTime) {
+										String groupVector, Date submissionTime) {
 		try {
 			//
 			// build up the metadata for adding to enterprise sync
@@ -1856,7 +1865,7 @@ private boolean hasFileConflict(MissionChange pendingChange, Set<MissionChange>
 
 		for (MissionChange change : changes) {
 
-			MissionChangeUtils.findAndSetContentResource(change);
+			findContentResource(change);
 
 			// ignore non file changes
 			if (change.getContentResource() == null) {
@@ -1881,11 +1890,11 @@ private boolean hasExternalDataConflict(MissionChange pendingChange, Set<Mission
 
 		for (MissionChange change : changes) {
 
-			MissionChangeUtils.findAndSetExternalMissionData(change);
+			findExternalMissionData(change);
 			ExternalMissionData externalMissionData = change.getExternalMissionData();
-			
+
 			// ignore non ExternalData changes
-			if (externalMissionData == null) {
+			if (externalMissionData== null) {
 				continue;
 			}
 
@@ -2010,18 +2019,18 @@ private boolean hasLogEntryConflict(MissionChange pendingChange, Mission mission
 	}
 
 	private boolean hasConflicts(Mission mission,
-			Date missionCreateTime,
-			MissionChanges pendingChanges,
-			List<MissionChange> conflicts) {
+								 Date missionCreateTime,
+								 MissionChanges pendingChanges,
+								 List<MissionChange> conflicts) {
 		try {
 			conflicts.clear();
-			
+
 			if (mission.getId() == null) {
 				throw new IllegalArgumentException("null mission id in hasConflicts()");
 			}
-			
-			
-						// pull the complete change set for the mission
+
+
+			// pull the complete change set for the mission
 			Set<MissionChange> changes = missionChangeRepository.changesForMission(mission.getId(),
 					TimeUtils.MIN_TS, TimeUtils.MAX_TS);
 
@@ -2083,7 +2092,7 @@ private String trimByteOrderMark(String input) {
 	@Override
 	@CacheEvict(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, allEntries = true)
 	public boolean addMissionPackage(String missionName, byte[] missionPackage, String creatorUid,
-			NavigableSet<Group> groups, List<MissionChange> conflicts) {
+									 NavigableSet<Group> groups, List<MissionChange> conflicts) {
 
 		String groupVector = RemoteUtil.getInstance().bitVectorToString(
 				RemoteUtil.getInstance().getBitVectorForGroups(groups));
@@ -2301,7 +2310,7 @@ public Mission deleteMissionContentAtTime(String missionName, String hash, Strin
 			MissionChanges changes = new MissionChanges();
 			changes.add(change);
 
-			MissionChangeUtils.findAndSetTransientValuesForMissionChange(change);
+			hydrateMissionChange(change);
 
 			try {
 				subscriptionManager.announceMissionChange(missionName, creatorUid, mission.getTool(),
@@ -2349,20 +2358,20 @@ public byte[] archiveMission(String missionName, String groupVector, String serv
 			mp.addParameter("mission_label", missionName);
 			mp.addParameter("mission_uid", serverName + "-8443-ssl-" + missionName);
 			mp.addParameter("mission_server", serverName + ":8443:ssl");
-			
+
 			mp.addDirectory("cot/");
 			mp.addDirectory("contents/");
-			
-			// archive the mission groups			
-        	Collection<Group> allOutGroups = groupManager.getAllGroups();        			
-            NavigableSet<Group> outGroups = RemoteUtil.getInstance().getGroupsForBitVectorString(mission.getGroupVector(), allOutGroups);
-            outGroups.stream().forEach(group-> mp.addGroup(group.getName()));
-            // archive the mission role + permissions
-            if (mission.getDefaultRole() != null) {
-            	 mp.addRoleName(mission.getDefaultRole().getRole().name());
-                 mission.getDefaultRole().getMissionPermissions().forEach(permission->mp.addPermission(permission.getPermission().name()));
-            } 
-            
+
+			// archive the mission groups
+			Collection<Group> allOutGroups = groupManager.getAllGroups();
+			NavigableSet<Group> outGroups = RemoteUtil.getInstance().getGroupsForBitVectorString(mission.getGroupVector(), allOutGroups);
+			outGroups.stream().forEach(group-> mp.addGroup(group.getName()));
+			// archive the mission role + permissions
+			if (mission.getDefaultRole() != null) {
+				mp.addRoleName(mission.getDefaultRole().getRole().name());
+				mission.getDefaultRole().getMissionPermissions().forEach(permission->mp.addPermission(permission.getPermission().name()));
+			}
+
 			//
 			// iterate over cot events
 			//
@@ -2384,8 +2393,8 @@ public byte[] archiveMission(String missionName, String groupVector, String serv
 			int ndx = 0;
 			for (Resource resource : mission.getContents()) {
 				byte[] content = syncStore.getContentByHash(resource.getHash(), groupVector);
-				
-				// this is a hack because for some reason the resources from mission.getContents() 
+
+				// this is a hack because for some reason the resources from mission.getContents()
 				// don't return keywords
 				try {
 					Resource resourceWithKeywords = ResourceUtils.fetchResourceByHash(resource.getHash());
@@ -2393,18 +2402,18 @@ public byte[] archiveMission(String missionName, String groupVector, String serv
 				} catch (Exception e) {
 					logger.info("could not fetch keywords for " + resource.getHash());
 				}
-				
+
 				if (content == null) {
 					logger.error("Unable to add content to mission archive: " + resource.getHash());
 					continue;
 				}
 
 				String filename = resource.getHash();
-												
+
 				if (resource.getName() != null) {
 					filename = ndx++ + "_" + resource.getName();
 				}
-				
+
 
 				mp.addContentFile("contents/" + filename, content, resourceToContentType(resource));
 			}
@@ -2416,10 +2425,10 @@ public byte[] archiveMission(String missionName, String groupVector, String serv
 			throw new TakException(msg, e);
 		}
 	}
-	
+
 	private ContentType resourceToContentType(Resource resource) {
 		ContentType contentType = new ContentType();
-       
+
 		if (resource.getAltitude() != null) {
 			contentType.setAltitude(resource.getAltitude());
 		}
@@ -2538,7 +2547,9 @@ public Mission deleteMission(String name, String creatorUid, String groupVector,
 
 			try {
 				missionRepository.deleteMission(mission.getId());
-			} catch (JpaSystemException e) { } // meaningless "multiple results sets" exception due to multiple sql statements
+			} catch (JpaSystemException e) { 
+				logger.debug("JpaSystemException deleting mission", e); // meaningless "multiple results sets" exception due to multiple sql statements
+			} 
 
 			MissionChange change = new MissionChange(MissionChangeType.DELETE_MISSION, mission);
 
@@ -2555,21 +2566,24 @@ public Mission deleteMission(String name, String creatorUid, String groupVector,
 
 			return mission;
 
+		} catch (Exception e) {
+			logger.error("exception deleting and archiving mission {} {} ", mission.getName(), mission.getGuid());
+			throw e;
 		} finally {
 			missionCacheHelper.clearAllMissionAndCopsCache();
 		}
 	}
-	
+
 	@Override
 	@CacheEvict(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, allEntries = true)
 	public Mission createMission(String name, String creatorUid, String groupVector, String description, String chatRoom,
 								 String baseLayer, String bbox, String path, String classification, String tool, String passwordHash,
 								 MissionRole defaultRole, Long expiration, String boundingPolygon, Boolean inviteOnly, UUID guid) {
-		
+
 		if (logger.isDebugEnabled()) {
 			logger.debug("create mission " + name + " " + tool + " " + creatorUid);
 		}
-		
+
 		Mission mission = new Mission();
 		mission.setGuid(guid.toString());
 
@@ -2595,6 +2609,16 @@ public Mission createMission(String name, String creatorUid, String groupVector,
 
 		mission.setGroupVector(groupVector);
 
+		CoreConfig coreConfig = CoreConfigFacade.getInstance();
+
+		if (Strings.isNullOrEmpty(classification) &&
+				coreConfig.getRemoteConfiguration().getVbm() != null &&
+				coreConfig.getRemoteConfiguration().getVbm().isEnabled() &&
+				coreConfig.getRemoteConfiguration().getVbm().isIsmStrictEnforcing()
+				&& !Strings.isNullOrEmpty(coreConfig.getRemoteConfiguration().getVbm().getNetworkClassification())) {
+			classification = coreConfig.getRemoteConfiguration().getVbm().getNetworkClassification();
+		}
+
 		// Idempotent mission creation - the unique constraint on mission name in the database handles this.
 		try {
 			Long id = null;
@@ -2610,7 +2634,7 @@ public Mission createMission(String name, String creatorUid, String groupVector,
 			} else {
 				id = missionRepository.create(new Date(), trimName(name), creatorUid, groupVector, description, chatRoom, baseLayer, bbox, path, classification, tool, passwordHash, defaultRole.getId(), expirationValue, boundingPolygon, inviteOnly, guid);
 			}
-			
+
 			if (logger.isDebugEnabled()) {
 				logger.debug("saved mission " + name + " in missionRepository");
 			}
@@ -2620,11 +2644,11 @@ public Mission createMission(String name, String creatorUid, String groupVector,
 
 			createChange.setMission(mission);
 			createChange.setMissionName(trimName(name));
-			
+
 			// record the create mission action in the changelog
 			missionChangeRepository.save(createChange);
-			
-			
+
+
 			if (logger.isDebugEnabled()) {
 				logger.debug("saved createChange in missionRepository");
 			}
@@ -2636,8 +2660,8 @@ public Mission createMission(String name, String creatorUid, String groupVector,
 			} catch (Exception e) {
 				logger.warn("exception announcing mission change " + e.getMessage(), e);
 			}
-			
-			
+
+
 
 		} catch (DataIntegrityViolationException e) { // safely ignored in the case of mission that already exists
 			if (logger.isDebugEnabled()) {
@@ -2658,8 +2682,13 @@ public Mission createMission(String name, String creatorUid, String groupVector,
 								 String baseLayer, String bbox, String path, String classification, String tool, String passwordHash,
 								 MissionRole defaultRole, Long expiration, String boundingPolygon, Boolean inviteOnly) {
 
-		return createMission(name, creatorUid, groupVector, description, chatRoom, baseLayer, bbox, path, classification, tool, 
+		Mission result = createMission(name, creatorUid, groupVector, description, chatRoom, baseLayer, bbox, path, classification, tool,
 				passwordHash, defaultRole, expiration, boundingPolygon, inviteOnly,  UUID.randomUUID());
+		
+		// clear the all missions cache in addition to the per-mission cache (see CacheEvict on this method)
+		missionCacheHelper.clearAllMissionAndCopsCache();
+		
+		return result;
 	}
 
 	@Override
@@ -2688,18 +2717,18 @@ public void validateMission(Mission mission, String missionName) {
 				throw new MissionDeletedException("Mission named '" + missionName + "' was deleted");
 				// if a mission doesn't exist, respond with a 404
 			} else {
-				
+
 				String msg = "Mission named '" + missionName + "' not found - not deleted";
-				
+
 				if (logger.isDebugEnabled()) {
 					logger.debug(msg);
 				}
- 				
+
 				throw new NotFoundException(msg);
 			}
 		}
 	}
-	
+
 	// checks if the mission was previously deleted
 	@Override
 	public void validateMissionByGuid(Mission mission, UUID guid) {
@@ -2728,7 +2757,7 @@ public void validateMissionByGuid(Mission mission, UUID guid) {
 
 	@Override
 	public boolean validateAccess(Mission mission, HttpServletRequest request) {
-		if (!coreConfig.getRemoteConfiguration().getVbm().isEnabled()) {
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled()) {
 			return true;
 		}
 
@@ -2744,7 +2773,7 @@ public boolean validateAccess(Mission mission, HttpServletRequest request) {
 
 	@Override
 	public List<Mission> validateAccess(List<Mission> missions, HttpServletRequest request) {
-		if (!coreConfig.getRemoteConfiguration().getVbm().isEnabled()) {
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled()) {
 			return missions;
 		}
 
@@ -2759,18 +2788,18 @@ public boolean isDeleted(String missionName) {
 		if (logger.isDebugEnabled()) {
 			logger.debug("checking isDeleted " + missionName);
 		}
-	
+
 		MissionChangeType changeType = missionChangeRepository.getLatestChangeTypeForMissionName(missionName);
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("last change type for mission {} : {} ", missionName, changeType);
 		}
-		
+
 		// mission doesn't exist, and never did
 		if (changeType == null) {
 			return false;
 		}
-		
+
 		// mission was deleted
 		if (changeType.equals(MissionChangeType.DELETE_MISSION)) {
 			return true;
@@ -2779,25 +2808,25 @@ public boolean isDeleted(String missionName) {
 		// mission currently exists
 		return false;
 	}
-	
+
 	@Override
 	public boolean isDeletedByGuid(UUID guid) {
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("checking isDeleted {}", guid);
 		}
-	
+
 		MissionChangeType changeType = missionChangeRepository.getLatestChangeTypeForMissionGuid(guid);
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("last change type for mission {} : {} ", guid, changeType);
 		}
-		
+
 		// mission doesn't exist, and never did
 		if (changeType == null) {
 			return false;
 		}
-		
+
 		// mission was deleted
 		if (changeType.equals(MissionChangeType.DELETE_MISSION)) {
 			return true;
@@ -2826,7 +2855,7 @@ public Mission getMissionNoContent(String missionName, String groupVector) {
 
 		return mission;
 	}
-	
+
 	@Override
 	public Mission getMissionNoContentByGuid(UUID missionGuid, String groupVector) {
 
@@ -2846,7 +2875,7 @@ public Mission getMission(String missionName, boolean hydrateDetails) {
 
 		return missionCacheHelper.getMission(trimName(missionName), hydrateDetails, false);
 	}
-	
+
 	@Override
 	public Mission getMissionByGuid(UUID missionGuid, boolean hydrateDetails) {
 
@@ -2857,7 +2886,7 @@ public Mission getMissionByGuid(UUID missionGuid, boolean hydrateDetails) {
 	public Mission getMission(String missionName, String groupVector) {
 
 		Mission mission = getMissionService().getMission(missionName, true);
-
+		
 		if (mission != null && !remoteUtil.isGroupVectorAllowed(groupVector, mission.getGroupVector())) {
 			mission = null;
 		}
@@ -2867,7 +2896,7 @@ public Mission getMission(String missionName, String groupVector) {
 
 		return mission;
 	}
-	
+
 	@Override
 	public Mission getMissionByGuid(UUID missionGuid, String groupVector) {
 
@@ -2896,13 +2925,13 @@ public Mission getMissionNoDetails(String missionName, String groupVector) {
 
 		return mission;
 	}
-	
+
 	@Override
-	@Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, keyGenerator = "methodNameMultiStringArgCacheKeyGenerator")
+	//@Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, keyGenerator = "methodNameMultiStringArgCacheKeyGenerator")
 	public Mission getMissionByNameCheckGroups(String missionName, String groupVector) {
 
-		Mission mission = missionRepository.getByName(missionName);
-		
+		Mission mission = missionCacheHelper.getMission(missionName, false, false);
+
 		if (mission != null) {
 			if (!remoteUtil.isGroupVectorAllowed(groupVector, mission.getGroupVector())) {
 				throw new AccessDeniedException("access denied for mission " + mission.getName());
@@ -2911,13 +2940,13 @@ public Mission getMissionByNameCheckGroups(String missionName, String groupVecto
 
 		return mission;
 	}
-	
+
 	@Override
-	@Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, keyGenerator = "methodNameMultiStringArgCacheKeyGenerator")
+	//@Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, keyGenerator = "methodNameMultiStringArgCacheKeyGenerator")
 	public Mission getMissionByGuidCheckGroups(UUID missionGuid, String groupVector) {
 
-		Mission mission = missionRepository.getByGuid(missionGuid);
-		
+		Mission mission = missionCacheHelper.getMissionByGuid(missionGuid, false, false);
+
 		if (mission != null) {
 			if (!remoteUtil.isGroupVectorAllowed(groupVector, mission.getGroupVector())) {
 				throw new AccessDeniedException("access denied for mission " + mission.getName());
@@ -2956,11 +2985,11 @@ public List<Mission> getAllMissions(boolean passwordProtected, boolean defaultRo
 		String requestGroupVector = RemoteUtil.getInstance().bitVectorToString(RemoteUtil.getInstance().getBitVectorForGroups(requestGroups));
 
 		List<Mission> missions = getMissionService().getAllMissionsCached(passwordProtected, defaultRole, tool);
-		
+
 		List<Mission> missionsFiltered = new ArrayList<>();
 
 		for (Mission mission : missions) {
-			
+
 			if (remoteUtil.isGroupVectorAllowed(requestGroupVector, mission.getGroupVector())) {
 				mission.setGroups(RemoteUtil.getInstance().getGroupNamesForBitVectorString(mission.getGroupVector(), requestGroups));
 				missionsFiltered.add(mission);
@@ -2992,14 +3021,16 @@ public List<Mission> getAllMissionsCached(boolean passwordProtected, boolean def
 			} else {
 				hydrate(mission, false);
 			}
+			
+			UnproxyHelper.unproxyMission(mission);
 		}
 		
 		return missions;
 	}
-	
+
 	@Override
-	public List<Mission> getMissionsFiltered(boolean passwordProtected, boolean defaultRole, String tool, NavigableSet<Group> groups, 
-			int limit, int offset, String sort, Boolean ascending, String nameFilter, String uidFilter)  {
+	public List<Mission> getMissionsFiltered(boolean passwordProtected, boolean defaultRole, String tool, NavigableSet<Group> groups,
+											 int limit, int offset, String sort, Boolean ascending, String nameFilter, String uidFilter)  {
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("mission service getAllMissions cache miss");
@@ -3010,22 +3041,22 @@ public List<Mission> getMissionsFiltered(boolean passwordProtected, boolean defa
 		List<Mission> missions;
 		int page = offset / limit;
 		Pageable pr;
-		if(sort.isBlank()) {
+		if (sort.isBlank()) {
 			pr = PageRequest.of(page, limit);
 		} else {
-			if(ascending) {
+			if (ascending) {
 				pr = PageRequest.of(page, limit, Sort.by(Sort.Direction.ASC, sort));
 			} else {
 				pr = PageRequest.of(page, limit, Sort.by(Sort.Direction.DESC, sort));
 			}
 		}
-		
+
 		if (tool != null) {
 			missions = missionRepository.getAllMissionsByToolPage(passwordProtected, defaultRole, tool, groupVector, pr).getContent();
 		} else if (!nameFilter.isBlank()) {
 			missions = missionRepository.getAllMissionsByNamePage(passwordProtected, defaultRole, groupVector, nameFilter, pr).getContent();
 		} else if (!uidFilter.isBlank()) {
-			if(sort.isBlank()) {
+			if (sort.isBlank()) {
 				missions = missionRepository.getAllMissionsByUidPage(passwordProtected, defaultRole, uidFilter, groupVector, pr);
 			} else {
 				missions = getMissionsByUidWithSort(passwordProtected, defaultRole, limit, offset, sort, ascending, uidFilter, groupVector);
@@ -3045,14 +3076,17 @@ public List<Mission> getMissionsFiltered(boolean passwordProtected, boolean defa
 
 			mission.setGroups(RemoteUtil.getInstance().getGroupNamesForBitVectorString(
 					mission.getGroupVector(), groups));
+			
+			hydrateFeedNameForMission(mission);
+			hydrateMissionChangesForMission(mission);
 		}
 
 		return missions;
 	}
-	
+
 	private List<Mission> getMissionsByUidWithSort(boolean passwordProtected, boolean defaultRole, int limit, int offset, String sort, Boolean ascending, String uidFilter, String groupVector) {
 		String sql = "select id, create_time, last_edited, name, creatoruid, groups, description, chatroom, base_layer, bbox, path, classification, tool, password_hash, expiration, bounding_polygon, invite_only, guid "
-				+ "from mission inner join mission_uid on mission.id = mission_uid.mission_id where invite_only = false and " 
+				+ "from mission inner join mission_uid on mission.id = mission_uid.mission_id where invite_only = false and "
 				+ "((:passwordProtected = false and password_hash is null) or :passwordProtected = true) "
 				+ "and ((:defaultRole = false and (default_role_id is null or default_role_id = 2)) or :defaultRole = true) "
 				+ "and uid like CONCAT('%', :uid, '%') AND " + RemoteUtil.GROUP_CLAUSE + "order by " + sort;
@@ -3072,12 +3106,11 @@ private List<Mission> getMissionsByUidWithSort(boolean passwordProtected, boolea
 		return new NamedParameterJdbcTemplate(dataSource).query(sql,
 				namedParameters,
 				new ResultSetExtractor<List<Mission>>() {
-			@Override
-			public List<Mission> extractData(ResultSet results) throws SQLException {
-				if (results == null) {
-					throw new IllegalStateException("null result set");
-				}
-
+					@Override
+					public List<Mission> extractData(ResultSet results) throws SQLException {
+						if (results == null) {
+							throw new IllegalStateException("null result set");
+						}
 
 				List<Mission> missions = new ArrayList<Mission>();
 				
@@ -3107,11 +3140,12 @@ public List<Mission> extractData(ResultSet results) throws SQLException {
 					missions.add(nextMission);
 				}
 
-				return missions;
-			}
+			return missions;
+
+            }
 		});
 	}
-	
+
 
 	@Override
 	@Cacheable(value = Constants.INVITE_ONLY_MISSION_CACHE, keyGenerator = "inviteOnlyMissionsCacheKeyGenerator", sync = true)
@@ -3127,6 +3161,8 @@ public List<Mission> getInviteOnlyMissions(String userName, String tool, Navigab
 
 			mission.setGroups(RemoteUtil.getInstance().getGroupNamesForBitVectorString(
 					mission.getGroupVector(), groups));
+			
+			UnproxyHelper.unproxyMission(mission);
 		}
 
 		return missions;
@@ -3157,11 +3193,12 @@ public List<Mission> getAllCopsMissions(String tool, NavigableSet<Group> groups,
 
 			mission.setGroups(RemoteUtil.getInstance().getGroupNamesForBitVectorString(
 					mission.getGroupVector(), groups));
+			
+			UnproxyHelper.unproxyMission(mission);
 		}
 
 		return missions;
 	}
-
 	public Long getMissionCount(String tool) {
 
 		if (tool == null) {
@@ -3196,8 +3233,8 @@ public void invalidateMissionCache(String missionName) {
 	@Override
 	@Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER)
 	public Set<MissionChange> getMissionChanges(String missionName, String groupVector,
-			Long secago, Date start, Date end, boolean squashed) {
-		
+												Long secago, Date start, Date end, boolean squashed) {
+
 		if (logger.isDebugEnabled()) {
 			logger.debug("MissionServiceDefaultImpl get mission changes for: " + missionName);
 		}
@@ -3206,11 +3243,11 @@ public Set<MissionChange> getMissionChanges(String missionName, String groupVect
 			if (Strings.isNullOrEmpty(missionName)) {
 				throw new IllegalArgumentException("empty 'name' path parameter");
 			}
-			
+
 			if (logger.isDebugEnabled()) {
 				logger.debug("getting mission changes for mission " + missionName);
 			}
-			
+
 			Mission mission = getMissionService().getMissionByNameCheckGroups(trimName(missionName), groupVector);
 			validateMission(mission, missionName);
 
@@ -3219,27 +3256,31 @@ public Set<MissionChange> getMissionChanges(String missionName, String groupVect
 
 			start = timeInterval.getKey();
 			end = timeInterval.getValue();
-			
+
 			if (mission.getId() == null) {
 				throw new IllegalArgumentException("null mission id in getMissionChanges()");
 			}
 
 			Set<MissionChange> changes;
 			if (squashed) {
-				
+
 				if (logger.isDebugEnabled()) {
 					logger.debug("squashed changes query: " + MissionChangeRepository.MISSION_CHANGES);
 				}
-				
+
 				changes = missionChangeRepository.squashedChangesForMission(mission.getId(), start, end);
 			} else {
-				
+
 				if (logger.isDebugEnabled()) {
 					logger.debug("changes query: " + MissionChangeRepository.MISSION_CHANGES_FULL_HISTORY);
 				}
-				
+
 				changes = missionChangeRepository.changesForMission(mission.getId(), start, end);
 			}
+			
+			for (MissionChange missionChange: changes) {
+				hydrateMissionChange(missionChange);
+			}
 
 			return changes;
 		} catch (Exception e) {
@@ -3247,18 +3288,18 @@ public Set<MissionChange> getMissionChanges(String missionName, String groupVect
 			return null;
 		}
 	}
-	
+
 	@Override
 	@Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER)
 	public Set<MissionChange> getMissionChangesByGuid(UUID missionGuid, String groupVector, Long secago, Date start, Date end, boolean squashed) {
-		
+
 		logger.debug("MissionServiceDefaultImpl get mission changes for {} ", missionGuid);
-		
+
 		try {
 			if (missionGuid == null) {
 				throw new IllegalArgumentException("empty mission guid parameter");
 			}
-			
+
 			Mission mission = getMissionService().getMissionByGuidCheckGroups(missionGuid, groupVector);
 			validateMissionByGuid(mission, missionGuid);
 
@@ -3267,28 +3308,32 @@ public Set<MissionChange> getMissionChangesByGuid(UUID missionGuid, String group
 
 			start = timeInterval.getKey();
 			end = timeInterval.getValue();
-			
+
 			if (mission.getId() == null) {
 				throw new IllegalArgumentException("null mission id in getMissionChangesByGuid()");
 			}
 
 			Set<MissionChange> changes;
 			if (squashed) {
-				
+
 				if (logger.isDebugEnabled()) {
 					logger.debug("squashed changes query: " + MissionChangeRepository.MISSION_CHANGES);
 				}
-				
+
 				changes = missionChangeRepository.squashedChangesForMission(mission.getId(), start, end);
 			} else {
-				
+
 				if (logger.isDebugEnabled()) {
 					logger.debug("changes query: " + MissionChangeRepository.MISSION_CHANGES_FULL_HISTORY);
 				}
-				
+
 				changes = missionChangeRepository.changesForMission(mission.getId(), start, end);
 			}
 
+			for (MissionChange missionChange: changes) {
+    			hydrateMissionChange(missionChange);
+			}
+			
 			return changes;
 		} catch (Exception e) {
 			logger.error("exception in getMissionChanges", e);
@@ -3337,16 +3382,16 @@ public String getMissionKml(String missionName, String urlBase, String groupVect
 	}
 
 	private MissionChanges saveExternalDataChange(ExternalMissionData externalMissionData, String externalDataToken, String notes,
-			String creatorUid, MissionChangeType missionChangeType,
-			Mission mission) {
+												  String creatorUid, MissionChangeType missionChangeType,
+												  Mission mission) {
 
 		return saveExternalDataChangeAtTime(
 				externalMissionData, externalDataToken, notes, creatorUid, missionChangeType, mission, new Date());
 	}
 
 	private MissionChanges saveExternalDataChangeAtTime(ExternalMissionData externalMissionData, String externalDataToken, String notes,
-												  String creatorUid, MissionChangeType missionChangeType,
-												  Mission mission, Date date) {
+														String creatorUid, MissionChangeType missionChangeType,
+														Mission mission, Date date) {
 
 		MissionChanges changes = new MissionChanges();
 		MissionChange change = new MissionChange(missionChangeType, mission);
@@ -3366,13 +3411,13 @@ private MissionChanges saveExternalDataChangeAtTime(ExternalMissionData external
 
 		missionChangeRepository.saveAndFlush(change);
 
-		MissionChangeUtils.findAndSetTransientValuesForMissionChange(change);
+		hydrateMissionChange(change);
 
 		return changes;
 	}
 
 	private ExternalMissionData setExternalMissionDataAtTime(String missionName, String creatorUid,
-			ExternalMissionData externalMissionData, String groupVector, Date date)  {
+															 ExternalMissionData externalMissionData, String groupVector, Date date)  {
 
 		Mission mission = getMissionService().getMission(getMissionService().trimName(missionName), groupVector);
 
@@ -3417,7 +3462,7 @@ public ExternalMissionData setExternalMissionData(String missionName, String cre
 	}
 
 	private void deleteExternalMissionDataAtTime(String missionName, String externalMissionDataId, String notes,
-										  String creatorUid, String groupVector, Date date)  {
+												 String creatorUid, String groupVector, Date date)  {
 
 		Mission mission = getMissionService().getMission(getMissionService().trimName(missionName), groupVector);
 
@@ -3449,7 +3494,7 @@ private void deleteExternalMissionDataAtTime(String missionName, String external
 	@Override
 	@CacheEvict(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, allEntries = true)
 	public void deleteExternalMissionData(String missionName, String externalMissionDataId, String notes,
-			String creatorUid, String groupVector)  {
+										  String creatorUid, String groupVector)  {
 
 		deleteExternalMissionDataAtTime(missionName, externalMissionDataId, notes, creatorUid, groupVector, new Date());
 	}
@@ -3457,7 +3502,7 @@ public void deleteExternalMissionData(String missionName, String externalMission
 	@Override
 	@CacheEvict(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, allEntries = true)
 	public void notifyExternalMissionDataChanged(String missionName, String externalMissionDataId,
-			String token, String notes, String creatorUid, String groupVector)  {
+												 String token, String notes, String creatorUid, String groupVector)  {
 
 		Mission mission = getMissionService().getMission(getMissionService().trimName(missionName), groupVector);
 
@@ -3486,11 +3531,11 @@ public void notifyExternalMissionDataChanged(String missionName, String external
 	@Override
 	public MissionChange getLatestMissionChangeForContentHash(
 			String missionName, String contentHash) {
-		
+
 		Long missionId = missionRepository.getLatestMissionIdForName(missionName);
-        
+
 		if (missionId == null) {
-		  return null;
+			return null;
 		}
 
 		List<MissionChange> changes = missionChangeRepository.findByTypeAndMissionIdAndContentHashOrderByIdAsc(
@@ -3534,7 +3579,7 @@ public String generateToken(
 			String uid, String missionName, MissionTokenUtils.TokenType tokenType, long expirationMillis) {
 		try {
 			PrivateKey privateKey = JwtUtils.getInstance().getPrivateKey();
-			String flowTag = coreConfig.getRemoteConfiguration().getFilter().getFlowtag().getText();
+			String flowTag = CoreConfigFacade.getInstance().getRemoteConfiguration().getFilter().getFlowtag().getText();
 			return MissionTokenUtils
 					.getInstance(privateKey)
 					.createMissionToken(uid, missionName, tokenType, expirationMillis, flowTag);
@@ -3547,14 +3592,14 @@ public String generateToken(
 
 	@Override
 	public MissionRole getRoleFromTypeAndInvitee(String missionName, String type, String invitee) {
-		
+
 		Long missionId = missionRepository.getLatestMissionIdForName(missionService.trimName(missionName.toLowerCase()));
-		
+
 		if (missionId == null) {
 			throw new NotFoundException("mission " + missionName + " does not exist.");
 		}
-		
-		
+
+
 		MissionInvitation invitation = missionInvitationRepository.
 				findByMissionIdAndTypeAndInvitee(missionId, type, invitee);
 
@@ -3601,7 +3646,7 @@ public MissionRole getRoleFromToken(
 			String token = authorization.substring(7);
 			try {
 
-				if (coreConfig.getRemoteConfiguration().getSecurity().getTls() == null) {
+				if (CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity().getTls() == null) {
 					logger.error("unable to find tls configuration!");
 				}
 
@@ -3697,11 +3742,11 @@ public MissionRole getRoleFromToken(
 	@Override
 	public MissionRole getRoleForRequest(Mission mission, HttpServletRequest request) {
 		try {
-			
+
 			if (logger.isDebugEnabled()) {
 				logger.debug("getRoleForRequest " + (mission == null ? "null" : mission.getName()));
 			}
-			
+
 			// check to see if there was a token submitted with the request
 			MissionRole role = getRoleFromToken(
 					mission, new MissionTokenUtils.TokenType[] {
@@ -3709,11 +3754,11 @@ public MissionRole getRoleForRequest(Mission mission, HttpServletRequest request
 							MissionTokenUtils.TokenType.SUBSCRIPTION
 					}, request);
 			if (role != null) {
-				
+
 				if (logger.isDebugEnabled()) {
 					logger.debug("request had token: " + role);
 				}
-				
+
 				return role;
 			}
 
@@ -3918,7 +3963,7 @@ public int getApiVersionNumberFromRequest(HttpServletRequest request) {
 
 	@Override
 	public boolean inviteOrUpdate(Mission mission, List<MissionSubscription> subscriptions,
-			String creatorUid, String groupVector) {
+								  String creatorUid, String groupVector) {
 
 		try {
 			for (MissionSubscription next : subscriptions) {
@@ -3926,8 +3971,8 @@ public boolean inviteOrUpdate(Mission mission, List<MissionSubscription> subscri
 				MissionSubscription existing = null;
 
 				if (!Strings.isNullOrEmpty(next.getUsername())) {
-					existing = missionSubscriptionRepository.
-							findByMissionNameAndUsernameNoMission(mission.getName(), next.getUsername());
+					existing = getMissionService().
+							getMissionSubscriptionByMissionNameAndUsernameNoMission(mission.getName(), next.getUsername());
 				} else if (!Strings.isNullOrEmpty(next.getClientUid())) {
 					existing = missionSubscriptionRepository.
 							findByMissionNameAndClientUidNoMission(mission.getName(), next.getClientUid());
@@ -3970,20 +4015,21 @@ public void validatePassword(Mission mission, String password) {
 	private CotParser getCotParser() {
 
 		if (cotParser.get() == null) {
-			cotParser.set(new CotParser(coreConfig.getRemoteConfiguration().getSubmission() == null ? false : coreConfig.getRemoteConfiguration().getSubmission().isValidateXml()));
+			cotParser.set(new CotParser(
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getSubmission() == null ? false : CoreConfigFacade.getInstance().getRemoteConfiguration().getSubmission().isValidateXml()));
 		}
 
 		return cotParser.get();
 
 	}
-	
+
 	@CacheEvict(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, allEntries = true)
 	@Override
 	public boolean setExpiration(String missionName, Long expiration, String groupVector) {
 		if (logger.isDebugEnabled()) {
 			logger.debug(" setting expiration on mission " + missionName + " expiration " + expiration);
 		}
-  		if (Strings.isNullOrEmpty(missionName)) {
+		if (Strings.isNullOrEmpty(missionName)) {
 			throw new IllegalArgumentException("empty 'missionName' path parameter");
 		}
 		String missionNameTrim = trimName(missionName);
@@ -4051,17 +4097,17 @@ public void deleteMissionByExpiration(Long expiration) {
 			logger.error(" error querying deleteMissionByExpiration ", e);
 		}
 	}
-	
+
 	@Override
 	@Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, keyGenerator = "methodNameMultiStringArgCacheKeyGenerator")
-    public List<MissionChange> findLatestCachedMissionChanges(String missionName, List<String> uids, List<String> hashes, int changeType) {
-		
+	public List<MissionChange> findLatestCachedMissionChanges(String missionName, List<String> uids, List<String> hashes, int changeType) {
+
 		Long missionId = missionRepository.getLatestMissionIdForName(missionName);
-		
+
 		if (missionId == null) {
 			return null;
 		}
-		
+
 		return missionChangeRepository.findLatest(missionId, uids, hashes, changeType);
 	}
 
@@ -4073,30 +4119,30 @@ public Map<Integer, List<String>> getCachedResources(String missionName, Set<Res
 
 	@Override
 	@Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, keyGenerator = "methodNameMultiStringArgCacheKeyGenerator")
-    public List<MissionChange> findLatestCachedMissionChangesForUids(@Param("missionName") String missionName, @Param("uids") List<String> uids, @Param("changeType") int changeType) {
-		
+	public List<MissionChange> findLatestCachedMissionChangesForUids(@Param("missionName") String missionName, @Param("uids") List<String> uids, @Param("changeType") int changeType) {
+
 		Long missionId = missionRepository.getLatestMissionIdForName(missionName);
-		
+
 		if (missionId == null) {
 			return null;
 		}
-		
-    	return missionChangeRepository.findLatestForUids(missionId, uids, changeType);
-    }
+
+		return missionChangeRepository.findLatestForUids(missionId, uids, changeType);
+	}
 
 	@Override
 	@Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, keyGenerator = "methodNameMultiStringArgCacheKeyGenerator")
-    public List<MissionChange> findLatestCachedMissionChangesForHashes(@Param("missionName") String missionName, @Param("hashes") List<String> hashes, @Param("changeType") int changeType) {
-		
+	public List<MissionChange> findLatestCachedMissionChangesForHashes(@Param("missionName") String missionName, @Param("hashes") List<String> hashes, @Param("changeType") int changeType) {
+
 		Long missionId = missionRepository.getLatestMissionIdForName(missionName);
-		
+
 		if (missionId == null) {
 			return null;
 		}
-		
-    	return missionChangeRepository.findLatestForHashes(missionId, hashes, changeType);
-    }
-	
+
+		return missionChangeRepository.findLatestForHashes(missionId, hashes, changeType);
+	}
+
 	// mission name only for cache key
 	@Override
 	@Cacheable(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, keyGenerator = "methodNameMultiStringArgCacheKeyGenerator")
@@ -4105,7 +4151,7 @@ public List<Resource> getCachedResourcesByHash(String missionName, String hash)
 	}
 
 	private MissionChanges saveFeedChangeAtTime(String missionFeedUid, String creatorUid, MissionChangeType missionChangeType,
-														Mission mission, Date date) {
+												Mission mission, Date date) {
 
 		MissionChanges changes = new MissionChanges();
 		MissionChange change = new MissionChange(missionChangeType, mission);
@@ -4117,7 +4163,7 @@ private MissionChanges saveFeedChangeAtTime(String missionFeedUid, String creato
 
 		missionChangeRepository.saveAndFlush(change);
 
-		MissionChangeUtils.findAndSetTransientValuesForMissionChange(change);
+		hydrateMissionChange(change);
 
 		return changes;
 	}
@@ -4131,7 +4177,7 @@ public MissionFeed getMissionFeed(String missionFeedUid) {
 	public DataFeedDTO getDataFeed(String dataFeedUid) {
 		if (!Strings.isNullOrEmpty(dataFeedUid)) {
 			List<DataFeedDTO> results = dataFeedRepository.getDataFeedByUUID(dataFeedUid);
-			
+
 			if (results != null && results.size() > 0) {
 				return results.get(0);
 			}
@@ -4145,12 +4191,12 @@ public DataFeedDTO getDataFeed(String dataFeedUid) {
 	public MissionFeed addFeedToMission(String missionName, String creatorUid, Mission mission, String dataFeedUid, String filterPolygon, List<String> filterCotTypes, String filterCallsign) {
 		return getMissionService().addFeedToMission(UUID.randomUUID().toString(), missionName, creatorUid, mission, dataFeedUid, filterPolygon, filterCotTypes, filterCallsign);
 	}
-	
+
 	@Override
 	@CacheEvict(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, allEntries = true)
 	public MissionFeed addFeedToMission(String missionFeedUid, String missionName, String creatorUid, Mission mission, String dataFeedUid, String filterPolygon, List<String> filterCotTypes, String filterCallsign) {
 		MissionFeed missionFeed = missionFeedRepository.getByUidNoMission(missionFeedUid);
-	    
+
 		if (missionFeed == null) {
 			missionFeed = new MissionFeed();
 			missionFeed.setUid(missionFeedUid);
@@ -4159,7 +4205,7 @@ public MissionFeed addFeedToMission(String missionFeedUid, String missionName, S
 			missionFeed.setFilterCotTypes(filterCotTypes);
 			missionFeed.setFilterCallsign(filterCallsign);
 			missionFeed.setMission(mission);
-			
+
 			missionFeed = missionFeedRepository.save(missionFeed); // FIXME:  org.postgresql.util.PSQLException: The column name resource3_18_1_ was not found in this ResultSet
 
 			// record the change
@@ -4169,11 +4215,11 @@ public MissionFeed addFeedToMission(String missionFeedUid, String missionName, S
 			// notify users of the change
 			subscriptionManager.announceMissionChange(mission.getName(),
 					ChangeType.DATA_FEED, creatorUid, mission.getTool(), commonUtil.toXml(changes));
-			
-			MissionFeedUtils.findAndSetNameForMissionFeed(missionFeed);
-		
+
+			findNameForMissionFeed(missionFeed);
+
 		}else {
-			MissionFeedUtils.findAndSetNameForMissionFeed(missionFeed);
+			findNameForMissionFeed(missionFeed);
 		}
 
 		return missionFeed;
@@ -4183,22 +4229,22 @@ public MissionFeed addFeedToMission(String missionFeedUid, String missionName, S
 	@CacheEvict(cacheResolver = MissionCacheResolver.MISSION_CACHE_RESOLVER, allEntries = true)
 	public void removeFeedFromMission(String missionName, String creatorUid, Mission mission, String missionFeedUid) {
 		MissionFeed missionFeed = missionFeedRepository.getByUidNoMission(missionFeedUid);
-		
+
 		if (missionFeed != null) {
 			// record the change
 			MissionChanges changes = saveFeedChangeAtTime(
 					missionFeedUid, creatorUid, MissionChangeType.DELETE_DATA_FEED, mission, new Date());
-					
+
 			// notify users of the change
-			subscriptionManager.announceMissionChange(mission.getName(), 
+			subscriptionManager.announceMissionChange(mission.getName(),
 					ChangeType.DATA_FEED, creatorUid, mission.getTool(), commonUtil.toXml(changes));
-			
+
 			missionFeedRepository.deleteByUid(missionFeedUid);
 		}
 	}
 
 	private MissionChanges saveMapLayerChangeAtTime(String mapLayerUid, String creatorUid, MissionChangeType missionChangeType,
-												Mission mission, Date date) {
+													Mission mission, Date date) {
 
 		MissionChanges changes = new MissionChanges();
 		MissionChange change = new MissionChange(missionChangeType, mission);
@@ -4210,7 +4256,7 @@ private MissionChanges saveMapLayerChangeAtTime(String mapLayerUid, String creat
 
 		missionChangeRepository.saveAndFlush(change);
 
-		MissionChangeUtils.findAndSetTransientValuesForMissionChange(change);
+		hydrateMissionChange(change);
 
 		return changes;
 	}
@@ -4266,44 +4312,50 @@ public void removeMapLayerFromMission(String missionName, String creatorUid, Mis
 	@Override
 	@Cacheable(value = Constants.ALL_MISSION_CACHE, key="{#root.methodName, #root.args[0]}", sync = true)
 	public List<Mission> getMissionsForDataFeed(String feed_uid) {
-		return missionRepository.getMissionsForDataFeed(feed_uid);
+		List<Mission> missions = missionRepository.getMissionsForDataFeed(feed_uid);
+		
+		for (Mission mission : missions) {
+			UnproxyHelper.unproxyMission(mission);
+		}
+		
+		return missions;
 	}
-	
-	
+
+
 	@Override
 	@Cacheable(value = Constants.ALL_MISSION_CACHE, key="{#root.methodName, #root.args[0]}", sync = true)
 	public List<String> getMinimalMissionsJsonForDataFeed(String feed_uid) throws JsonProcessingException {
-		
+
 		List<String> result = new ArrayList<>();
-		
+
 		for (Mission m : missionRepository.getMissionsForDataFeed(feed_uid)) {
 			result.add(mapper.writeValueAsString(new MinimalMission(m))); // convert the mission to a MinimalMission
 		}
-		
+
 		return result;
 	}
-	
+
 	@Override
 	@Cacheable(value = Constants.ALL_MISSION_CACHE, key="{#root.methodName, #root.args[0]}", sync = true)
 	public List<String> getMinimalMissionFeedsJsonForDataFeed(String dataFeedUid) throws JsonProcessingException {
-		
+
 		List<String> result = new ArrayList<>();
-		
+
 		for (MissionFeed mf : missionFeedRepository.getMissionFeedsByDataFeedUid(dataFeedUid)) {
 			String missionName = missionFeedRepository.getMissionNameByMissionFeedUid(mf.getUid());
 			if (missionName != null) {
 				result.add(mapper.writeValueAsString(new MinimalMissionFeed(missionName, mf)));
 			}
 		}
-		
+
 		return result;
 	}
 
 	@Override
 	public void sendLatestFeedEvents(Mission mission, MissionFeed missionFeed, List<String> clientUidList, String groupVector) {
 		try {
-			if (!coreConfig.getRemoteConfiguration().getVbm().isEnabled()) return;
-			
+			if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled()) return;
+
 			Polygon polygon = null;
 			GeospatialFilter.BoundingBox boundingBox = null;
 			// use polygon over bbox
@@ -4325,12 +4377,12 @@ public void sendLatestFeedEvents(Mission mission, MissionFeed missionFeed, List<
 					logger.debug("found datafeed to sync " + datafeed.getUUID());
 				}
 
-				Collection<CotEventContainer> feedEvents = dataFeedCotService.getCachedDataFeedEvents(datafeed.getUUID());				
+				Collection<CotEventContainer> feedEvents = dataFeedCotService.getCachedDataFeedEvents(datafeed.getUUID());
 
 				if (logger.isDebugEnabled()) {
 					logger.debug("found events to sync : " + feedEvents.size());
 				}
-				
+
 				// iterate over the events
 				for (CotEventContainer feedEvent : feedEvents) {
 					if (polygon != null && !GeomUtils.polygonContainsCoordinate(polygon,
@@ -4344,7 +4396,7 @@ public void sendLatestFeedEvents(Mission mission, MissionFeed missionFeed, List<
 					long now = new Date().getTime();
 					Timestamp nowTs = new Timestamp(now);
 					feedEvent.setServerTime(nowTs == null ? "" : DateUtil.toCotTime(nowTs.getTime()));
-					
+
 					long staleSeconds = 365 * 24 * 60 * 60;
 					Timestamp staleTs = new Timestamp(staleSeconds);
 					feedEvent.setStale(staleTs == null ? "" : DateUtil.toCotTime(staleTs.getTime()));
@@ -4370,7 +4422,7 @@ public void sendLatestFeedEvents(Mission mission, MissionFeed missionFeed, List<
 			logger.error("exception in sendLatestFeedEvents", e);
 		}
 	}
-	
+
 	@Override
 	public int countAllMissions(boolean passwordProtected, boolean defaultRole, String tool)  {
 
@@ -4381,11 +4433,11 @@ public int countAllMissions(boolean passwordProtected, boolean defaultRole, Stri
 
 
 		int missions = missionRepository.countAllMissions(passwordProtected, defaultRole);
-		
+
 
 		return missions;
 	}
-	
+
 	@Override
 	public List<String> getAllCotForString(String uidSearch, String groupVector) {
 
@@ -4393,7 +4445,7 @@ public List<String> getAllCotForString(String uidSearch, String groupVector) {
 				+ remoteUtil.getGroupAndClause()
 				+ " limit 5";
 		String likeValue = "";
-		if(!uidSearch.isBlank()) {
+		if (!uidSearch.isBlank()) {
 			likeValue = "%" + uidSearch + "%";
 		} else {
 			likeValue = "%";
@@ -4401,23 +4453,237 @@ public List<String> getAllCotForString(String uidSearch, String groupVector) {
 		return new JdbcTemplate(dataSource).query(sql,
 				new Object[] { likeValue, groupVector }, // parameters
 				new ResultSetExtractor<List<String>>() {
-			@Override public List<String> extractData(ResultSet results) throws SQLException {
-				if (results == null) {
-					throw new IllegalStateException("null result set");
-				}
+					@Override public List<String> extractData(ResultSet results) throws SQLException {
+						if (results == null) {
+							throw new IllegalStateException("null result set");
+						}
 
-				if (!results.next()) {
-					throw new NotFoundException("no results");
-				}
+						if (!results.next()) {
+							throw new NotFoundException("no results");
+						}
 
-				List<String> cotUids = new ArrayList<String>();
+						List<String> cotUids = new ArrayList<String>();
 
-				do {
-					cotUids.add(results.getString(1));
-				} while (results.next());
+						do {
+							cotUids.add(results.getString(1));
+						} while (results.next());
 
-				return cotUids;
+						return cotUids;
+					}
+				});
+	}
+	
+	@Override
+    public void hydrateFeedNameForMission(Mission mission) {
+		
+    	if (mission.getFeeds()!=null) {
+    		for (MissionFeed missionFeed: mission.getFeeds()) {
+    			if (missionFeed.getDataFeedUid() != null) {
+    				DataFeedDTO dataFeedDao = getDataFeed(missionFeed.getDataFeedUid());
+    		        if (dataFeedDao != null) {
+    		        	missionFeed.setName(dataFeedDao.getName());
+    		        }
+    			}
+			}
+    	}
+    }
+	
+	@Override
+    public void hydrateMissionChange(MissionChange missionChange) {
+		
+		findContentResource(missionChange);
+		
+		findUidDetails(missionChange);
+		
+		findMissionFeed(missionChange);
+		
+		if (missionChange.getMissionFeed()!=null) {
+			findNameForMissionFeed(missionChange.getMissionFeed());
+		}
+		
+		findMapLayer(missionChange);
+		
+		findExternalMissionData(missionChange);
+    }
+
+	@Override	
+    public void hydrateMissionChangesForMission(Mission mission) {
+    	
+		if (mission.getMissionChanges()!=null) {
+			
+    		for (MissionChange missionChange: mission.getMissionChanges()) {
+    			hydrateMissionChange(missionChange);
 			}
-		});
+    	}
+	}
+
+    private void findContentResource(MissionChange missionChange) {
+
+        Resource resource = null;
+
+        if (missionChange.getContentHash() != null) {
+
+            try {
+                resource = ResourceUtils.fetchResourceByHash(missionChange.getContentHash());
+               
+            } catch (Exception e) {
+                logger.debug("exception fetching resource by hash " + e.getMessage(), e);
+            }
+            
+            // in case the resource has been deleted, just capture the hash
+            if (resource == null) {
+                resource = new Resource();
+                resource.setHash(missionChange.getContentHash());
+                resource.setCreatorUid(null);
+                resource.setFilename(null);
+                resource.setId(null);
+                resource.setKeywords(null);
+                resource.setMimeType(null);
+                resource.setName(null);
+                resource.setSubmissionTime(null);
+                resource.setSize(null);
+                resource.setSubmitter(null);
+                resource.setUid(null);
+            }
+        }
+
+        missionChange.setContentResource(resource);
+
+    }
+    
+    private void findUidDetails(MissionChange missionChange) {
+
+        if (missionChange.getContentUid() != null && missionChange.getTimestamp() != null)   { // FIXME: Why this one check getTimestamp(), but the below use Server time???) 
+            try {
+            	UidDetails uidDetails = missionChange.getUidDetails();
+                if (uidDetails == null) {
+                    uidDetails = new UidDetails();
+                	
+                    hydrate(uidDetails, missionChange.getContentUid(), missionChange.getServerTime());
+                    
+                }
+                missionChange.setUidDetails(uidDetails);
+            } catch (Exception e) {
+                logger.debug("Exception in findUidDetails!", e);
+            }
+        }
+    }
+    
+    private void findMapLayer(MissionChange missionChange) {
+        try {
+        	String mapLayerUid = missionChange.getMapLayerUid();
+            if (mapLayerUid != null) {
+            	
+                MapLayer mapLayer = getMapLayer(mapLayerUid);
+                if (mapLayer == null) {
+                    mapLayer = new MapLayer();
+                    mapLayer.setUid(mapLayerUid);
+                }
+
+                missionChange.setMapLayer(mapLayer);
+            }
+        } catch (Exception e) {
+            logger.error("exception in findMapLayer", e);
+        }
+
+    }
+    
+    private void findExternalMissionData(MissionChange missionChange) {
+
+        if (missionChange.getExternalDataUid() != null && missionChange.getExternalDataName()!= null
+                && missionChange.getExternalDataTool()!= null && missionChange.getExternalDataNotes() != null){
+        	ExternalMissionData externalMissionData = hydrate(
+            		missionChange.getExternalDataUid(), missionChange.getExternalDataName(), missionChange.getExternalDataTool(), missionChange.getExternalDataToken(), missionChange.getExternalDataNotes());
+        	missionChange.setExternalMissionData(externalMissionData);
+        }
+    }
+    
+    private void findMissionFeed(MissionChange missionChange) {
+    	String missionFeedUid = missionChange.getMissionFeedUid();
+        if (missionFeedUid != null) {
+        	
+            MissionFeed missionFeed = getMissionFeed(missionFeedUid);
+            if (missionFeed == null) {
+                missionFeed = new MissionFeed();
+                missionFeed.setUid(missionFeedUid);
+            }
+            missionChange.setMissionFeed(missionFeed); 
+        }
+
+    }
+
+    private void findNameForMissionFeed(MissionFeed missionFeed) {
+    	if (missionFeed.getDataFeedUid() == null) {
+    		return;
+    	}
+        DataFeedDTO dataFeedDao = getDataFeed(missionFeed.getDataFeedUid());
+        if (dataFeedDao != null) {
+        	missionFeed.setName(dataFeedDao.getName());
+        }
+    }
+    
+    // caching methods for MissionSubscriptions. Could be moved to another service class.
+	@Override
+    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
+	public MissionSubscription getMissionSubcriptionByMissionNameAndClientUidAndUsernameNoMission(String missionName, String clientUid, String username) {
+		return (MissionSubscription) Hibernate.unproxy(missionSubscriptionRepository.findByMissionNameAndClientUidAndUsernameNoMission(missionName, clientUid, username));
+		
+	}
+
+	@Override
+    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
+	public MissionSubscription getMissionSubscriptionByMissionNameAndClientUidNoMission(String missionName, String clientUid) {
+		return (MissionSubscription) Hibernate.unproxy(missionSubscriptionRepository.findByMissionNameAndClientUidNoMission(missionName, clientUid));
+	}
+
+	@Override
+    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
+	public MissionSubscription getMissionSubscriptionByMissionNameAndUsernameNoMission(String missionName, String username) {
+		return (MissionSubscription) Hibernate.unproxy(missionSubscriptionRepository.findByMissionNameAndUsernameNoMission(missionName, username));
+	}
+
+	@Override
+    @Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
+    public MissionSubscription getMissionSubscriptionByUidAndMissionNameNoMission(String uid, String missionName) {
+		return (MissionSubscription) Hibernate.unproxy(missionSubscriptionRepository.findByUidAndMissionNameNoMission(uid, missionName));
+	}
+
+	@Override
+	@Cacheable(Constants.MISSION_SUBSCRIPTION_CACHE)
+	public List<MissionSubscription> getMissionSubscriptionsByMissionNameNoMission(String missionName) {
+		
+		List<MissionSubscription> msl = missionSubscriptionRepository.findAllByMissionNameNoMission(missionName);
+		
+		if (msl == null) {
+			return null;
+		}
+		
+		List<MissionSubscription> result = new ArrayList<>();
+		
+		for (MissionSubscription ms : msl) {
+			result.add((MissionSubscription) Hibernate.unproxy(ms));
+		}
+		
+		return result;
 	}
+	
+	@Override
+    public List<MissionSubscription> getMissionSubscriptionsByMissionNameNoMissionNoToken(String missionName) {
+		
+		List<MissionSubscription> msl = missionSubscriptionRepository.findAllByMissionNameNoMissionNoToken(missionName);
+		
+		if (msl == null) {
+			return null;
+		}
+		
+		List<MissionSubscription> result = new ArrayList<>();
+		
+		for (MissionSubscription ms : msl) {
+			result.add((MissionSubscription) Hibernate.unproxy(ms));
+		}
+		
+		return result;
+		
+	}
+
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionTokenUtils.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionTokenUtils.java
index 48aa3621..56cb1808 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionTokenUtils.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/MissionTokenUtils.java
@@ -1,7 +1,10 @@
 package com.bbn.marti.sync.service;
 
 import com.bbn.marti.jwt.JwtUtils;
-import io.jsonwebtoken.*;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.JwtBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/PropertiesServiceDefaultImpl.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/PropertiesServiceDefaultImpl.java
index 11b8ccc0..b30b60e3 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/PropertiesServiceDefaultImpl.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/sync/service/PropertiesServiceDefaultImpl.java
@@ -4,7 +4,6 @@
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -18,7 +17,6 @@
 import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
 
 import com.bbn.marti.remote.util.ConcurrentMultiHashMap;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
 import com.google.common.collect.Multimap;
 
 public class PropertiesServiceDefaultImpl  implements PropertiesService {
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/CommonUtil.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/CommonUtil.java
index 01f7dda1..3c7f5e41 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/CommonUtil.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/CommonUtil.java
@@ -21,9 +21,10 @@
 import java.util.concurrent.ThreadFactory;
 import java.util.concurrent.atomic.AtomicInteger;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import javax.xml.transform.stream.StreamResult;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.json.JSONArray;
 import org.json.JSONObject;
 import org.owasp.esapi.Validator;
@@ -60,8 +61,8 @@
 
 /*
  * Shared utility functions
- * 
- * 
+ *
+ *
  */
 public class CommonUtil {
 
@@ -79,9 +80,6 @@ public class CommonUtil {
 	@Autowired
 	private Marshaller marshaller;
 
-	@Autowired
-	private CoreConfig config;
-
 	@Autowired
 	private Validator validator;
 
@@ -99,7 +97,7 @@ public NavigableSet<Group> getAllInOutGroups() {
 
 	/*
 	 * Get the group set for the authenticated for an active HttpServletRequest
-	 * 
+	 *
 	 */
 	public NavigableSet<Group> getGroupsFromRequest(HttpServletRequest request) {
 		try {
@@ -112,7 +110,7 @@ public NavigableSet<Group> getGroupsFromRequest(HttpServletRequest request) {
 	/*
 	 * Get the group vector corresponding to the authenticated for the currently
 	 * active HttpServletRequest
-	 * 
+	 *
 	 */
 	public NavigableSet<Group> getGroupsFromActiveRequest() {
 
@@ -128,7 +126,7 @@ public NavigableSet<Group> getGroupsFromActiveRequest() {
 	/*
 	 * Get the group vector corresponding to the authenticated for the currently
 	 * active HttpServletRequest
-	 * 
+	 *
 	 */
 	public NavigableSet<Group> getGroupsFromSessionId(String sessionId) throws RemoteException {
 
@@ -194,7 +192,7 @@ public NavigableSet<Group> getGroupsFromSessionId(String sessionId) throws Remot
 			groups = groupManager.getGroupsByConnectionId(sessionId);
 		}
 
-		if (!config.getRemoteConfiguration().getAuth().isX509UseGroupCache()) {
+		if (!CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509UseGroupCache()) {
 			if (groups.isEmpty()) {
 				if (logger.isDebugEnabled()) {
 					logger.debug("no federate or user groups - using default __ANON__ group");
@@ -231,7 +229,7 @@ public UserClassification getUserClassificationFromActiveRequest() throws Remote
 
 		return getUserClassificationFromSessionId(requestBean.getRequest().getSession().getId());
 	}
-	
+
 	public UserClassification getUserClassificationFromRequest(HttpServletRequest request) throws RemoteException {
 
 		if (request == null) {
@@ -249,14 +247,14 @@ public UserClassification getUserClassificationFromRequest(HttpServletRequest re
 
 	/*
 	 * Get the user from the currently active HttpServletRequest
-	 * 
+	 *
 	 */
 	public User getUserFromActiveRequest() throws RemoteException {
 
 		return groupManager.getUserByConnectionId(requestBean.getRequest().getSession().getId());
 	}
-	
-	
+
+
 
 	/*
 	 * Get the group vector corresponding to the authenticated for the currently
@@ -408,7 +406,7 @@ public String chatToCot(ChatMessage chat) {
 		StringBuilder marti = parseAddresses(chat, added);
 		String randomUUID = UUID.randomUUID().toString();
 		String sendCallsign;
-		if(Strings.isNullOrEmpty(chat.getSenderCallsign())){
+		if (Strings.isNullOrEmpty(chat.getSenderCallsign())){
 			sendCallsign = uid;
 		}
 		else{
@@ -454,7 +452,7 @@ public String specialChatroomChatToCot(ChatMessage chat, String specialChatroom)
 		AtomicInteger added = new AtomicInteger(0);
 		StringBuilder marti = parseAddresses(chat, added);
 		String sendCallsign;
-		if(Strings.isNullOrEmpty(chat.getSenderCallsign())){
+		if (Strings.isNullOrEmpty(chat.getSenderCallsign())){
 			sendCallsign = uid;
 		}
 		else{
@@ -475,17 +473,17 @@ public String specialChatroomChatToCot(ChatMessage chat, String specialChatroom)
 		result += "<remarks time='" + time + "' source='" + uid + "'>" + chat.getBody() + "</remarks>";
 		result += "</detail>"
 				+ "</event>";
-		return result;   	
+		return result;
 	}
 
 	public String getSpecialChatroom(ChatMessage chatMessage){
 		for(String address : chatMessage.getAddresses()){
 			SimpleEntry<String, String> entry = resolveChatAddress(address);
-			if(entry.getKey().equals("chatroom")){
-				if(entry.getValue().equalsIgnoreCase(SpecialChatrooms.ALL_STREAMING.name)){
+			if (entry.getKey().equals("chatroom")){
+				if (entry.getValue().equalsIgnoreCase(SpecialChatrooms.ALL_STREAMING.name)){
 					return SpecialChatrooms.ALL_STREAMING.name;
 				}
-				else if(entry.getValue().equalsIgnoreCase(SpecialChatrooms.ALL_CHAT.name)){
+				else if (entry.getValue().equalsIgnoreCase(SpecialChatrooms.ALL_CHAT.name)){
 					return SpecialChatrooms.ALL_CHAT.name;
 				}
 			}
@@ -495,7 +493,7 @@ else if(entry.getValue().equalsIgnoreCase(SpecialChatrooms.ALL_CHAT.name)){
 	public boolean isAllStreamingChat(ChatMessage chat) {
 		for(String address : chat.getAddresses()) {
 			SimpleEntry<String, String> entry = resolveChatAddress(address);
-			if(entry.getKey().equals("chatroom") && entry.getValue().toLowerCase(Locale.ENGLISH).equals("all streaming")) {
+			if (entry.getKey().equals("chatroom") && entry.getValue().toLowerCase(Locale.ENGLISH).equals("all streaming")) {
 				return true;
 			}
 		}
@@ -525,37 +523,37 @@ public String saToCot(SituationAwarenessMessage sa) {
 			result += marti.toString();
 		}
 
-		if(sa.getCallsign() != null) {
+		if (sa.getCallsign() != null) {
 			result += "<contact callsign='"+sa.getCallsign() + "' ";
-			if(sa.getPhoneNumber() != null) {
+			if (sa.getPhoneNumber() != null) {
 				result += "phone='" + sa.getPhoneNumber() + "' ";
 			}
-			if(sa.getTakv() != null) {
+			if (sa.getTakv() != null) {
 				result += "endpoint='*:-1:stcp' ";
 			}
 			result += "/>";
 		}
-		if(sa.getGroup() != null) {
+		if (sa.getGroup() != null) {
 			result += "<__group name='" + sa.getGroup() + "' role='" + sa.getRole() + "'/>";
 		}
-		if(sa.getTakv() != null) {
+		if (sa.getTakv() != null) {
 			String platform = sa.getTakv().split(":")[0];
 			String version = sa.getTakv().split(":")[1];
 			result += "<takv platform='" + platform + "' version='" + version + "'/>";
 		}
-		if(sa.getIconsetPath() != null) {
+		if (sa.getIconsetPath() != null) {
 			result += "<usericon iconsetpath='" + sa.getIconsetPath() + "'/>";
 		}
-		if(sa.getColor() != null) {
+		if (sa.getColor() != null) {
 			result += "<color argb='" + sa.getColor() + "' />";
 		}
-		if(sa.getPersistent() != null) {
+		if (sa.getPersistent() != null) {
 			result += "<archive>" + sa.getPersistent() + "<archive>";
 		}
-		if(sa.getRemarks() != null) {
+		if (sa.getRemarks() != null) {
 			result += "<remarks>" + sa.getRemarks() + "</remarks>";
 		}
-		if(sa.getDetailJson() != null && !sa.getDetailJson().equals("")) {
+		if (sa.getDetailJson() != null && !sa.getDetailJson().equals("")) {
 			String detailJson = sa.getDetailJson();
 			//Recursively build XML details
 			result += recursiveXMLDetailBuilder(new JSONObject(detailJson));
@@ -568,7 +566,7 @@ public String saToCot(SituationAwarenessMessage sa) {
 
 	private String recursiveXMLDetailBuilder(JSONObject obj) {
 		StringBuilder sb = new StringBuilder();
-		if(obj.names() != null) {
+		if (obj.names() != null) {
 			for (int i = 0; i < obj.names().length(); i++) {
 				String key = obj.names().getString(i);
 				if (obj.optJSONArray(key) != null) {
@@ -590,7 +588,7 @@ private String helpBuildXMLFromJson(JSONObject obj, String key) {
 		List<String> subStrings = new ArrayList<>();
 		sb.append("<" + key);
 		//Special case for LineStyle and PolyStyle for ATAK
-		if(key.equalsIgnoreCase("LineStyle") || key.equalsIgnoreCase("PolyStyle")){
+		if (key.equalsIgnoreCase("LineStyle") || key.equalsIgnoreCase("PolyStyle")){
 			sb.append(">");
 			for(int i = 0; i < obj.names().length(); i++){
 				String name = obj.names().getString(i);
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/IconsetDirWatcher.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/IconsetDirWatcher.java
index ba802c53..905c0e4c 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/IconsetDirWatcher.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/IconsetDirWatcher.java
@@ -15,7 +15,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 
-import javax.annotation.PreDestroy;
+import jakarta.annotation.PreDestroy;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/KmlUtils.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/KmlUtils.java
index ff55b698..3bf24839 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/KmlUtils.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/KmlUtils.java
@@ -2,12 +2,12 @@
 
 package com.bbn.marti.util;
 
-import java.awt.*;
+import java.awt.Color;
+import java.awt.Graphics;
 import java.awt.image.BufferedImage;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
 import java.sql.Timestamp;
 import java.text.DateFormat;
@@ -25,12 +25,31 @@
 import java.util.logging.Logger;
 
 import javax.imageio.ImageIO;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
 
 import com.atakmap.coremap.maps.coords.DistanceCalculations;
-import de.micromata.opengis.kml.v_2_2_0.*;
+import de.micromata.opengis.kml.v_2_2_0.AltitudeMode;
+import de.micromata.opengis.kml.v_2_2_0.BasicLink;
+import de.micromata.opengis.kml.v_2_2_0.Boundary;
 import de.micromata.opengis.kml.v_2_2_0.Container;
+import de.micromata.opengis.kml.v_2_2_0.Document;
+import de.micromata.opengis.kml.v_2_2_0.ExtendedData;
+import de.micromata.opengis.kml.v_2_2_0.Feature;
+import de.micromata.opengis.kml.v_2_2_0.Folder;
+import de.micromata.opengis.kml.v_2_2_0.Geometry;
+import de.micromata.opengis.kml.v_2_2_0.IconStyle;
+import de.micromata.opengis.kml.v_2_2_0.Kml;
+import de.micromata.opengis.kml.v_2_2_0.LabelStyle;
+import de.micromata.opengis.kml.v_2_2_0.LineString;
+import de.micromata.opengis.kml.v_2_2_0.LineStyle;
+import de.micromata.opengis.kml.v_2_2_0.LinearRing;
+import de.micromata.opengis.kml.v_2_2_0.Placemark;
+import de.micromata.opengis.kml.v_2_2_0.PolyStyle;
+import de.micromata.opengis.kml.v_2_2_0.Polygon;
+import de.micromata.opengis.kml.v_2_2_0.SchemaData;
+import de.micromata.opengis.kml.v_2_2_0.Style;
+import de.micromata.opengis.kml.v_2_2_0.TimeSpan;
 import org.dom4j.DocumentHelper;
 import org.dom4j.Element;
 import org.springframework.core.io.Resource;
@@ -40,7 +59,6 @@
 
 import com.atakmap.android.icons.Icon2525bTypeResolver;
 import com.bbn.marti.dao.kml.KMLDao;
-import com.google.common.base.Charsets;
 import com.google.common.base.Strings;
 
 import de.micromata.opengis.kml.v_2_2_0.gx.MultiTrack;
@@ -49,7 +67,6 @@
 import tak.server.Constants;
 import tak.server.cot.CotElement;
 import tak.server.util.Association;
-import de.micromata.opengis.kml.v_2_2_0.Polygon;
 
 public class KmlUtils {
     public static final double MAX_VALID_ALTITUDE_METERS = 1000000d; // The atmosphere is about 1000 km thick
@@ -88,11 +105,11 @@ public class KmlUtils {
     public static String rgbToKmlHex(int r, int g, int b) {
         Color c = new Color(r,g,b);
         String rr = Integer.toHexString(c.getRed());
-        if(rr.length() < 2) { rr = "0" + rr; }
+        if (rr.length() < 2) { rr = "0" + rr; }
         String gg = Integer.toHexString(c.getGreen());
-        if(gg.length() < 2) { gg = "0" + gg; }
+        if (gg.length() < 2) { gg = "0" + gg; }
         String bb = Integer.toHexString(c.getBlue());
-        if(bb.length() < 2) { bb = "0" + bb; }
+        if (bb.length() < 2) { bb = "0" + bb; }
         return "8f" + bb + gg + rr;
     }
 
@@ -259,7 +276,7 @@ public static Style buildStyle(CotElement qr) {
 
         log.fine("building style for cottype: " + type + " CotElement " + qr);
 
-        if(type.startsWith("b-m-r")) {
+        if (type.startsWith("b-m-r")) {
             // route
             s = buildStyle(qr.styleUrl, qr.iconUrl, "7fffaaff", rgbToKmlHex(0, 255, 0), 4);
         } else if (type.startsWith("u-d-r")) {
@@ -276,9 +293,9 @@ public static Style buildStyle(String styleUrl, String iconUrl,
             String labelColor, String lineColor, int lineWidth) {
         Style s = new Style();
 
-        if(labelColor == null)
+        if (labelColor == null)
             labelColor = "7fffaaff";
-        if(lineColor == null)
+        if (lineColor == null)
             lineColor = "8fffffff";
 
         s.withId(styleUrl)
@@ -300,9 +317,9 @@ public static Style buildPolygonStyle(String styleUrl,
             String labelColor, String lineColor, int lineWidth) {
         Style s = new Style();
 
-        if(labelColor == null)
+        if (labelColor == null)
             labelColor = "7fffaaff";
-        if(lineColor == null)
+        if (lineColor == null)
             lineColor = "8fffffff";
 
         s.withId(styleUrl)
@@ -795,17 +812,17 @@ public static String get2525BIconUrl(String cotType, boolean isMedevac, String g
             throw new IllegalArgumentException("empty CoT type");
         }
         
-        if(cotType.equals("b-m-p-s-p-i")) {
+        if (cotType.equals("b-m-p-s-p-i")) {
             iconUrl = "icons/bmpspi.png";
-        } else if(cotType.startsWith("b-m-p-j")) {
+        } else if (cotType.startsWith("b-m-p-j")) {
             iconUrl = "icons/dip.png";
-        } else if(cotType.startsWith("b-m-p") || cotType.startsWith("u-d-p") || cotType.startsWith("b-m-r") || cotType.startsWith("b-l")) {
+        } else if (cotType.startsWith("b-m-p") || cotType.startsWith("u-d-p") || cotType.startsWith("b-m-r") || cotType.startsWith("b-l")) {
             iconUrl = "icons/bmpw.png";
-        } else if(cotType.startsWith("b-i-v")) {
+        } else if (cotType.startsWith("b-i-v")) {
             iconUrl = "icons/video.png";
-        } else if(cotType.startsWith("b-d")) {
+        } else if (cotType.startsWith("b-d")) {
             iconUrl = "icons/b.png";
-        } else if(cotType.contains("radsensor")) {
+        } else if (cotType.contains("radsensor")) {
             iconUrl = "icons/radsensor.png";
         } else {
             try {
@@ -825,7 +842,7 @@ public static String get2525BIconUrl(String cotType, boolean isMedevac, String g
                             }
                         }
                     }
-                    if(iconUrl.isEmpty()) {
+                    if (iconUrl.isEmpty()) {
                         shrinkingType = shrinkingType.substring(0, shrinkingType.length() - 2);
                         if (shrinkingType.length() < 4) {
                             iconUrl = "icons/b.png";
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/PeekingIterator.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/PeekingIterator.java
index 8164e2bb..7f158a13 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/PeekingIterator.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/PeekingIterator.java
@@ -78,7 +78,8 @@ protected void advance() {
     if (getIter().hasNext()) {
       head = getIter().next();
       valid = true;
-    } else
+    } else {
       valid = false;
+    }
   }
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/VersionApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/VersionApi.java
index 38408bd6..74f62e0c 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/VersionApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/VersionApi.java
@@ -5,7 +5,7 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ConfigurationType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ConfigurationType.java
index bcdcf0c2..15761e86 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ConfigurationType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ConfigurationType.java
@@ -10,10 +10,10 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ContentType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ContentType.java
index 631496f6..6ca0ff84 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ContentType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ContentType.java
@@ -12,14 +12,11 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
-
-import org.locationtech.jts.geom.Point;
-
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 /**
  * <p>Java class for ContentType complex type.
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ContentsType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ContentsType.java
index e0c721ba..088c2af1 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ContentsType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ContentsType.java
@@ -10,10 +10,10 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/GroupType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/GroupType.java
index 74228c21..d6a49c7f 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/GroupType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/GroupType.java
@@ -8,10 +8,10 @@
 
 package com.bbn.marti.util.missionpackage;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/GroupsType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/GroupsType.java
index 824df52e..1935d9db 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/GroupsType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/GroupsType.java
@@ -10,10 +10,10 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/MissionPackage.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/MissionPackage.java
index 16c9f833..e23f10a9 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/MissionPackage.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/MissionPackage.java
@@ -1,13 +1,17 @@
 package com.bbn.marti.util.missionpackage;
 
-import java.io.*;
+import java.io.BufferedInputStream;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.StringWriter;
 import java.util.HashMap;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 import java.util.zip.ZipOutputStream;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBException;
+import jakarta.xml.bind.Marshaller;
 
 public class MissionPackage {
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/MissionPackageManifest.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/MissionPackageManifest.java
index 3718a92e..863407ef 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/MissionPackageManifest.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/MissionPackageManifest.java
@@ -8,12 +8,12 @@
 
 package com.bbn.marti.util.missionpackage;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ObjectFactory.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ObjectFactory.java
index 28446267..ad477148 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ObjectFactory.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ObjectFactory.java
@@ -8,7 +8,7 @@
 
 package com.bbn.marti.util.missionpackage;
 
-import javax.xml.bind.annotation.XmlRegistry;
+import jakarta.xml.bind.annotation.XmlRegistry;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ParameterType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ParameterType.java
index efdc798f..00713cad 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ParameterType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/ParameterType.java
@@ -8,10 +8,10 @@
 
 package com.bbn.marti.util.missionpackage;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/PermissionType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/PermissionType.java
index 116644ab..3efe8d85 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/PermissionType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/PermissionType.java
@@ -8,10 +8,10 @@
 
 package com.bbn.marti.util.missionpackage;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/RoleType.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/RoleType.java
index 1ff77e2e..16d23590 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/RoleType.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/missionpackage/RoleType.java
@@ -10,11 +10,11 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlType;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlType;
 
 
 /**
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/MissionRoleAssignmentRequestHolderFilterBean.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/MissionRoleAssignmentRequestHolderFilterBean.java
index a7633b68..8ecf4a22 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/MissionRoleAssignmentRequestHolderFilterBean.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/MissionRoleAssignmentRequestHolderFilterBean.java
@@ -4,20 +4,22 @@
 import java.net.URLDecoder;
 import java.util.UUID;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.annotation.Order;
 import org.springframework.web.filter.GenericFilterBean;
 
-import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.logging.AuditLogUtil;
 import com.bbn.marti.remote.exception.MissionDeletedException;
 import com.bbn.marti.remote.exception.NotFoundException;
 import com.bbn.marti.sync.model.Mission;
@@ -39,9 +41,6 @@ public class MissionRoleAssignmentRequestHolderFilterBean extends GenericFilterB
 	@Autowired
 	private CommonUtil martiUtil;
 
-	@Autowired
-	private CoreConfig config;
-
 	private final String apiMissions = "/api/missions/";
 	private final String copMissions = "/api/cops/";
 
@@ -54,14 +53,35 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 		HttpServletResponse resp = (HttpServletResponse) servletResponse;
 
 		if (servletRequest.getLocalPort() != 8080
-				&& config.getRemoteConfiguration().getNetwork().isEnableHSTS()) {
+				&& CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isEnableHSTS()) {
 			resp.setHeader("Strict-Transport-Security", "max-age=63072000; includeSubDomains");
 		}
 
-		if (config.getRemoteConfiguration().getNetwork().isAllowAllOrigins()) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isAllowAllOrigins()) {
 			resp.setHeader("Access-Control-Allow-Origin", "*");
 			resp.setHeader("Access-Control-Allow-Headers", "*");
 			resp.setHeader("Access-Control-Allow-Methods", "*");
+		} else if (!Strings.isNullOrEmpty(
+				CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getAllowOrigins())) {
+
+			resp.setHeader("Access-Control-Allow-Origin",
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getAllowOrigins());
+
+			if (!Strings.isNullOrEmpty(
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getAllowHeaders())) {
+				resp.setHeader("Access-Control-Allow-Headers",
+						CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getAllowHeaders());
+			}
+
+			if (!Strings.isNullOrEmpty(
+					CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getAllowMethods())) {
+				resp.setHeader("Access-Control-Allow-Methods",
+						CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getAllowMethods());
+			}
+
+			if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isAllowCredentials()) {
+				resp.setHeader("Access-Control-Allow-Credentials", "true");
+			}
 		}
 
 		String path = req.getRequestURI();
@@ -74,11 +94,17 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 		}
 
 		if (logger.isDebugEnabled()) {
-			
+
 			// NB this can act as a request logger
 			logger.debug("path: " + path);
 		}
 
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getLogging() != null &&
+				CoreConfigFacade.getInstance().getRemoteConfiguration().getLogging().isAuditLoggingEnabled()) {
+			AuditLogUtil.setMdc(req, resp);
+			logger.info("doFilter request path: " + path);
+		}
+
 		if (missionStart != -1) {
 
 			boolean missionCreate = false;
@@ -88,7 +114,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 				missionEnd = path.length();
 
 				if (req.getMethod().equals("PUT") || req.getMethod().equals("POST")
-				|| (req.getMethod().equals("OPTIONS") && config.getRemoteConfiguration().getNetwork().isAllowAllOrigins())) {
+						|| (req.getMethod().equals("OPTIONS") && CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().isAllowAllOrigins())) {
 					missionCreate = true;
 				}
 			}
@@ -103,12 +129,12 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 				// ignore /missions endpoints that don't refer to an individual mission
 				//
 				if (missionName.compareTo("all") != 0
-				&& 	missionName.compareTo("logs") != 0
-				&& 	missionName.compareTo("invitations") != 0
-				&& 	missionName.compareTo("hierarchy") != 0) {
-					
+						&& 	missionName.compareTo("logs") != 0
+						&& 	missionName.compareTo("invitations") != 0
+						&& 	missionName.compareTo("hierarchy") != 0) {
+
 					String missionGuid = null;
-					
+
 					try {
 						String[] parts = path.split("/", 0);
 
@@ -120,30 +146,30 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 					} catch (Exception e) {
 						logger.warn("error getting mission guid from path", e);
 					}
-					
+
 					logger.debug("mission guid {}", missionGuid);
-					
+
 					//
 					// get the mission
 					//
 					Mission mission = null;
-					
+
 					logger.debug("mission name (can be guid) : {}", missionName);
 
 					try {
-						
+
 						// for guid case, the missonName looks like 'guid' here
 						if (missionName != null && missionName.toLowerCase().equals("guid") && !Strings.isNullOrEmpty(missionGuid)) {
-							
+
 							logger.debug("getting mission by guid {}", missionGuid);
-							
+
 							UUID missionUuid = UUID.fromString(missionGuid);
-							
+
 							mission = missionService.getMissionNoContentByGuid(missionUuid, martiUtil.getGroupVectorBitString(req.getSession().getId()));
 						} else {
-							
+
 							logger.debug("getting mission by name {}", missionName);
-							
+
 							mission = missionService.getMissionNoContent(missionName, martiUtil.getGroupVectorBitString(req.getSession().getId()));
 						}
 
@@ -157,7 +183,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 
 						req.setAttribute(MissionRole.class.getName(), role);
 
-						if (config.getRemoteConfiguration().getVbm().isEnabled()) {
+						if (CoreConfigFacade.getInstance().getRemoteConfiguration().getVbm().isEnabled()) {
 							if (!missionService.validateAccess(mission, req)) {
 								((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_NOT_FOUND);
 								return;
@@ -181,6 +207,11 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 							return;
 						}
 					} catch (IllegalArgumentException e) {
+
+						if (CoreConfigFacade.getInstance().getRemoteConfiguration().getLogging().isAuditLoggingEnabled()) {
+							logger.error("invalid mission UUID: " + missionGuid);
+						}
+
 						throw new IllegalArgumentException("invalid mission UUID");
 					} catch (Exception e) {
 						logger.warn("exception assigning mission role", e);
@@ -193,6 +224,10 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 			logger.debug("RequestHolderFilterBean doFilter: " + servletRequest);
 		}
 
-		filterChain.doFilter(servletRequest, servletResponse);
+		try {
+			filterChain.doFilter(servletRequest, servletResponse);
+		} finally {
+			MDC.clear();
+		}
 	}
 }
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/RequestHolderBean.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/RequestHolderBean.java
index 07b67a4d..0d19f0b0 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/RequestHolderBean.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/RequestHolderBean.java
@@ -2,8 +2,8 @@
 
 import java.util.Collection;
 
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/RolePortUserServiceWrapper.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/RolePortUserServiceWrapper.java
index bdf2d36d..90576acf 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/RolePortUserServiceWrapper.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/RolePortUserServiceWrapper.java
@@ -7,13 +7,12 @@
 import java.util.Locale;
 import java.util.Map;
 
-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.dao.DataAccessException;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.core.Authentication;
@@ -24,8 +23,8 @@
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
 import com.bbn.marti.config.Network.Connector;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.exception.TakException;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.beust.jcommander.internal.Lists;
 import com.google.common.base.Strings;
 
@@ -39,9 +38,6 @@ public class RolePortUserServiceWrapper extends UserDetailsByNameServiceWrapper
 
     private static final Logger logger = LoggerFactory.getLogger(RolePortUserServiceWrapper.class);
 
-    @Autowired
-    CoreConfig config;
-
     // This is defined in security-context.xml
     @Resource(name="httpsBasicPaths")
     private List<String> httpsAndBasicPaths;
@@ -92,7 +88,7 @@ public UserDetails loadUserDetails(Authentication authentication) throws Usernam
         }
 
         if (portRoleMap.containsKey(requestPort)) {
-
+            
             String role = portRoleMap.get(requestPort);
             
             if (logger.isDebugEnabled()) {
@@ -104,7 +100,7 @@ public UserDetails loadUserDetails(Authentication authentication) throws Usernam
 
             try {
                 // Get Configuration on the requestPort
-                List<Connector> connectors = config.getRemoteConfiguration().getNetwork().getConnector();
+                List<Connector> connectors = CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getConnector();
                 Connector configConnectorOnTheRequestedPort = null;
                 for (Connector connector : connectors) {
                     if (requestPort.equals(String.valueOf(connector.getPort()))) {
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/TakPreAuthenticatedProcessingFilter.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/TakPreAuthenticatedProcessingFilter.java
index c3c7d3e6..2bfb5f1d 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/TakPreAuthenticatedProcessingFilter.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/TakPreAuthenticatedProcessingFilter.java
@@ -4,7 +4,7 @@
 
 import tak.server.Constants;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 public class TakPreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter  {
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/ThreadLocalRequestHolder.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/ThreadLocalRequestHolder.java
index dc0a7e8d..7d4ad4cc 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/ThreadLocalRequestHolder.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/ThreadLocalRequestHolder.java
@@ -1,7 +1,7 @@
 package com.bbn.marti.util.spring;
 
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 public class ThreadLocalRequestHolder {
 	
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/UnforgivingAuthenticationFailureHandler.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/UnforgivingAuthenticationFailureHandler.java
index e9d4fc4f..d127f77d 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/UnforgivingAuthenticationFailureHandler.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/util/spring/UnforgivingAuthenticationFailureHandler.java
@@ -2,9 +2,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.AuthenticationException;
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/Feed.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/Feed.java
index 6807c790..38c77c8d 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/Feed.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/Feed.java
@@ -6,13 +6,13 @@
 
 package com.bbn.marti.video;
 
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import org.owasp.esapi.*;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+
+import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.ValidationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import com.bbn.security.web.MartiValidator;
 import com.bbn.security.web.MartiValidatorConstants;
 
 import java.net.MalformedURLException;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/FeedV2.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/FeedV2.java
index 38645ecb..2f0d9647 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/FeedV2.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/FeedV2.java
@@ -6,16 +6,15 @@
 
 package com.bbn.marti.video;
 
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlTransient;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
-import org.owasp.esapi.*;
+import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.ValidationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import com.bbn.security.web.MartiValidator;
 import com.bbn.security.web.MartiValidatorConstants;
 
 @XmlRootElement(name = "feed")
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoCollections.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoCollections.java
index f7075a3f..51579dad 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoCollections.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoCollections.java
@@ -9,8 +9,8 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
 
 
 @XmlRootElement(name = "videoCollections")
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnection.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnection.java
index 917de120..536da7b6 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnection.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnection.java
@@ -6,12 +6,18 @@
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
-import javax.persistence.*;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
-
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import jakarta.persistence.Transient;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlTransient;
 
 @Entity
 @Table(name = "video_connections_v2")
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionManager.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionManager.java
index 743c1d57..34a824ab 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionManager.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionManager.java
@@ -10,13 +10,13 @@
 import java.io.OutputStream;
 import java.io.StringWriter;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBException;
+import jakarta.xml.bind.Marshaller;
+import jakarta.xml.bind.Unmarshaller;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -53,7 +53,7 @@ private boolean addVideoConnections(HttpServletRequest request) throws JAXBExcep
 
     	//String xml = org.apache.commons.io.IOUtils.toString(request.getInputStream());
 		org.w3c.dom.Document doc = SecureXmlParser.makeDocument(request.getInputStream());
-		if(doc != null) {
+		if (doc != null) {
 			JAXBContext jaxbContext = JAXBContext.newInstance(VideoConnections.class, Feed.class);
 			Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller();
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionManagerV2.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionManagerV2.java
index 3d0ec5b4..12511c91 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionManagerV2.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionManagerV2.java
@@ -3,14 +3,20 @@
 import com.bbn.marti.network.BaseRestController;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.util.CommonUtil;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
 
 
 @RestController
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionSender.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionSender.java
index f23e4d7c..e912e8b2 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionSender.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionSender.java
@@ -13,10 +13,10 @@
 import java.util.Objects;
 import java.util.UUID;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.Part;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Part;
 
 import org.apache.commons.io.IOUtils;
 import org.slf4j.Logger;
@@ -27,7 +27,7 @@
 import com.bbn.marti.remote.SubmissionInterface;
 import com.bbn.marti.remote.util.DateUtil;
 import com.bbn.marti.util.CommonUtil;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 
 
 //@WebServlet("/vcs/*")
@@ -78,10 +78,10 @@ private static String getCotMessage(String senderUid, String destUid, String add
     private static String[] getContacts(HttpServletRequest request) throws IOException, ServletException {
 	    // Get the list of people to send an advertisement to (OPTIONAL)
     	String[] contacts = request.getParameterValues("contacts");
-    	if(contacts == null || contacts.length == 0) {
+    	if (contacts == null || contacts.length == 0) {
     		List<String> contactList = new LinkedList<String>();
     			for(Part part : request.getParts()) {
-    				if(part.getName().equalsIgnoreCase("contacts")) {
+    				if (part.getName().equalsIgnoreCase("contacts")) {
     					try(InputStream in = part.getInputStream()) {
 							StringWriter writer = new StringWriter();
 							IOUtils.copy(in, writer);
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionUploader.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionUploader.java
index fd3489a3..f6a6866a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionUploader.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnectionUploader.java
@@ -7,9 +7,9 @@
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnections.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnections.java
index fb1bef9a..e70e998b 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnections.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoConnections.java
@@ -9,8 +9,8 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
 
 
 @XmlRootElement(name = "videoConnections")
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoManagerService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoManagerService.java
index c6d8f0ba..69eb5e23 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoManagerService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/video/VideoManagerService.java
@@ -16,10 +16,10 @@
 
 import javax.naming.NamingException;
 import javax.sql.DataSource;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBException;
+import jakarta.xml.bind.Marshaller;
+import jakarta.xml.bind.Unmarshaller;
 
 import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.ValidationException;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/xmpp/XmppAPI.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/xmpp/XmppAPI.java
index e07ff570..e0c5b321 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/xmpp/XmppAPI.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/marti/xmpp/XmppAPI.java
@@ -5,9 +5,10 @@
 import java.util.UUID;
 import java.util.concurrent.atomic.AtomicBoolean;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.jivesoftware.whack.ExternalComponentManager;
 import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.ValidationException;
@@ -49,11 +50,8 @@ public class XmppAPI extends BaseRestController {
 
     @Autowired
     private EnterpriseSyncService syncStore;
-    
-    @Autowired
-    private CoreConfig coreConfig;
 
-	@EventListener({ContextRefreshedEvent.class})
+    @EventListener({ContextRefreshedEvent.class})
     public void init() {
 
         synchronized (lock) {
@@ -66,7 +64,7 @@ public void init() {
                 public void run() {
                     Xmpp xmppConfig;
                     try {
-                        xmppConfig = coreConfig.getRemoteConfiguration().getXmpp();
+                        xmppConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getXmpp();
                     } catch (Exception re) {
                         logger.error("unable to obtain xmpp config: " + re.getMessage());
                         return;
@@ -136,9 +134,9 @@ ResponseEntity getFile(
 
             // validate inputs
             validator.getValidInput(XMPP_TOOL, uid,
-            		MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
+                    MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
             validator.getValidInput(XMPP_TOOL, filename,
-            		MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
+                    MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
 
             List<Metadata> metadataList = syncStore.getMetadataByUidAndTool(uid, XMPP_TOOL, groupVector);
             if (metadataList == null || metadataList.size() == 0) {
@@ -201,9 +199,9 @@ ResponseEntity putFile(
         try {
             // validate inputs
             validator.getValidInput(XMPP_TOOL, uid,
-            		MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
+                    MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
             validator.getValidInput(XMPP_TOOL, filename,
-            		MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
+                    MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
 
             final Slot slot = SlotManager.getInstance().consumeSlotForPut(UUID.fromString(uid));
             if (slot == null) {
@@ -228,8 +226,8 @@ ResponseEntity putFile(
                     if (!slotContentType.equalsIgnoreCase(contentType)) {
                         String message = "Content type in request " + contentType +
                                 " does not correspond with slot content type " + slotContentType;
-                       message = validator.getValidInput(XMPP_TOOL, message,
-                    		   MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
+                        message = validator.getValidInput(XMPP_TOOL, message,
+                                MartiValidatorConstants.Regex.MartiSafeString.name(), MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
                         logger.info(message); // log forging prevention
                         return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(message);
                     }
@@ -257,7 +255,7 @@ ResponseEntity putFile(
             Metadata metadata = syncStore.insertResource(toStore, contents, martiUtil.getGroupBitVector(request));
 
             String url = request.getRequestURL().toString();
-           url = validator.getValidInput("Location", url, "MartiSafeString", MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
+            url = validator.getValidInput("Location", url, "MartiSafeString", MartiValidatorConstants.DEFAULT_STRING_CHARS, true);
             response.setHeader("Location", url);
             return new ResponseEntity(HttpStatus.CREATED);
 
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/security/web/MartiValidator.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/security/web/MartiValidator.java
index 719ac65c..b7b8247a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/security/web/MartiValidator.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/security/web/MartiValidator.java
@@ -22,6 +22,7 @@
 
  */
 
+import com.bbn.marti.ValidatorUtils;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
 import org.owasp.esapi.ValidationErrorList;
@@ -100,70 +101,15 @@ public void assertValidHTTPRequestParameterSet(String context,
 													Set<String> required, 
 													Set<String> optional) 
 		throws ValidationException, IntrusionException {
-		
+
 		if (logger.isDebugEnabled()) {
 			logger.debug(" assertValidHTTPRequestParameterSet. context: " + context + " request: " + request
 					+ " required: " + required
 					+ " optional: " + optional);
 		}
-		
-		// This implementation in inefficient but performance is not much a of a concern.
-		
-		Set<String> given = request.getParameterMap().keySet();
-		Set<String> lowerCase = new HashSet<String>();
-		for (String key : given) {
-			lowerCase.add(key.toLowerCase());
-		}
-
-		// verify ALL required parameters are present		
-		Set<String> missing = new HashSet<String>();
-		for (String parameter : required) {
-			if (!lowerCase.contains(parameter.toLowerCase())) {
-				missing.add(parameter);
-			}
-		}
-		if (missing.size() > 0) {
 
-			String message = "Invalid HTTP request missing parameters " + missing + ": context=" + context;
-			
-			throw new ValidationException(message, message, context);
-		}
-
-		// verify ONLY optional + required parameters are present
-		Set<String> allowed = new HashSet<String>();
-		for (String parameter : required) {
-			allowed.add(parameter.toLowerCase());
-		}
-		for (String parameter : optional) {
-			allowed.add(parameter.toLowerCase());
-		}
-		
-		Set<String> extra = new HashSet<String>();
-		for (String parameter : given) {
-			if (!allowed.contains(parameter.toLowerCase())) {
-				extra.add(parameter);
-			}
-		}
-		
-		if (extra.size() > 0) {
-			Iterator<String> extraItr = extra.iterator();
-			StringBuilder badParameters = new StringBuilder();
-			while (extraItr.hasNext()) {
-				String badExtra = extraItr.next();
-				if (this.isValidInput("assertValidHttpRequestParameterSet", badExtra, "HTTPParameterName",
-						MartiValidatorConstants.DEFAULT_STRING_CHARS, false)) {
-					badParameters.append(badExtra);
-				} else {
-					badParameters.append("[redacted]");
-				}
-				if (extraItr.hasNext()) {
-					badParameters.append(", ");
-				}
-			}
-			
-			throw new ValidationException( context + ": Invalid HTTP request extra parameters (redacted) ", 
-					"Invalid HTTP request extra parameters " + badParameters.toString() + ": context=" + context, context );
-		}
+		ValidatorUtils.assertValidHTTPRequestParameterSet(context, request.getParameterMap().keySet(),
+				required, optional, this);
 	}
 	
 	@Override
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/CertManagerAdminApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/CertManagerAdminApi.java
index 8722fb02..e515d490 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/CertManagerAdminApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/CertManagerAdminApi.java
@@ -1,6 +1,11 @@
 package com.bbn.tak.tls;
 
-import java.io.*;
+import java.io.BufferedOutputStream;
+import java.io.BufferedWriter;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -9,8 +14,9 @@
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -20,18 +26,21 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
 
 import com.bbn.marti.config.CertificateSigning;
 import com.bbn.marti.config.TAKServerCAConfig;
 import com.bbn.marti.cot.search.model.ApiResponse;
 import com.bbn.marti.network.BaseRestController;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.exception.NotFoundException;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.SubscriptionManagerLite;
 import com.bbn.tak.tls.repository.TakCertRepository;
 
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 import tak.server.Constants;
 
 
@@ -46,9 +55,6 @@ public class CertManagerAdminApi extends BaseRestController {
     @Autowired
     private TakCertRepository takCertRepository;
 
-    @Autowired
-    private CoreConfig coreConfig;
-
     @Autowired
     SubscriptionManagerLite subscriptionManager;
 
@@ -260,7 +266,7 @@ private void revokeCertificate(TakCert cert) throws IOException, InterruptedExce
             //
             // grab the CertificateSigning config element
             //
-            CertificateSigning certificateSigning = coreConfig.getRemoteConfiguration().getCertificateSigning();
+            CertificateSigning certificateSigning = CoreConfigFacade.getInstance().getRemoteConfiguration().getCertificateSigning();
             if (certificateSigning == null) {
                 throw new TakException("Couldn't find CertificateSigning in CoreConfig.xml!");
             }
@@ -313,7 +319,7 @@ private void revokeCertificate(TakCert cert) throws IOException, InterruptedExce
 
     @RequestMapping(value = "/certadmin/cert/{hash}", method = RequestMethod.DELETE)
     ApiResponse<TakCert> revokeCertificate(
-                @PathVariable("hash") @NotNull String hash) throws IOException {
+            @PathVariable("hash") @NotNull String hash) throws IOException {
         try {
             TakCert cert = takCertRepository.findOneByHash(hash);
             if (cert == null) {
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/CertManagerApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/CertManagerApi.java
index 79fe2dd6..2f262240 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/CertManagerApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/CertManagerApi.java
@@ -2,6 +2,7 @@
 
 package com.bbn.tak.tls;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 
@@ -15,11 +16,11 @@
 import java.util.List;
 
 import javax.security.auth.x500.X500Principal;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.Marshaller;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBElement;
+import jakarta.xml.bind.Marshaller;
 import javax.xml.namespace.QName;
 
 import org.slf4j.Logger;
@@ -95,21 +96,18 @@ public PEMCertKey(String cert, String key) {
 
     private static final String DEFAULT_PASSWORD = "atakatak";
     
-    @Autowired
-    CoreConfig coreConfig;
-
     @RequestMapping(value = "/tls/makeClientKeyStore", method = RequestMethod.GET)
     ResponseEntity<byte[]> makeKeyStore(@RequestParam(value = "cn", required = false) String cn,
                                         @RequestParam(value = "password", required = false,
                                                 defaultValue = DEFAULT_PASSWORD) String password) throws Exception {
-        if(cn == null || cn.isEmpty()) {
+        if (cn == null || cn.isEmpty()) {
             cn = getHttpUser();
         }
 
         X509Certificate[] signingCertChain = subMgr.getSigningCertChain();
         X509Certificate signingCert = signingCertChain[0];
         String dn = verifyCN(cn, signingCert);
-        if(dn == null) {
+        if (dn == null) {
             logger.error("Can't make certificate for cn="+cn);
             response.sendError(HttpServletResponse.SC_FORBIDDEN, "Can't make certificate for cn="+cn);
             return null;
@@ -149,7 +147,7 @@ ResponseEntity<byte[]> makeKeyStore(@RequestParam(value = "cn", required = false
 
     protected String verifyCN(String cn, X509Certificate issuer) {
         logger.warn("generating client cert for: " + getHttpUser());
-        if(cn.compareTo(getHttpUser()) == 0) {
+        if (cn.compareTo(getHttpUser()) == 0) {
             logger.warn("cn matched username");
             String issuerDn = issuer.getSubjectDN().getName();
             logger.warn(" issuer dn: " + issuerDn);
@@ -161,7 +159,7 @@ protected String verifyCN(String cn, X509Certificate issuer) {
 
     private CertKey makeClientCert(String dn, CertKey signingCert) throws Exception {
 
-        CertificateSigning certificateSigningConfig = coreConfig.getRemoteConfiguration().getCertificateSigning();
+        CertificateSigning certificateSigningConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getCertificateSigning();
         if (certificateSigningConfig == null) {
             throw new TakException("CertificateSigning element not found in CoreConfig!");
         }
@@ -181,7 +179,7 @@ private CertKey makeClientCert(String dn, CertKey signingCert) throws Exception
 /*
     @RequestMapping(value = "/tls/makeClient", method = RequestMethod.GET)
     PEMCertKey makeClientCert(@RequestParam(value = "cn", required = true) String CN) throws Exception {
-        if(validity == null) {
+        if (validity == null) {
             validity = DEFAULT_VALIDITY;
         }
         subMgr.
@@ -208,7 +206,7 @@ ResponseEntity<String> signServerCert(@RequestParam(value = "base64CSR", require
 
     protected ResponseEntity<String> signCert(String base64CSR, String issuerDN, CERTTYPE type) throws Exception {
         String bareRequest;
-        if(base64CSR.startsWith(Constants.CSRBEGIN)) {
+        if (base64CSR.startsWith(Constants.CSRBEGIN)) {
             bareRequest = base64CSR.replace(Constants.CSRBEGIN, "").replace(Constants.CSREND, "").trim();
         } else {
             bareRequest = base64CSR;
@@ -231,7 +229,7 @@ protected ResponseEntity<String> signCert(String base64CSR, String issuerDN, CER
 */
     private CertificateConfig getCertificateConfig() {
         try {
-            CertificateSigning certificateSigningConfig = coreConfig.getRemoteConfiguration().getCertificateSigning();
+            CertificateSigning certificateSigningConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getCertificateSigning();
             if (certificateSigningConfig == null) {
                 throw new TakException("CertificateSigning element not found in CoreConfig!");
             }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/Service/CertManagerService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/Service/CertManagerService.java
index 1f87ce81..03ca955b 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/Service/CertManagerService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/Service/CertManagerService.java
@@ -9,6 +9,15 @@
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 
+import com.bbn.marti.config.CAType;
+import com.bbn.marti.config.CertificateConfig;
+import com.bbn.marti.config.CertificateSigning;
+import com.bbn.marti.config.MicrosoftCAConfig;
+import com.bbn.marti.config.NameEntry;
+import com.bbn.marti.config.TAKServerCAConfig;
+import com.bbn.marti.config.Tls;
+import com.bbn.marti.remote.config.CoreConfigFacade;
+import com.bbn.marti.util.spring.MartiSocketUserDetailsImpl;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.SignatureAlgorithm;
 import org.apache.commons.codec.binary.Base64;
@@ -18,11 +27,8 @@
 import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.context.event.EventListener;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
 
-import com.bbn.marti.config.*;
 import com.bbn.marti.jwt.JwtUtils;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.SubscriptionManagerLite;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.util.X509UsernameExtractor;
@@ -45,15 +51,12 @@ public class CertManagerService {
 
     @Autowired
     private SubscriptionManagerLite subMgr;
-    
-    @Autowired
-    private CoreConfig coreConfig;
 
     private X509UsernameExtractor usernameExtractor = null;
 
-	@EventListener({ContextRefreshedEvent.class})
+    @EventListener({ContextRefreshedEvent.class})
     private void init()throws RemoteException {
-        usernameExtractor = new X509UsernameExtractor(coreConfig.getRemoteConfiguration().getAuth().getDNUsernameExtractorRegex());
+        usernameExtractor = new X509UsernameExtractor(CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getDNUsernameExtractorRegex());
     }
 
     private boolean validateCSR(PKCS10 csr, CertificateConfig certificateConfig) {
@@ -116,7 +119,7 @@ public TakCert signClient(String clientUid, boolean addChannelsExtUsage, String
             //
             // get the cert config from CoreConfig.xml
             //
-            CertificateSigning certificateSigning = coreConfig.getRemoteConfiguration().getCertificateSigning();
+            CertificateSigning certificateSigning = CoreConfigFacade.getInstance().getRemoteConfiguration().getCertificateSigning();
             if (certificateSigning == null) {
                 throw new TakException("CertificateSigning element not found in CoreConfig!");
             }
@@ -147,14 +150,8 @@ public TakCert signClient(String clientUid, boolean addChannelsExtUsage, String
             X509Certificate signedCert = null;
 
             // is the user authenticating to the enrollment endpoint via OAuth?
-            String token = null;
-            if (SecurityContextHolder.getContext().getAuthentication().getDetails()
-                    instanceof OAuth2AuthenticationDetails) {
-
-                // save the token with the certificate
-                token = ((OAuth2AuthenticationDetails)SecurityContextHolder.getContext().
-                        getAuthentication().getDetails()).getTokenValue();
-            }
+            String token = ((MartiSocketUserDetailsImpl)SecurityContextHolder.getContext()
+                    .getAuthentication().getPrincipal()).getToken();
 
             if (certificateSigning.getCA() == CAType.TAK_SERVER) {
 
@@ -169,7 +166,7 @@ public TakCert signClient(String clientUid, boolean addChannelsExtUsage, String
                 long validityNotBeforeOffsetMinutes = takServerCAConfig.getValidityNotBeforeOffsetMinutes();
 
                 String responderUrl = null;
-                Tls tls = coreConfig.getRemoteConfiguration().getSecurity().getTls();
+                Tls tls = CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity().getTls();
                 if (tls.isEnableOCSP()) {
                     responderUrl = tls.getResponderUrl();
                 }
@@ -201,7 +198,7 @@ public TakCert signClient(String clientUid, boolean addChannelsExtUsage, String
                     throw new TakException("MicrosoftCAConfig not found in CoreConfig!");
                 }
 
-                Tls tlsConfig = coreConfig.getRemoteConfiguration().getSecurity().getTls();
+                Tls tlsConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getSecurity().getTls();
 
                 X509Certificate[] certs = WSTEPClient.submitCSR(tempCsr,
                         microsoftCAConfig.getTemplateName(),
@@ -220,7 +217,7 @@ public TakCert signClient(String clientUid, boolean addChannelsExtUsage, String
                 List<X509Certificate> caList = new LinkedList<>();
                 for (int i = 0; i < certs.length; i++) {
                     if (certs[i].getExtendedKeyUsage() != null
-                    &&  certs[i].getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.2")) {
+                            &&  certs[i].getExtendedKeyUsage().contains("1.3.6.1.5.5.7.3.2")) {
                         signedCert = certs[i];
                     } else {
                         caList.add(certs[i]);
@@ -228,7 +225,7 @@ public TakCert signClient(String clientUid, boolean addChannelsExtUsage, String
                 }
 
                 caChain = caList.toArray(new X509Certificate[0]);
-                
+
             } else {
                 throw new TakException("Unknown CA type!");
             }
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/TakCert.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/TakCert.java
index 5353ee9a..90b69c9a 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/TakCert.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/TakCert.java
@@ -8,11 +8,21 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.persistence.*;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import jakarta.persistence.Transient;
 import java.io.ByteArrayInputStream;
 import java.io.Serializable;
 import java.security.NoSuchAlgorithmException;
-import java.security.cert.*;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.util.Date;
 
 import static com.bbn.tak.tls.Constants.CERT_TYPE;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/Util.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/Util.java
index 58a6598f..edc7c0d4 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/Util.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/Util.java
@@ -4,7 +4,7 @@
 
 import sun.security.pkcs10.PKCS10;
 
-import javax.xml.bind.DatatypeConverter;
+import jakarta.xml.bind.DatatypeConverter;
 import java.io.StringWriter;
 import java.security.PrivateKey;
 import java.security.cert.CertificateEncodingException;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/WSTEP/WSTEPClient.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/WSTEP/WSTEPClient.java
index 19787135..c6dde297 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/WSTEP/WSTEPClient.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/tak/tls/WSTEP/WSTEPClient.java
@@ -9,16 +9,26 @@
 import java.io.StringReader;
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
-import java.util.*;
-import javax.net.ssl.*;
+import java.util.UUID;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManagerFactory;
 import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.soap.*;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.Dispatch;
-import javax.xml.ws.Service;
-import javax.xml.ws.soap.SOAPBinding;
+import jakarta.xml.soap.MessageFactory;
+import jakarta.xml.soap.SOAPBody;
+import jakarta.xml.soap.SOAPBodyElement;
+import jakarta.xml.soap.SOAPConstants;
+import jakarta.xml.soap.SOAPElement;
+import jakarta.xml.soap.SOAPFactory;
+import jakarta.xml.soap.SOAPHeader;
+import jakarta.xml.soap.SOAPMessage;
+import jakarta.xml.ws.BindingProvider;
+import jakarta.xml.ws.Dispatch;
+import jakarta.xml.ws.Service;
+import jakarta.xml.ws.soap.SOAPBinding;
 
 import org.apache.commons.codec.binary.Base64;
 import org.slf4j.Logger;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/RegistrationApi.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/RegistrationApi.java
index eb34ee88..51911f47 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/RegistrationApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/RegistrationApi.java
@@ -2,8 +2,8 @@
 
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.hibernate.validator.constraints.Email;
 import org.jetbrains.annotations.NotNull;
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/UserManagementAuthorizationProvider.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/UserManagementAuthorizationProvider.java
index e9893a31..7888b621 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/UserManagementAuthorizationProvider.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/UserManagementAuthorizationProvider.java
@@ -1,5 +1,6 @@
 package com.bbn.user.registration;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import com.bbn.marti.remote.CoreConfig;
@@ -9,10 +10,8 @@ public class UserManagementAuthorizationProvider {
 
     private final org.slf4j.Logger logger = LoggerFactory.getLogger(com.bbn.user.registration.UserManagementAuthorizationProvider.class);
 
-    @Autowired
-    CoreConfig coreConfig;
-
     public synchronized String getRole() {
+        CoreConfig coreConfig = CoreConfigFacade.getInstance();
         try {
             if (coreConfig == null
                     || coreConfig.getRemoteConfiguration() == null
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/model/TAKUser.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/model/TAKUser.java
index 03491b41..27854be9 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/model/TAKUser.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/model/TAKUser.java
@@ -2,7 +2,13 @@
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 
-import javax.persistence.*;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
 
 @Entity
 @Table(name = "tak_user")
diff --git a/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/service/UserRegistrationService.java b/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/service/UserRegistrationService.java
index d11de8cd..6efd48a0 100644
--- a/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/service/UserRegistrationService.java
+++ b/src/takserver-core/takserver-war/src/main/java/com/bbn/user/registration/service/UserRegistrationService.java
@@ -1,11 +1,16 @@
 package com.bbn.user.registration.service;
 
-import java.util.*;
-import java.util.stream.Collectors;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Properties;
+import java.util.Random;
+import java.util.Set;
+import java.util.UUID;
 
-import javax.mail.internet.MimeMessage;
+import jakarta.mail.internet.MimeMessage;
 
-import org.apache.commons.lang.RandomStringUtils;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -16,7 +21,6 @@
 import com.bbn.marti.config.Auth;
 import com.bbn.marti.config.Email;
 import com.bbn.marti.config.Whitelist;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.groups.Direction;
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.groups.GroupManager;
@@ -32,9 +36,6 @@ public class UserRegistrationService {
 
     private final org.slf4j.Logger logger = LoggerFactory.getLogger(com.bbn.user.registration.service.UserRegistrationService.class);
 
-    @Autowired
-    CoreConfig coreConfig;
-
     @Autowired
     private TAKUserRepository takUserRepository;
 
@@ -299,7 +300,7 @@ private void sendEmail(String to, String subject, String text)  {
 
     public synchronized Email getEmailConfig() {
         if (emailConfig == null) {
-            emailConfig = coreConfig.getRemoteConfiguration().getEmail();
+            emailConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getEmail();
         }
 
         return emailConfig;
@@ -307,7 +308,7 @@ public synchronized Email getEmailConfig() {
 
     private synchronized Auth.Ldap getLdapConfig() {
         if (ldapConfig == null) {
-            ldapConfig = coreConfig.getRemoteConfiguration().getAuth().getLdap();
+            ldapConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().getLdap();
         }
 
         return ldapConfig;
diff --git a/src/takserver-core/takserver-war/src/main/java/nl/goodbytes/xmpp/xep0363/Component.java b/src/takserver-core/takserver-war/src/main/java/nl/goodbytes/xmpp/xep0363/Component.java
index b16a6ca2..13e001f3 100644
--- a/src/takserver-core/takserver-war/src/main/java/nl/goodbytes/xmpp/xep0363/Component.java
+++ b/src/takserver-core/takserver-war/src/main/java/nl/goodbytes/xmpp/xep0363/Component.java
@@ -212,9 +212,7 @@ protected IQ handleIQGet( IQ iq ) throws Exception
         {
             slotElement.addElement( "put" ).setText( url.toExternalForm() );
             slotElement.addElement( "get" ).setText( url.toExternalForm() );
-        }
-        else
-        {
+        } else {
             slotElement.addElement( "put" ).addAttribute( "url", url.toExternalForm() );
             slotElement.addElement( "get" ).addAttribute( "url", url.toExternalForm() );
         }
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
new file mode 100644
index 00000000..002794ab
--- /dev/null
+++ b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParser.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2002-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.authentication;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import org.springframework.beans.factory.BeanDefinitionStoreException;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.beans.factory.config.PropertiesFactoryBean;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.StringUtils;
+import org.springframework.util.xml.DomUtils;
+
+/**
+ * @author Luke Taylor
+ * @author Ben Alex
+ */
+// TAK SERVER CHANGES: SEE generateRandomPassword()
+public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
+
+	static final String ATT_PASSWORD = "password";
+	static final String ATT_NAME = "name";
+	static final String ELT_USER = "user";
+	static final String ATT_AUTHORITIES = "authorities";
+	static final String ATT_PROPERTIES = "properties";
+	static final String ATT_DISABLED = "disabled";
+	static final String ATT_LOCKED = "locked";
+
+	private SecureRandom random;
+
+	@Override
+	protected String getBeanClassName(Element element) {
+		return InMemoryUserDetailsManager.class.getName();
+	}
+
+	@Override
+	@SuppressWarnings("unchecked")
+	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
+		String userProperties = element.getAttribute(ATT_PROPERTIES);
+		List<Element> userElts = DomUtils.getChildElementsByTagName(element, ELT_USER);
+		if (StringUtils.hasText(userProperties)) {
+			if (!CollectionUtils.isEmpty(userElts)) {
+				throw new BeanDefinitionStoreException(
+						"Use of a properties file and user elements are mutually exclusive");
+			}
+			BeanDefinition bd = new RootBeanDefinition(PropertiesFactoryBean.class);
+			bd.getPropertyValues().addPropertyValue("location", userProperties);
+			builder.addConstructorArgValue(bd);
+			return;
+		}
+		if (CollectionUtils.isEmpty(userElts)) {
+			throw new BeanDefinitionStoreException("You must supply user definitions, either with <" + ELT_USER
+					+ "> child elements or a " + "properties file (using the '" + ATT_PROPERTIES + "' attribute)");
+		}
+		ManagedList<BeanDefinition> users = new ManagedList<>();
+		for (Object elt : userElts) {
+			Element userElt = (Element) elt;
+			String userName = userElt.getAttribute(ATT_NAME);
+			String password = userElt.getAttribute(ATT_PASSWORD);
+			if (!StringUtils.hasLength(password)) {
+				password = generateRandomPassword();
+			}
+			boolean locked = "true".equals(userElt.getAttribute(ATT_LOCKED));
+			boolean disabled = "true".equals(userElt.getAttribute(ATT_DISABLED));
+			BeanDefinitionBuilder authorities = BeanDefinitionBuilder.rootBeanDefinition(AuthorityUtils.class);
+			authorities.addConstructorArgValue(userElt.getAttribute(ATT_AUTHORITIES));
+			authorities.setFactoryMethod("commaSeparatedStringToAuthorityList");
+			BeanDefinitionBuilder user = BeanDefinitionBuilder.rootBeanDefinition(User.class);
+			user.addConstructorArgValue(userName);
+			user.addConstructorArgValue(password);
+			user.addConstructorArgValue(!disabled);
+			user.addConstructorArgValue(true);
+			user.addConstructorArgValue(true);
+			user.addConstructorArgValue(!locked);
+			user.addConstructorArgValue(authorities.getBeanDefinition());
+			users.add(user.getBeanDefinition());
+		}
+		builder.addConstructorArgValue(users);
+	}
+
+	// TAK SERVER CHANGE: Spring is forcing the use of SHA1PRNG
+	// ADD a second try catch so that if SHA1PRNG is unavailable we attempt to use
+	// the system default instead. This will happen on systems enforcing FIPS
+	private String generateRandomPassword() {
+		if (this.random == null) {
+			try {
+				this.random = SecureRandom.getInstance("SHA1PRNG");
+			}
+			catch (NoSuchAlgorithmException ex) {
+				System.out.println("Failed find SHA1PRNG algorithm! Trying system default");
+				try {
+					this.random = new SecureRandom();
+				}
+				catch (Exception ex2) {
+					// Shouldn't happen...
+					throw new RuntimeException("Could not find an algorithm!");
+				}
+			}
+		}
+		return Long.toString(this.random.nextLong());
+	}
+
+}
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
index e566abc6..ecab9436 100644
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
+++ b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java
@@ -9,7 +9,7 @@
 import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.MessageHandler;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
-import org.springframework.messaging.support.ChannelInterceptorAdapter;
+import org.springframework.messaging.support.ChannelInterceptor;
 import org.springframework.messaging.support.ExecutorChannelInterceptor;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -34,8 +34,8 @@
  * @since 4.0
  * @author Rob Winch
  */
-public final class SecurityContextChannelInterceptor extends ChannelInterceptorAdapter
-		implements ExecutorChannelInterceptor {
+public final class SecurityContextChannelInterceptor
+		implements ExecutorChannelInterceptor, ChannelInterceptor {
     
     private static final Logger logger = LoggerFactory.getLogger(SecurityContextChannelInterceptor.class);
     
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java
deleted file mode 100644
index a3d64a77..00000000
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/authentication/BearerTokenExtractor.java
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright 2013-2014 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
- * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations under the License.
- */
-
-package org.springframework.security.oauth2.provider.authentication;
-
-import java.util.Enumeration;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-
-/**
- * {@link TokenExtractor} that strips the authenticator from a bearer token request (with an Authorization header in the
- * form "Bearer <code>&lt;TOKEN&gt;</code>", or as a request parameter if that fails). The access token is the principal in
- * the authentication token that is extracted.
- *
- * <p>
- * @deprecated See the <a href="https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide">OAuth 2.0 Migration Guide</a> for Spring Security 5.
- *
- * @author Dave Syer
- *
- */
-@Deprecated
-public class BearerTokenExtractor implements TokenExtractor {
-
-    private final static Log logger = LogFactory.getLog(BearerTokenExtractor.class);
-
-    @Override
-    public Authentication extract(HttpServletRequest request) {
-        String tokenValue = extractToken(request);
-        if (tokenValue != null) {
-            PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(tokenValue, "");
-            return authentication;
-        }
-        return null;
-    }
-
-    protected String extractToken(HttpServletRequest request) {
-        // first check the header...
-        String token = extractHeaderToken(request);
-
-        // bearer type allows a request parameter as well
-        if (token == null) {
-            logger.debug("Token not found in headers. Trying request parameters.");
-            token = request.getParameter(OAuth2AccessToken.ACCESS_TOKEN);
-            if (token == null) {
-                token = extractCookieToken(request);
-                if (token == null) {
-                    logger.debug("Token not found in request parameters.  Not an OAuth2 request.");
-                }
-            }
-            else {
-                request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, OAuth2AccessToken.BEARER_TYPE);
-            }
-        }
-
-        return token;
-    }
-
-    /**
-     * Extract the OAuth bearer token from a header.
-     *
-     * @param request The request.
-     * @return The token, or null if no OAuth authorization header was supplied.
-     */
-    protected String extractHeaderToken(HttpServletRequest request) {
-        Enumeration<String> headers = request.getHeaders("Authorization");
-        while (headers.hasMoreElements()) { // typically there is only one (most servers enforce that)
-            String value = headers.nextElement();
-            if ((value.toLowerCase().startsWith(OAuth2AccessToken.BEARER_TYPE.toLowerCase()))) {
-                String authHeaderValue = value.substring(OAuth2AccessToken.BEARER_TYPE.length()).trim();
-                // Add this here for the auth details later. Would be better to change the signature of this method.
-                request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE,
-                        value.substring(0, OAuth2AccessToken.BEARER_TYPE.length()).trim());
-                int commaIndex = authHeaderValue.indexOf(',');
-                if (commaIndex > 0) {
-                    authHeaderValue = authHeaderValue.substring(0, commaIndex);
-                }
-                return authHeaderValue;
-            }
-        }
-
-        return null;
-    }
-
-    protected String extractCookieToken(HttpServletRequest request) {
-        Cookie[] cookies = request.getCookies();
-        if (cookies == null) {
-            return null;
-        }
-
-        for (Cookie cookie : cookies) {
-            if (cookie.getName().compareToIgnoreCase(OAuth2AccessToken.ACCESS_TOKEN) == 0) {
-                return cookie.getValue();
-            }
-        }
-
-        return null;
-    }
-}
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java
deleted file mode 100644
index c8b21bfa..00000000
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.java
+++ /dev/null
@@ -1,219 +0,0 @@
-/*
- * Copyright 2006-2011 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
- * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations under the License.
- */
-package org.springframework.security.oauth2.provider.authentication;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import io.jsonwebtoken.ExpiredJwtException;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.http.HttpHeaders;
-import org.springframework.security.authentication.*;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import com.bbn.marti.oauth.AuthCookieUtils;
-import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.util.Assert;
-
-/**
- * A pre-authentication filter for OAuth2 protected resources. Extracts an OAuth2 token from the incoming request and
- * uses it to populate the Spring Security context with an {@link OAuth2Authentication} (if used in conjunction with an
- * {@link OAuth2AuthenticationManager}).
- *
- * <p>
- * @deprecated See the <a href="https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide">OAuth 2.0 Migration Guide</a> for Spring Security 5.
- *
- * @author Dave Syer
- *
- */
-@Deprecated
-public class OAuth2AuthenticationProcessingFilter implements Filter, InitializingBean {
-
-    private final static Log logger = LogFactory.getLog(OAuth2AuthenticationProcessingFilter.class);
-
-    private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
-
-    private AuthenticationManager authenticationManager;
-
-    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new OAuth2AuthenticationDetailsSource();
-
-    private TokenExtractor tokenExtractor = new BearerTokenExtractor();
-
-    private AuthenticationEventPublisher eventPublisher = new NullEventPublisher();
-
-    private boolean stateless = true;
-
-    /**
-     * Flag to say that this filter guards stateless resources (default true). Set this to true if the only way the
-     * resource can be accessed is with a token. If false then an incoming cookie can populate the security context and
-     * allow access to a caller that isn't an OAuth2 client.
-     *
-     * @param stateless the flag to set (default true)
-     */
-    public void setStateless(boolean stateless) {
-        this.stateless = stateless;
-    }
-
-    /**
-     * @param authenticationEntryPoint the authentication entry point to set
-     */
-    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
-        this.authenticationEntryPoint = authenticationEntryPoint;
-    }
-
-    /**
-     * @param authenticationManager the authentication manager to set (mandatory with no default)
-     */
-    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
-        this.authenticationManager = authenticationManager;
-    }
-
-    /**
-     * @param tokenExtractor the tokenExtractor to set
-     */
-    public void setTokenExtractor(TokenExtractor tokenExtractor) {
-        this.tokenExtractor = tokenExtractor;
-    }
-
-    /**
-     * @param eventPublisher the event publisher to set
-     */
-    public void setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher) {
-        this.eventPublisher = eventPublisher;
-    }
-
-    /**
-     * @param authenticationDetailsSource The AuthenticationDetailsSource to use
-     */
-    public void setAuthenticationDetailsSource(
-            AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
-        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
-        this.authenticationDetailsSource = authenticationDetailsSource;
-    }
-
-    public void afterPropertiesSet() {
-        Assert.state(authenticationManager != null, "AuthenticationManager is required");
-    }
-
-    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
-            ServletException {
-
-        final boolean debug = logger.isDebugEnabled();
-        final HttpServletRequest request = (HttpServletRequest) req;
-        final HttpServletResponse response = (HttpServletResponse) res;
-
-        try {
-
-            // Begin TAK mods
-            if (isAuthenticated()) {
-                // bail if we're already authenticated, this allows us to continue processing Mission tokens independent of OAuth
-                chain.doFilter(request, response);
-                return;
-            }
-            // End TAK mods
-
-            Authentication authentication = tokenExtractor.extract(request);
-
-            if (authentication == null) {
-                if (stateless && isAuthenticated()) {
-                    if (debug) {
-                        logger.debug("Clearing security context.");
-                    }
-                    SecurityContextHolder.clearContext();
-                }
-                if (debug) {
-                    logger.debug("No token in request, will continue chain.");
-                }
-            }
-            else {
-                request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, authentication.getPrincipal());
-                if (authentication instanceof AbstractAuthenticationToken) {
-                    AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication;
-                    needsDetails.setDetails(authenticationDetailsSource.buildDetails(request));
-                }
-                Authentication authResult = authenticationManager.authenticate(authentication);
-
-                if (debug) {
-                    logger.debug("Authentication success: " + authResult);
-                }
-
-                eventPublisher.publishAuthenticationSuccess(authResult);
-                SecurityContextHolder.getContext().setAuthentication(authResult);
-
-            }
-        }
-        // Begin TAK mods
-        catch (ExpiredJwtException expiredJwtException) {
-            // remove the expired access token to avoid another ExpiredJwtException
-            response.setHeader(HttpHeaders.SET_COOKIE, AuthCookieUtils.createCookie(
-                    OAuth2AccessToken.ACCESS_TOKEN, null, 0, true).toString());
-
-            response.setHeader("Pragma", "no-cache");
-            response.setHeader("Cache-Control", "must-revalidate, max-age=0, no-cache, no-store");
-            response.setDateHeader("Expires", 0);
-            response.setHeader("Location", "/login/refresh");
-            response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
-            return;
-        }
-        catch (OAuth2Exception failed) {
-            SecurityContextHolder.clearContext();
-            if (debug) {
-                logger.debug("Authentication request failed: " + failed);
-            }
-
-            AuthCookieUtils.logout(request, response, null);
-            return;
-        }
-
-        chain.doFilter(request, response);
-    }
-    // End TAK mods
-
-    private boolean isAuthenticated() {
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        if (authentication == null || authentication instanceof AnonymousAuthenticationToken) {
-            return false;
-        }
-        return true;
-    }
-
-    public void init(FilterConfig filterConfig) throws ServletException {
-    }
-
-    public void destroy() {
-    }
-
-    private static final class NullEventPublisher implements AuthenticationEventPublisher {
-        public void publishAuthenticationFailure(AuthenticationException exception, Authentication authentication) {
-        }
-
-        public void publishAuthenticationSuccess(Authentication authentication) {
-        }
-    }
-
-}
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java
deleted file mode 100644
index f597b65b..00000000
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java
+++ /dev/null
@@ -1,232 +0,0 @@
-/*
- * Copyright 2002-2011 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.oauth2.provider.endpoint;
-
-import com.bbn.marti.oauth.AuthCookieUtils;
-import com.bbn.marti.oauth.TAKClientDetailsService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.*;
-import org.springframework.security.authentication.InsufficientAuthenticationException;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.exceptions.BadClientCredentialsException;
-import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
-import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
-import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
-import org.springframework.security.oauth2.common.util.OAuth2Utils;
-import org.springframework.security.oauth2.provider.*;
-import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestValidator;
-import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
-import org.springframework.util.StringUtils;
-import org.springframework.web.HttpRequestMethodNotSupportedException;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.security.Principal;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * <p>
- * Endpoint for token requests as described in the OAuth2 spec. Clients post requests with a <code>grant_type</code>
- * parameter (e.g. "authorization_code") and other parameters as determined by the grant type. Supported grant types are
- * handled by the provided {@link #setTokenGranter(org.springframework.security.oauth2.provider.TokenGranter) token
- * granter}.
- * </p>
- *
- * <p>
- * Clients must be authenticated using a Spring Security {@link Authentication} to access this endpoint, and the client
- * id is extracted from the authentication token. The best way to arrange this (as per the OAuth2 spec) is to use HTTP
- * basic authentication for this endpoint with standard Spring Security support.
- * </p>
- *
- * <p>
- * @deprecated See the <a href="https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide">OAuth 2.0 Migration Guide</a> for Spring Security 5.
- *
- * @author Dave Syer
- *
- */
-@FrameworkEndpoint
-@Deprecated
-public class TokenEndpoint extends AbstractEndpoint {
-
-    private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator();
-
-    private Set<HttpMethod> allowedRequestMethods = new HashSet<HttpMethod>(Arrays.asList(HttpMethod.GET, HttpMethod.POST));
-
-    @Autowired
-    DefaultTokenServices defaultTokenServices;
-
-    @RequestMapping(value = "/oauth/token", method=RequestMethod.GET)
-    public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam
-            Map<String, String> parameters, HttpServletResponse response) throws HttpRequestMethodNotSupportedException {
-        if (!allowedRequestMethods.contains(HttpMethod.GET)) {
-            throw new HttpRequestMethodNotSupportedException("GET");
-        }
-        return postAccessToken(principal, parameters, response);
-    }
-
-    @RequestMapping(value = "/oauth/token", method=RequestMethod.POST)
-    public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam
-            Map<String, String> parameters, HttpServletResponse response) throws HttpRequestMethodNotSupportedException {
-
-        if (!(principal instanceof Authentication)) {
-            throw new InsufficientAuthenticationException(
-                    "There is no client authentication. Try adding an appropriate authentication filter.");
-        }
-
-        String clientId = getClientId(principal);
-        ClientDetails authenticatedClient = getClientDetailsService().loadClientByClientId(clientId);
-
-        TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(parameters, authenticatedClient);
-
-        if (!tokenRequest.getClientId().equals(TAKClientDetailsService.defaultClientId)) {
-
-            if (clientId != null && !clientId.equals("")) {
-                // Only validate the client details if a client authenticated during this
-                // request.
-                if (!clientId.equals(tokenRequest.getClientId())) {
-                    // double check to make sure that the client ID in the token request is the same as that in the
-                    // authenticated client
-                    throw new InvalidClientException("Given client ID does not match authenticated client");
-                }
-            }
-
-        }
-
-        if (authenticatedClient != null) {
-            oAuth2RequestValidator.validateScope(tokenRequest, authenticatedClient);
-        }
-        if (!StringUtils.hasText(tokenRequest.getGrantType())) {
-            throw new InvalidRequestException("Missing grant type");
-        }
-        if (tokenRequest.getGrantType().equals("implicit")) {
-            throw new InvalidGrantException("Implicit grant type not supported from token endpoint");
-        }
-
-        if (isAuthCodeRequest(parameters)) {
-            // The scope was requested or determined during the authorization step
-            if (!tokenRequest.getScope().isEmpty()) {
-                logger.debug("Clearing scope of incoming token request");
-                tokenRequest.setScope(Collections.<String> emptySet());
-            }
-        }
-
-        if (isRefreshTokenRequest(parameters)) {
-            // A refresh token has its own default scopes, so we should ignore any added by the factory here.
-            tokenRequest.setScope(OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE)));
-        }
-
-        OAuth2AccessToken token = getTokenGranter().grant(tokenRequest.getGrantType(), tokenRequest);
-        if (token == null) {
-            throw new UnsupportedGrantTypeException("Unsupported grant type");
-        }
-
-        final ResponseCookie cookieToken = AuthCookieUtils.createCookie(OAuth2AccessToken.ACCESS_TOKEN, token.getValue(), -1, true);
-        response.setHeader(HttpHeaders.SET_COOKIE, cookieToken.toString());
-
-        return getResponse(token);
-    }
-
-    @RequestMapping(value = "/logout", method = { RequestMethod.GET, RequestMethod.POST })
-    public void logout(HttpServletRequest request, HttpServletResponse response) {
-        AuthCookieUtils.logout(request, response, defaultTokenServices);
-    }
-
-    /**
-     * @param principal the currently authentication principal
-     * @return a client id if there is one in the principal
-     */
-    protected String getClientId(Principal principal) {
-        Authentication client = (Authentication) principal;
-        if (!client.isAuthenticated()) {
-            throw new InsufficientAuthenticationException("The client is not authenticated.");
-        }
-        String clientId = client.getName();
-        if (client instanceof OAuth2Authentication) {
-            // Might be a client and user combined authentication
-            clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId();
-        }
-        return clientId;
-    }
-
-    @ExceptionHandler(HttpRequestMethodNotSupportedException.class)
-    public ResponseEntity<OAuth2Exception> handleHttpRequestMethodNotSupportedException(HttpRequestMethodNotSupportedException e) throws Exception {
-        if (logger.isInfoEnabled()) {
-            logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
-        }
-        return getExceptionTranslator().translate(e);
-    }
-
-    @ExceptionHandler(Exception.class)
-    public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
-        if (logger.isErrorEnabled()) {
-            logger.error("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage(), e);
-        }
-        return getExceptionTranslator().translate(e);
-    }
-
-    @ExceptionHandler(ClientRegistrationException.class)
-    public ResponseEntity<OAuth2Exception> handleClientRegistrationException(Exception e) throws Exception {
-        if (logger.isWarnEnabled()) {
-            logger.warn("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
-        }
-        return getExceptionTranslator().translate(new BadClientCredentialsException());
-    }
-
-    @ExceptionHandler(OAuth2Exception.class)
-    public ResponseEntity<OAuth2Exception> handleException(OAuth2Exception e) throws Exception {
-        if (logger.isWarnEnabled()) {
-            logger.warn("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
-        }
-        return getExceptionTranslator().translate(e);
-    }
-
-    private ResponseEntity<OAuth2AccessToken> getResponse(OAuth2AccessToken accessToken) {
-        HttpHeaders headers = new HttpHeaders();
-        headers.set("Cache-Control", "no-store");
-        headers.set("Pragma", "no-cache");
-        headers.set("Content-Type", "application/json;charset=UTF-8");
-        return new ResponseEntity<OAuth2AccessToken>(accessToken, headers, HttpStatus.OK);
-    }
-
-    private boolean isRefreshTokenRequest(Map<String, String> parameters) {
-        return "refresh_token".equals(parameters.get("grant_type")) && parameters.get("refresh_token") != null;
-    }
-
-    private boolean isAuthCodeRequest(Map<String, String> parameters) {
-        return "authorization_code".equals(parameters.get("grant_type")) && parameters.get("code") != null;
-    }
-
-    public void setOAuth2RequestValidator(OAuth2RequestValidator oAuth2RequestValidator) {
-        this.oAuth2RequestValidator = oAuth2RequestValidator;
-    }
-
-    public void setAllowedRequestMethods(Set<HttpMethod> allowedRequestMethods) {
-        this.allowedRequestMethods = allowedRequestMethods;
-    }
-}
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpoint.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpoint.java
deleted file mode 100644
index c0aae765..00000000
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpoint.java
+++ /dev/null
@@ -1,227 +0,0 @@
-package org.springframework.security.oauth2.provider.endpoint;
-
-import org.springframework.security.oauth2.provider.AuthorizationRequest;
-import org.springframework.security.web.csrf.CsrfToken;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.SessionAttributes;
-import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.View;
-import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
-import org.springframework.web.util.HtmlUtils;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Map;
-
-/**
- * Controller for displaying the approval page for the authorization server.
- *
- * <p>
- * @deprecated See the <a href="https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide">OAuth 2.0 Migration Guide</a> for Spring Security 5.
- *
- * @author Dave Syer
- */
-@FrameworkEndpoint
-@SessionAttributes("authorizationRequest")
-@Deprecated
-public class WhitelabelApprovalEndpoint {
-
-    @RequestMapping("/oauth/confirm_access")
-    public ModelAndView getAccessConfirmation(Map<String, Object> model, HttpServletRequest request) throws Exception {
-        final String approvalContent = createTemplate(model, request);
-        if (request.getAttribute("_csrf") != null) {
-            model.put("_csrf", request.getAttribute("_csrf"));
-        }
-        View approvalView = new View() {
-            @Override
-            public String getContentType() {
-                return "text/html";
-            }
-
-            @Override
-            public void render(Map<String, ?> model, HttpServletRequest request, HttpServletResponse response) throws Exception {
-                response.setContentType(getContentType());
-                response.getWriter().append(approvalContent);
-            }
-        };
-        return new ModelAndView(approvalView, model);
-    }
-
-    protected String createTemplate(Map<String, Object> model, HttpServletRequest request) {
-        AuthorizationRequest authorizationRequest = (AuthorizationRequest) model.get("authorizationRequest");
-        String clientId = authorizationRequest.getClientId();
-
-        StringBuilder builder = new StringBuilder();
-
-        builder.append("<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n");
-        builder.append("    <link rel=\"icon\" type=\"image/x-icon\" href=\"/Marti/favicon.ico\" />\n");
-        builder.append("    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n");
-        builder.append("    <link rel=\"stylesheet\" href=\"/Marti/css/4.4.1/bootstrap.min.css\">\n");
-        builder.append("    <link type=\"text/css\" href=\"/Marti/jquery/jquery-ui.css\" rel=\"stylesheet\" media=\"all\" />\n");
-        builder.append("    <link rel=\"stylesheet\" type=\"text/css\" href=\"/Marti/jquery/jquery.jnotify.css\" />\n");
-        builder.append("    <script type=\"text/javascript\" src=\"/Marti/jquery/jquery-3.5.0.js\"></script>\n");
-        builder.append("    <script type=\"text/javascript\" src=\"/Marti/jquery/jquery-ui.min.js\"></script>\n");
-        builder.append("    <script type=\"text/javascript\" src=\"/Marti/jquery/jquery.jnotify.min.js\"></script>\n");
-        builder.append("   <meta name=\"viewport\" content=\"width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0,viewport-fit=cover\">\n");
-        builder.append("\n");
-        builder.append("    <title>OAuth2 Authorization</title>\n");
-        builder.append("</head>\n");
-        builder.append("\n");
-        builder.append("<body>\n");
-        builder.append("\n");
-        builder.append("<div id=\"header\">\n");
-        builder.append("    <style>\n");
-        builder.append("        .tak_logo {\n");
-        builder.append("            width:75px;\n");
-        builder.append("            height:75px;\n");
-        builder.append("            display:inline-block;\n");
-        builder.append("            margin-top: -4px;\n");
-        builder.append("            margin-left: 0px;\n");
-        builder.append("            filter: drop-shadow(0 2px 3px #cecece);\n");
-        builder.append("        }\n");
-        builder.append("\n");
-        builder.append("        body {\n");
-        builder.append("            margin: 0;\n");
-        builder.append("            padding: 0;\n");
-        builder.append("            background-color: #444444;\n");
-        builder.append("            height: 100vh;\n");
-        builder.append("        }\n");
-        builder.append("\n");
-        builder.append("        #login .container #login-row #login-column #login-box {\n");
-        builder.append("            margin-top: 40px;\n");
-        builder.append("            max-width: 600px;\n");
-        builder.append("            height: 400px;\n");
-        builder.append("            border: 1px solid #9C9C9C;\n");
-        builder.append("            background-color: #fdfdfd;\n");
-        builder.append("        }\n");
-        builder.append("        #login .container #login-row #login-column #login-box #login-form {\n");
-        builder.append("            padding: 30px;\n");
-        builder.append("        }\n");
-        builder.append("    </style>\n");
-        builder.append("</div>\n");
-        builder.append("\n");
-        builder.append("<div class=\"alert alert-warning\" style=\"display:none;\" id=\"error-alert\" align=\"center\">\n");
-        builder.append("    <b>You have entered an invalid username or password</b>\n");
-        builder.append("</div>\n");
-        builder.append("\n");
-        builder.append("<div id=\"login\">\n");
-        builder.append("    <div class=\"container\">\n");
-        builder.append("        <div id=\"login-row\" class=\"row justify-content-center align-items-center\">\n");
-        builder.append("            <div id=\"login-column\" class=\"col-md-6\">\n");
-        builder.append("                <div id=\"login-box\" class=\"col-md-12\">\n");
-        builder.append("                    <div id=\"auth-div\" style=\"padding: 30px\">\n");
-        builder.append("                        <div class=\"form-group\" align=\"center\">\n");
-        builder.append("                            <div class=\"menu-button\">\n");
-        builder.append("                                <div class=\"tak_logo\">\n");
-        builder.append("                                    <svg xmlns:dc=\"http://purl.org/dc/elements/1.1/\" xmlns:cc=\"http://creativecommons.org/ns#\" xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\" xmlns:svg=\"http://www.w3.org/2000/svg\" xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" xmlns:sodipodi=\"http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd\" xmlns:inkscape=\"http://www.inkscape.org/namespaces/inkscape\" id=\"svg2\" version=\"1.1\" inkscape:version=\"0.91 r13725\" viewBox=\"0 0 842.5 805\" sodipodi:docname=\"TAK MIL Vector.svg\" inkscape:export-filename=\"simple logo.png\" inkscape:export-xdpi=\"14.635015\" inkscape:export-ydpi=\"14.635015\">\n");
-        builder.append("                                        <metadata id=\"metadata8\">\n");
-        builder.append("                                            <rdf:rdf>\n");
-        builder.append("                                                <cc:work rdf:about=\"\">\n");
-        builder.append("                                                    <dc:format>image/svg+xml</dc:format>\n");
-        builder.append("                                                    <dc:type rdf:resource=\"http://purl.org/dc/dcmitype/StillImage\">\n");
-        builder.append("                                                        <dc:title></dc:title>\n");
-        builder.append("                                                    </dc:type>\n");
-        builder.append("                                                </cc:work>\n");
-        builder.append("                                            </rdf:rdf>\n");
-        builder.append("                                        </metadata>\n");
-        builder.append("                                        <defs id=\"defs6\">\n");
-        builder.append("                                            <lineargradient inkscape:collect=\"always\" id=\"linearGradient4893\">\n");
-        builder.append("                                                <stop style=\"stop-color:#6e6e6e;stop-opacity:1\" offset=\"0\" id=\"stop4895\"></stop>\n");
-        builder.append("                                                <stop id=\"stop4905\" offset=\"0.5\" style=\"stop-color:#ffffff;stop-opacity:1\"></stop>\n");
-        builder.append("                                                <stop style=\"stop-color:#6e6e6e;stop-opacity:1\" offset=\"1\" id=\"stop4897\"></stop>\n");
-        builder.append("                                            </lineargradient>\n");
-        builder.append("                                            <lineargradient inkscape:collect=\"always\" xlink:href=\"#linearGradient4893\" id=\"linearGradient4903\" x1=\"143.88919\" y1=\"402.5\" x2=\"698.61081\" y2=\"402.5\" gradientUnits=\"userSpaceOnUse\"> </lineargradient>\n");
-        builder.append("                                        </defs>\n");
-        builder.append("                                        <sodipodi:namedview pagecolor=\"#ffffff\" bordercolor=\"#666666\" borderopacity=\"1\" objecttolerance=\"10\" gridtolerance=\"10\" guidetolerance=\"10\" inkscape:pageopacity=\"0\" inkscape:pageshadow=\"2\" inkscape:window-width=\"1200\" inkscape:window-height=\"1857\" id=\"namedview4\" showgrid=\"false\" inkscape:object-nodes=\"true\" inkscape:snap-intersection-paths=\"false\" inkscape:snap-smooth-nodes=\"true\" inkscape:zoom=\"0.82920348\" inkscape:cx=\"407.2691\" inkscape:cy=\"-13.264391\" inkscape:window-x=\"-8\" inkscape:window-y=\"172\" inkscape:window-maximized=\"1\" inkscape:current-layer=\"svg2\"></sodipodi:namedview>\n");
-        builder.append("                                        <path style=\"fill:url(#linearGradient4903);fill-opacity:1.0\" d=\"m 406.60249,743.76344 c -6.7326,-5.0886 -17.8661,-13.9223 -24.7411,-19.6304 -17.5932,-14.6071 -61.3248,-58.6747 -77.3979,-77.9925 -89.1195,-107.1108 -141.2829,-228.3029 -156.296,-363.125 -2.4118,-21.659 -4.7208,-60.7744 -4.2056,-71.2469 l 0.3995,-8.12186 16.25,-4.09782 c 88.0141,-22.19478 180.4684,-72.7928 244.7366,-133.93844 8.1052,-7.71133 15.2043,-13.84047 15.7759,-13.62031 0.5717,0.22016 8.8464,7.55763 18.3884,16.3055 42.0414,38.54243 81.2242,65.35266 132.3491,90.55791 35.4975,17.50066 74.22794,31.81699 110.62404,40.89109 l 15.626,3.89579 0.4097,7.5 c 0.6261,11.46447 -2.1385,58.72484 -4.7948,81.96374 -15.4285,134.9784 -63.9842,251.2889 -146.33724,350.5363 -15.7729,19.0086 -58.4623,60.9748 -77.4027,76.0914 -20.6481,16.4796 -45.1907,33.2836 -48.6113,33.2836 -1.3924,0 -8.0401,-4.1635 -14.7726,-9.2521 z\" id=\"path4751-5\" inkscape:connector-curvature=\"0\"></path>\n");
-        builder.append("                                        <path style=\"fill:#0b0b0b\" d=\"M 404.2674,773.79865 C 361.0723,744.12024 313.994,699.12276 273.363,648.68009 l -12.8375,-15.9375 -98.7002,0 c -84.593,0 -98.7003,-0.2546 -98.7003,-1.78131 0,-2.16073 60.6753,-212.6732 62.446,-216.65619 1.1455,-2.5765 2.0856,-2.8125 11.2035,-2.8125 5.4741,0 10.29,-0.54526 10.7019,-1.21169 0.4118,-0.66642 -1.2275,-8.68205 -3.643,-17.8125 -14.4819,-54.74121 -21.5824,-106.80396 -22.8304,-167.39816 -0.8416,-40.86041 -1.7687,-37.51684 10.872,-39.2115 29.3974,-3.94113 84.9181,-22.90458 125.7763,-42.95968 57.4562,-28.20219 100.0499,-58.509169 145.733,-103.694201 l 17.1342,-16.94745 22.8658,22.43419 c 43.0863,42.273132 80.7773,69.193761 134.3453,95.955561 43.9907,21.97713 98.4353,40.62374 132.2704,45.30099 11.1927,1.54724 10.625,0.17761 10.625,25.63673 0,56.845 -7.2877,121.35496 -19.6182,173.65771 -6.4845,27.50539 -6.9064,25.54953 5.6059,25.98886 9.3224,0.32734 10.4813,0.64108 11.5436,3.125 1.7489,4.08921 61.2187,214.4932 61.2187,216.59158 0,1.54356 -13.3312,1.79723 -95.3125,1.8137 -52.4218,0.01 -95.9277,0.4324 -96.6797,0.9375 -0.752,0.5051 -7.0102,7.94961 -13.9072,16.54336 -30.4811,37.97996 -66.0563,72.81804 -102.2894,100.16989 -22.3778,16.8927 -47.0729,32.33011 -51.7182,32.33011 -1.2008,0 -8.0411,-4.02478 -15.2006,-8.94394 z m 29.2357,-26.56186 c 14.8308,-9.77796 30.9867,-22.10731 47.9152,-36.56651 25.8514,-22.08057 74.3229,-73.45597 72.3364,-76.67014 -1.2468,-2.01745 -259.3819,-1.71396 -259.3721,0.30495 0.028,5.7043 63.3051,71.64062 89.1687,92.9155 22.2036,18.26427 33.7758,26.65976 36.8268,26.71751 1.583,0.03 7.4892,-2.98562 13.125,-6.70131 z m 235.5566,-337.3067 c 1.4275,-1.79756 10.2179,-37.7889 13.9673,-57.1875 7.091,-36.68705 10.7672,-70.10838 12.5807,-114.375 0.8575,-20.93036 0.7701,-27.82834 -0.3655,-28.87439 C 694.4215,208.73729 685.3125,205.99648 675,203.40251 588.0145,181.52255 502.829,134.57486 435.2796,71.286961 l -14.7205,-13.79177 -10.6807,9.8112 c -26.7374,24.56071 -47.9424,41.637539 -70.925,57.117539 -53.2187,35.84548 -117.4005,65.00368 -175.2034,79.59596 -8.9375,2.25626 -17.0047,4.79171 -17.9272,5.63434 -1.3873,1.26723 -1.4381,6.4968 -0.294,30.255 2.6398,54.82109 9.7496,100.90961 23.3838,151.58336 2.4972,9.28125 5.0979,17.57812 5.7794,18.4375 0.9838,1.24051 51.9221,1.5625 247.183,1.5625 195.2601,0 246.1996,-0.322 247.1847,-1.5625 z\" id=\"path4690-7\" inkscape:connector-curvature=\"0\" sodipodi:nodetypes=\"sscsscscssssscsssssscscsssssssccscsssscsscssscsscss\"></path>\n");
-        builder.append("                                        <path style=\"fill:#080808\" d=\"m 379.99995,381.41191 c -2.6442,-0.72999 -3.1863,-1.71607 -3.5233,-6.40976 -0.5776,-8.04522 0.7591,-13.49898 3.6935,-15.06943 6.4551,-3.45463 12.3298,3.39385 12.3298,14.37345 0,5.05378 -0.4026,5.93261 -3.2064,6.99859 -3.5564,1.35215 -4.7346,1.36573 -9.2936,0.10712 z m 21.8256,-0.99104 c -4.4383,-4.43838 0.3505,-17.89705 6.3682,-17.89705 0.9167,0 3.1598,1.28419 4.9845,2.85375 3.9748,3.41903 5.9356,14.10714 2.9363,16.00636 -3.0201,1.91249 -12.02,1.30592 -14.289,-0.96306 z m 25.1774,0.4773 c -1.9597,-1.43392 -2.2528,-2.79284 -1.6864,-7.81815 0.6929,-6.14732 4.0357,-10.5562 8.0037,-10.5562 5.192,0 11.2402,12.68611 8.2916,17.39155 -1.6468,2.62793 -11.4584,3.288 -14.6089,0.9828 z m 27.997,0.0537 c -2.8128,-1.49278 -3.1243,-2.42141 -3.1178,-9.2949 0.01,-5.74016 0.5966,-8.28785 2.3812,-10.25976 3.2011,-3.53715 7.5183,-3.30579 10.564,0.56612 2.8113,3.57396 4.9322,16.30094 3.033,18.20013 -2.0654,2.0654 -9.5855,2.52642 -12.8604,0.78841 z m -39.2483,-19.7636 c -5.9457,-4.47073 -7.6371,-4.53705 -13.5331,-0.53066 l -4.6117,3.13375 -4.1159,-3.57544 c -8.6965,-7.55438 -11.765,-7.57613 -20.2305,-0.14334 -5.3836,4.72685 -7.6377,4.24334 -10.3435,-2.21863 -1.838,-4.38982 -1.8635,-9.74646 -0.1115,-23.45507 0.2969,-2.32275 -0.6443,-2.55967 -13.276,-3.34165 -7.4775,-0.4629 -15.0075,-1.19604 -16.7333,-1.62919 -4.4093,-1.10666 -11.3594,-6.66716 -13.4948,-10.79665 -2.5505,-4.93212 -2.252,-8.64115 1.3114,-16.29588 2.5692,-5.51887 3.1038,-8.5422 3.0609,-17.31163 -0.029,-5.84375 -0.4731,-14.41156 -0.9878,-19.0396 -0.555,-4.98971 -0.4424,-9.31426 0.2766,-10.625 0.6668,-1.21571 5.3614,-7.11764 10.4323,-13.11537 11.1398,-13.17603 12.5312,-15.69583 11.8568,-21.47273 -0.6008,-5.14613 -2.1867,-4.91477 -3.3743,0.49227 -0.8817,4.0145 -16.2675,19.17081 -18.6557,18.37738 -1.7016,-0.56536 -4.6434,-25.01657 -3.7137,-30.86701 1.7411,-10.956 16.4918,-34.01782 28.6938,-44.86081 7.4451,-6.61591 20.1406,-12.87615 33.6734,-16.6045 8.9952,-2.47824 12.9515,-2.75506 39.375,-2.75506 26.4234,0 30.3797,0.27682 39.375,2.75506 13.5327,3.72835 26.2282,9.98859 33.6733,16.6045 12.202,10.84299 26.9527,33.90481 28.6938,44.86081 0.9297,5.85044 -2.0121,30.30165 -3.7137,30.86701 -2.3881,0.79343 -17.774,-14.36288 -18.6557,-18.37738 -1.1876,-5.40704 -2.7735,-5.6384 -3.3743,-0.49227 -0.6744,5.7769 0.717,8.2967 11.8569,21.47268 5.0709,5.99773 9.7654,11.89966 10.4322,13.11537 0.719,1.31074 0.8316,5.63529 0.2767,10.625 -0.5147,4.62804 -0.9593,13.19585 -0.9878,19.0396 -0.043,8.76943 0.4916,11.79276 3.0608,17.31163 3.5634,7.65473 3.8619,11.36376 1.3114,16.29588 -2.1354,4.12949 -9.0855,9.68999 -13.4948,10.79665 -1.7258,0.43315 -9.2558,1.16629 -16.7333,1.62919 -12.6316,0.78198 -13.5729,1.0189 -13.276,3.34165 1.752,13.70861 1.7265,19.06525 -0.1115,23.45507 -2.7058,6.46197 -4.9599,6.94548 -10.3435,2.21863 -8.4655,-7.43278 -11.534,-7.41103 -20.2304,0.14334 l -4.116,3.57544 -4.6117,-3.13375 c -5.9094,-4.01553 -7.5393,-3.94291 -13.833,0.61626 -2.8472,2.0625 -5.3222,3.71148 -5.5001,3.6644 -0.1778,-0.0471 -2.5163,-1.73459 -5.1966,-3.75 z m -0.022,-29.60189 c 0.4275,-1.89063 1.5442,-6.52218 2.4815,-10.29233 0.994,-3.99851 1.2412,-7.31779 0.5931,-7.96591 -1.6055,-1.60543 -6.7996,4.03945 -10.5782,11.4963 -4.5085,8.89703 -4.285,10.19944 1.7501,10.19944 4.4068,0 5.0651,-0.39333 5.7535,-3.4375 z m 21.7703,1.52685 c 0,-2.93437 -6.8963,-15.91604 -9.8929,-18.62231 -4.0808,-3.68558 -5.3029,-1.17995 -3.3183,6.80313 0.9373,3.77015 2.054,8.4017 2.4815,10.29233 0.6884,3.04417 1.3467,3.4375 5.7535,3.4375 3.6312,0 4.9762,-0.51641 4.9762,-1.91065 z m -47.3939,-34.39354 c 2.7536,-1.40477 7.2461,-4.57741 9.9833,-7.0503 5.4387,-4.91357 7.4278,-4.69314 5.3204,0.58965 -0.7438,1.86438 -1.808,4.51479 -2.3651,5.88979 -1.9233,4.7475 3.0231,-0.53185 8.6989,-9.28446 6.8604,-10.57937 8.7917,-12.23344 11.5958,-9.93109 1.1492,0.94355 4.4869,5.41254 7.417,9.93109 5.6758,8.75261 10.6222,14.03196 8.6989,9.28446 -0.5571,-1.375 -1.6214,-4.02541 -2.3651,-5.88979 -2.1074,-5.28279 -0.1184,-5.50322 5.3204,-0.58965 2.7372,2.47289 7.3656,5.71488 10.2854,7.20443 5.0117,2.55676 5.9064,2.62492 15.9938,1.21851 23.1915,-3.23342 34.424,-13.39408 30.0411,-27.17453 -1.9972,-6.27938 -8.5739,-16.64397 -10.5613,-16.64397 -0.8633,0 -9.1016,3.61006 -18.3072,8.02236 -18.3028,8.77266 -29.6794,12.60091 -33.6767,11.33224 -3.3925,-1.07676 -5.07,-5.78195 -5.3403,-14.9796 -0.2557,-8.70019 -2.0369,-9.40873 -4.2804,-1.70265 -0.8579,2.94705 -2.4048,6.20317 -3.4375,7.23582 -1.67,1.67005 -2.085,1.67005 -3.755,0 -1.0327,-1.03265 -2.5796,-4.28877 -3.4375,-7.23582 -2.2435,-7.70608 -4.0247,-6.99754 -4.2804,1.70265 -0.2703,9.19765 -1.9478,13.90284 -5.3403,14.9796 -3.9973,1.26867 -15.3739,-2.55958 -33.6767,-11.33224 -9.2056,-4.4123 -17.4439,-8.02236 -18.3072,-8.02236 -1.9874,0 -8.5641,10.36459 -10.5613,16.64397 -4.0611,12.7686 5.7213,22.92867 25.5432,26.5295 12.4341,2.25877 15.1246,2.16462 20.7938,-0.72761 z\" id=\"path4768\" inkscape:connector-curvature=\"0\"></path>\n");
-        builder.append("                                        <path style=\"fill:#000000\" d=\"\" id=\"path4855\" inkscape:connector-curvature=\"0\"></path>\n");
-        builder.append("                                        <path style=\"fill:#ffffff;fill-opacity:1\" d=\"m 279.11424,580.10645 c -1.65294,-2.35992 -1.94587,-8.25437 -1.94587,-39.1571 l 0,-36.37897 2.89306,-2.7179 c 2.49989,-2.34853 4.33074,-2.71789 13.47186,-2.71789 17.33193,0 16.13508,-3.09704 16.13508,41.75215 0,45.35925 1.32783,41.99785 -16.59005,41.99785 -11.00224,0 -12.18269,-0.23485 -13.96408,-2.77814 z m 62.87485,-0.24107 c -1.5353,-3.36973 -1.3696,-3.72355 25.5227,-54.48079 10.9686,-20.70251 14.7893,-26.875 16.6352,-26.875 3.0301,0 15.4024,23.08883 15.4736,28.87649 0.03,2.42452 -4.6229,13.54423 -12.4222,29.6875 l -12.4699,25.81101 -15.6819,0 c -15.3677,0 -15.7094,-0.0605 -17.0575,-3.01921 z m 94.7513,0.20671 c -0.9546,-1.54688 -3.087,-5.34375 -4.7388,-8.4375 l -3.0032,-5.625 -17.79,-0.34683 c -17.4621,-0.34042 -17.7892,-0.39802 -17.7445,-3.125 0.025,-1.52799 2.697,-7.84067 5.9375,-14.02817 5.0221,-9.58909 6.3995,-11.3084 9.3295,-11.64553 2.1372,-0.24591 3.4375,-1.14469 3.4375,-2.37603 0,-1.08928 -5.0625,-11.80776 -11.25,-23.81885 -6.1875,-12.0111 -11.2421,-22.75439 -11.2325,-23.87398 0.01,-1.11958 3.1466,-8.11593 6.9711,-15.54745 5.716,-11.10708 7.4035,-13.443 9.4813,-13.125 1.9647,0.30068 9.3477,13.82804 33.1485,60.7362 17.0529,33.60894 30.3082,61.16383 29.9154,62.1875 -0.5665,1.47631 -3.6601,1.83814 -15.7158,1.83814 -14.2187,0 -15.1019,-0.14833 -16.746,-2.8125 z m 52.7685,0.74654 c -1.3867,-1.66994 -1.7825,-12.93603 -2.0648,-58.77009 l -0.3492,-56.70412 3.2269,-3.22686 c 3.0724,-3.07239 3.7675,-3.20606 14.5229,-2.79241 16.2444,0.62474 16.0737,0.32744 16.0737,27.99915 0,11.91451 0.5042,21.97434 1.1204,22.35518 0.6162,0.38083 3.2618,-2.1156 5.8791,-5.54765 5.5742,-7.30937 8.628,-8.72385 11.746,-5.4406 1.2109,1.2751 14.208,18.91211 28.8824,39.19336 20.4254,28.2295 26.6886,37.7542 26.714,40.625 l 0.033,3.75 -16.4798,0.3482 -16.4798,0.34821 -6.751,-8.47321 c -3.713,-4.66026 -12.4943,-15.92633 -19.514,-25.0357 -7.0196,-9.10938 -13.2654,-16.5625 -13.8794,-16.5625 -0.614,0 -1.2918,10.45265 -1.5062,23.2281 -0.4717,28.10872 0.3947,26.7719 -17.3507,26.7719 -9.7348,0 -12.4443,-0.40494 -13.8236,-2.06596 z m 61.6414,-81.0374 c -4.2526,-5.83185 -7.7319,-11.65371 -7.7319,-12.93749 0,-1.28377 4.194,-7.687 9.32,-14.22939 10.5503,-13.46556 10.5799,-13.47976 28.1425,-13.47976 9.1548,0 11.2472,0.38362 13.0684,2.39601 2.713,2.99785 3.0556,2.3259 -14.5533,28.54149 -17.0187,25.33672 -16.8839,25.2904 -28.2457,9.70914 z m -301.20378,-8.84252 c -2.5634,-1.79547 -2.77814,-2.93561 -2.77814,-14.75 0,-8.2921 0.52859,-13.33271 1.5,-14.30412 1.10894,-1.10894 12.79027,-1.5 44.80626,-1.5 51.48266,0 47.44376,-1.36516 47.44376,16.03592 0,17.69858 3.4939,16.46408 -46.59688,16.46408 -35.62534,0 -41.99569,-0.27935 -44.375,-1.94588 z\" id=\"path4872\" inkscape:connector-curvature=\"0\"></path>\n");
-        builder.append("                                    </svg>\n");
-        builder.append("                                </div>\n");
-        builder.append("                            </div>\n");
-        builder.append("                        </div>\n");
-
-        builder.append("						<div class=\"form-group\">\n");
-        builder.append("							<label for=\"username\" class=\"text-info\">Authorization Approval</label><br>\n");
-        builder.append("							<p>Do you authorize \"").append(HtmlUtils.htmlEscape(clientId)).append("\" to access your TAK Server account?</p>\n");
-        builder.append("						</div>\n");
-
-        String requestPath = ServletUriComponentsBuilder.fromContextPath(request).build().getPath();
-        if (requestPath == null) {
-            requestPath = "";
-        }
-
-        builder.append("						<div class=\"form-group\" align=\"center\">\n");
-        builder.append("							<form id=\"confirmationForm\" name=\"confirmationForm\" action=\"").append(requestPath).append("/oauth/authorize\" method=\"post\">\n");
-        builder.append("								<input name=\"user_oauth_approval\" value=\"true\" type=\"hidden\">\n");
-        builder.append("								<input name=\"authorize\" value=\"Authorize\" type=\"submit\" class=\"btn btn-dark\">\n");
-        builder.append("							</form>				\n");
-        builder.append("						</div>\n");
-        builder.append("						<div class=\"form-group\" align=\"center\">\n");
-        builder.append("							<form id=\"denialForm\" name=\"denialForm\" action=\"").append(requestPath).append("/oauth/authorize\" method=\"post\">\n");
-        builder.append("								<input name=\"user_oauth_approval\" value=\"false\" type=\"hidden\">\n");
-        builder.append("								<input name=\"deny\" value=\"Deny\" type=\"submit\" class=\"btn btn-dark\">\n");
-        builder.append("							</form>\n");
-        builder.append("						</div>\n");
-
-        String csrfTemplate = null;
-        CsrfToken csrfToken = (CsrfToken) (model.containsKey("_csrf") ? model.get("_csrf") : request.getAttribute("_csrf"));
-        if (csrfToken != null) {
-            csrfTemplate = "<input type=\"hidden\" name=\"" + HtmlUtils.htmlEscape(csrfToken.getParameterName()) +
-                    "\" value=\"" + HtmlUtils.htmlEscape(csrfToken.getToken()) + "\" />";
-        }
-        if (csrfTemplate != null) {
-            builder.append(csrfTemplate);
-        }
-
-//        String authorizeInputTemplate = "<label><input name=\"authorize\" value=\"Authorize\" type=\"submit\"/></label></form>";
-//
-//        if (model.containsKey("scopes") || request.getAttribute("scopes") != null) {
-//            builder.append(createScopes(model, request));
-//            builder.append(authorizeInputTemplate);
-//        } else {
-//            builder.append(authorizeInputTemplate);
-//            builder.append("<form id=\"denialForm\" name=\"denialForm\" action=\"");
-//            builder.append(requestPath).append("/oauth/authorize\" method=\"post\">");
-//            builder.append("<input name=\"user_oauth_approval\" value=\"false\" type=\"hidden\"/>");
-//            if (csrfTemplate != null) {
-//                builder.append(csrfTemplate);
-//            }
-//            builder.append("<label><input name=\"deny\" value=\"Deny\" type=\"submit\"/></label></form>");
-//        }
-
-        builder.append("					</div>\n");
-        builder.append("                </div>\n");
-        builder.append("            </div>\n");
-        builder.append("        </div>\n");
-        builder.append("    </div>\n");
-        builder.append("</div>\n");
-        builder.append("\n");
-        builder.append("\n");
-        builder.append("</body></html>\n");
-
-        return builder.toString();
-    }
-
-    private CharSequence createScopes(Map<String, Object> model, HttpServletRequest request) {
-        StringBuilder builder = new StringBuilder("<ul>");
-        @SuppressWarnings("unchecked")
-        Map<String, String> scopes = (Map<String, String>) (model.containsKey("scopes") ?
-                model.get("scopes") : request.getAttribute("scopes"));
-        for (String scope : scopes.keySet()) {
-            String approved = "true".equals(scopes.get(scope)) ? " checked" : "";
-            String denied = !"true".equals(scopes.get(scope)) ? " checked" : "";
-            scope = HtmlUtils.htmlEscape(scope);
-
-            builder.append("<li><div class=\"form-group\">");
-            builder.append(scope).append(": <input type=\"radio\" name=\"");
-            builder.append(scope).append("\" value=\"true\"").append(approved).append(">Approve</input> ");
-            builder.append("<input type=\"radio\" name=\"").append(scope).append("\" value=\"false\"");
-            builder.append(denied).append(">Deny</input></div></li>");
-        }
-        builder.append("</ul>");
-        return builder.toString();
-    }
-}
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter.java
new file mode 100644
index 00000000..5316996b
--- /dev/null
+++ b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter.java
@@ -0,0 +1,225 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.server.resource.web.authentication;
+
+import java.io.IOException;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import org.springframework.core.log.LogMessage;
+import org.springframework.security.authentication.AuthenticationDetailsSource;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationManagerResolver;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
+import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;
+import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
+import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
+import org.springframework.security.web.context.SecurityContextRepository;
+import org.springframework.util.Assert;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+/**
+ * Authenticates requests that contain an OAuth 2.0
+ * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+ * Token</a>.
+ *
+ * This filter should be wired with an {@link AuthenticationManager} that can authenticate
+ * a {@link BearerTokenAuthenticationToken}.
+ *
+ * @author Josh Cummings
+ * @author Vedran Pavic
+ * @author Joe Grandja
+ * @author Jeongjin Kim
+ * @since 5.1
+ * @see <a href="https://tools.ietf.org/html/rfc6750" target="_blank">The OAuth 2.0
+ * Authorization Framework: Bearer Token Usage</a>
+ * @see JwtAuthenticationProvider
+ */
+public class BearerTokenAuthenticationFilter extends OncePerRequestFilter {
+
+    private final AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver;
+
+    private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
+            .getContextHolderStrategy();
+
+    private AuthenticationEntryPoint authenticationEntryPoint = new BearerTokenAuthenticationEntryPoint();
+
+    private AuthenticationFailureHandler authenticationFailureHandler = new AuthenticationEntryPointFailureHandler(
+            (request, response, exception) -> this.authenticationEntryPoint.commence(request, response, exception));
+
+    private BearerTokenResolver bearerTokenResolver = new DefaultBearerTokenResolver();
+
+    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
+
+    private SecurityContextRepository securityContextRepository = new RequestAttributeSecurityContextRepository();
+
+    /**
+     * Construct a {@code BearerTokenAuthenticationFilter} using the provided parameter(s)
+     * @param authenticationManagerResolver
+     */
+    public BearerTokenAuthenticationFilter(
+            AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver) {
+        Assert.notNull(authenticationManagerResolver, "authenticationManagerResolver cannot be null");
+        this.authenticationManagerResolver = authenticationManagerResolver;
+    }
+
+    /**
+     * Construct a {@code BearerTokenAuthenticationFilter} using the provided parameter(s)
+     * @param authenticationManager
+     */
+    public BearerTokenAuthenticationFilter(AuthenticationManager authenticationManager) {
+        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
+        this.authenticationManagerResolver = (request) -> authenticationManager;
+    }
+
+    /**
+     * Extract any
+     * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
+     * Token</a> from the request and attempt an authentication.
+     * @param request
+     * @param response
+     * @param filterChain
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+        String token;
+        try {
+            token = this.bearerTokenResolver.resolve(request);
+        }
+        catch (OAuth2AuthenticationException invalid) {
+            this.logger.trace("Sending to authentication entry point since failed to resolve bearer token", invalid);
+            this.authenticationEntryPoint.commence(request, response, invalid);
+            return;
+        }
+        if (token == null) {
+            this.logger.trace("Did not process request since did not find bearer token");
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        BearerTokenAuthenticationToken authenticationRequest = new BearerTokenAuthenticationToken(token);
+        authenticationRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
+
+        try {
+            AuthenticationManager authenticationManager = this.authenticationManagerResolver.resolve(request);
+            Authentication authenticationResult = authenticationManager.authenticate(authenticationRequest);
+            SecurityContext context = this.securityContextHolderStrategy.createEmptyContext();
+            context.setAuthentication(authenticationResult);
+            this.securityContextHolderStrategy.setContext(context);
+            this.securityContextRepository.saveContext(context, request, response);
+            if (this.logger.isDebugEnabled()) {
+                this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", authenticationResult));
+            }
+            filterChain.doFilter(request, response);
+        }
+        catch (AuthenticationException failed) {
+            this.securityContextHolderStrategy.clearContext();
+            this.logger.trace("Failed to process authentication request", failed);
+            this.authenticationFailureHandler.onAuthenticationFailure(request, response, failed);
+        }
+    }
+
+    /**
+     * Sets the {@link SecurityContextHolderStrategy} to use. The default action is to use
+     * the {@link SecurityContextHolderStrategy} stored in {@link SecurityContextHolder}.
+     *
+     * @since 5.8
+     */
+    public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
+        Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");
+        this.securityContextHolderStrategy = securityContextHolderStrategy;
+    }
+
+    /**
+     * Sets the {@link SecurityContextRepository} to save the {@link SecurityContext} on
+     * authentication success. The default action is not to save the
+     * {@link SecurityContext}.
+     * @param securityContextRepository the {@link SecurityContextRepository} to use.
+     * Cannot be null.
+     */
+    public void setSecurityContextRepository(SecurityContextRepository securityContextRepository) {
+        Assert.notNull(securityContextRepository, "securityContextRepository cannot be null");
+        this.securityContextRepository = securityContextRepository;
+    }
+
+    /**
+     * Set the {@link BearerTokenResolver} to use. Defaults to
+     * {@link DefaultBearerTokenResolver}.
+     * @param bearerTokenResolver the {@code BearerTokenResolver} to use
+     */
+    public void setBearerTokenResolver(BearerTokenResolver bearerTokenResolver) {
+        Assert.notNull(bearerTokenResolver, "bearerTokenResolver cannot be null");
+        this.bearerTokenResolver = bearerTokenResolver;
+    }
+
+    /**
+     * Set the {@link AuthenticationEntryPoint} to use. Defaults to
+     * {@link BearerTokenAuthenticationEntryPoint}.
+     * @param authenticationEntryPoint the {@code AuthenticationEntryPoint} to use
+     */
+    public void setAuthenticationEntryPoint(final AuthenticationEntryPoint authenticationEntryPoint) {
+        Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
+        this.authenticationEntryPoint = authenticationEntryPoint;
+    }
+
+    /**
+     * Set the {@link AuthenticationFailureHandler} to use. Default implementation invokes
+     * {@link AuthenticationEntryPoint}.
+     * @param authenticationFailureHandler the {@code AuthenticationFailureHandler} to use
+     * @since 5.2
+     */
+    public void setAuthenticationFailureHandler(final AuthenticationFailureHandler authenticationFailureHandler) {
+        Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
+        this.authenticationFailureHandler = authenticationFailureHandler;
+    }
+
+    /**
+     * Set the {@link AuthenticationDetailsSource} to use. Defaults to
+     * {@link WebAuthenticationDetailsSource}.
+     * @param authenticationDetailsSource the {@code AuthenticationConverter} to use
+     * @since 5.5
+     */
+    public void setAuthenticationDetailsSource(
+            AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
+        Assert.notNull(authenticationDetailsSource, "authenticationDetailsSource cannot be null");
+        this.authenticationDetailsSource = authenticationDetailsSource;
+    }
+
+    // TAK
+    @Override
+    protected boolean shouldNotFilterAsyncDispatch() {
+        return false;
+    }
+}
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
index 2e512e9e..50e768fa 100644
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -2,13 +2,13 @@
 
 import java.io.IOException;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
@@ -144,7 +144,7 @@ protected boolean principalChanged(HttpServletRequest request, Authentication cu
 			return false;
 		}
 
-		if(logger.isDebugEnabled()) {
+		if (logger.isDebugEnabled()) {
 			logger.debug("Pre-authenticated principal has changed to " + principal + " and will be reauthenticated");
 		}
 		return true;
@@ -200,7 +200,7 @@ private boolean requiresAuthentication(HttpServletRequest request) {
 			return false;
 		}
 
-		if(!principalChanged(request, currentUser)) {
+		if (!principalChanged(request, currentUser)) {
 			return false;
 		}
 
@@ -237,7 +237,7 @@ protected void successfulAuthentication(HttpServletRequest request,
 					authResult, this.getClass()));
 		}
 
-		if(authenticationSuccessHandler != null) {
+		if (authenticationSuccessHandler != null) {
 			authenticationSuccessHandler.onAuthenticationSuccess(request, response, authResult);
 		}
 	}
@@ -257,7 +257,7 @@ protected void unsuccessfulAuthentication(HttpServletRequest request,
 		}
 		request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, failed);
 
-		if(authenticationFailureHandler != null) {
+		if (authenticationFailureHandler != null) {
 			authenticationFailureHandler.onAuthenticationFailure(request, response, failed);
 		}
 	}
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
index ed89ddfb..52815a4c 100644
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
+++ b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/preauth/x509/X509AuthenticationFilter.java
@@ -3,11 +3,11 @@
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 
@@ -35,7 +35,7 @@ protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
 
 	private X509Certificate extractClientCertificate(HttpServletRequest request) {
 		X509Certificate[] certs = (X509Certificate[]) request
-				.getAttribute("javax.servlet.request.X509Certificate");
+				.getAttribute("jakarta.servlet.request.X509Certificate");
 
 		if (certs != null && certs.length > 0) {
 			if (logger.isDebugEnabled()) {
@@ -60,6 +60,7 @@ public void setPrincipalExtractor(X509PrincipalExtractor principalExtractor) {
      * Try to authenticate a pre-authenticated user with Spring Security if the user has
      * not yet been authenticated.
      */
+	@Override
     public void doFilter(ServletRequest request, ServletResponse response,
             FilterChain chain) throws IOException, ServletException {
     	
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
index 6c0c3274..6e8a20a0 100644
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
+++ b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java
@@ -5,10 +5,10 @@
 import java.util.List;
 import java.util.Locale;
 
-import javax.annotation.Resource;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.annotation.Resource;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.google.common.base.Strings;
 import org.slf4j.Logger;
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
index ba6f05e9..ab24a3ee 100644
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
+++ b/src/takserver-core/takserver-war/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -5,11 +5,11 @@
 import java.util.List;
 import java.util.Locale;
 
-import javax.annotation.Resource;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.annotation.Resource;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.google.common.base.Strings;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/web/multipart/support/StandardMultipartHttpServletRequest.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/web/multipart/support/StandardMultipartHttpServletRequest.java
index 73f10ad2..c9728671 100644
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/web/multipart/support/StandardMultipartHttpServletRequest.java
+++ b/src/takserver-core/takserver-war/src/main/java/org/springframework/web/multipart/support/StandardMultipartHttpServletRequest.java
@@ -32,8 +32,8 @@
 import java.util.Map;
 import java.util.Set;
 import javax.mail.internet.MimeUtility;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.Part;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.Part;
 
 import org.springframework.http.ContentDisposition;
 import org.springframework.http.HttpHeaders;
diff --git a/src/takserver-core/takserver-war/src/main/java/org/springframework/web/multipart/support/StandardServletMultipartResolver.java b/src/takserver-core/takserver-war/src/main/java/org/springframework/web/multipart/support/StandardServletMultipartResolver.java
index a3adfb39..4d6e77f3 100644
--- a/src/takserver-core/takserver-war/src/main/java/org/springframework/web/multipart/support/StandardServletMultipartResolver.java
+++ b/src/takserver-core/takserver-war/src/main/java/org/springframework/web/multipart/support/StandardServletMultipartResolver.java
@@ -16,8 +16,8 @@
 
 package org.springframework.web.multipart.support;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.Part;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.Part;
 
 import org.apache.commons.logging.LogFactory;
 
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/ActiveGroupCacheHelper.java b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/ActiveGroupCacheHelper.java
index baa29e24..0ca231a6 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/ActiveGroupCacheHelper.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/ActiveGroupCacheHelper.java
@@ -1,10 +1,13 @@
 package tak.server.cache;
 
 import com.bbn.marti.remote.CoreConfig;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import com.bbn.marti.remote.exception.TakException;
 import com.bbn.marti.remote.groups.Direction;
 import com.bbn.marti.remote.groups.Group;
 import com.bbn.marti.remote.groups.GroupManager;
+import com.bbn.marti.remote.groups.User;
+import com.google.common.collect.Sets;
 import org.apache.ignite.Ignite;
 import org.apache.ignite.IgniteCache;
 import org.slf4j.Logger;
@@ -20,10 +23,9 @@
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentSkipListSet;
 import java.util.concurrent.CopyOnWriteArrayList;
 
 
@@ -37,9 +39,6 @@ public class ActiveGroupCacheHelper {
     @Autowired
     private Ignite ignite;
 
-    @Autowired
-    private CoreConfig config;
-
     @Autowired
     private DataSource ds;
 
@@ -48,7 +47,7 @@ public class ActiveGroupCacheHelper {
     public void init() {
         try {
             // restore active group cache from the database
-            if (config.getRemoteConfiguration().getAuth().isX509UseGroupCache()) {
+            if (CoreConfigFacade.getInstance().getRemoteConfiguration().getAuth().isX509UseGroupCache()) {
                 getActiveGroupsCache();
             }
         } catch (Exception e) {
@@ -185,4 +184,61 @@ public Map<String, List<Group>> loadActiveGroups() {
             return null;
         }
     }
+
+    public boolean assignGroupsCheckCache(Set<Group> groups, User user, String username) {
+
+        // check to see if we have any cache entries for the current username
+        List<Group> activeGroups = getActiveGroupsForUser(username);
+        if (activeGroups == null) {
+            activeGroups = new LinkedList<>();
+        }
+
+        // recreate as a full LinkedList to support delete (cant delete on list coming from cache)
+        activeGroups = new LinkedList<>(activeGroups);
+
+        // keep track of this user even if there are no groups
+        groupManager.addUser(user);
+
+        // find groups that need to get removed from the cache
+        Set<Group> cacheGroups = new ConcurrentSkipListSet<>(activeGroups);
+        Set<Group> removals = Sets.difference(cacheGroups, groups);
+        activeGroups.removeAll(removals);
+
+        // find groups that need to get added to the cache
+        Set<Group> adds = Sets.difference(groups, cacheGroups);
+        activeGroups.addAll(adds);
+
+        for (Group group : adds) {
+            group.setActive(false);
+        }
+
+        // if we only have one group, make sure its active
+        if (activeGroups.size() == 1) {
+            activeGroups.get(0).setActive(true);
+            // need to check case when size=2 for IN/OUT groups with same name
+        } else if (activeGroups.size() == 2 && activeGroups.get(0).getName().equals(activeGroups.get(1).getName())) {
+            activeGroups.get(0).setActive(true);
+            activeGroups.get(1).setActive(true);
+        }
+
+        // update the cache if required
+        boolean updated = adds.size() > 0 || removals.size() > 0;
+        if (updated) {
+            setActiveGroupsForUser(username, activeGroups);
+        }
+
+        // remove any inactive cache entries prior to push the groups to the user
+        Iterator<Group> activeGroupIter = activeGroups.iterator();
+        while (activeGroupIter.hasNext()) {
+            Group activeGroup = activeGroupIter.next();
+            if (!activeGroup.getActive()) {
+                activeGroupIter.remove();
+            }
+        }
+
+        // do the group updates based on this set of groups
+        groupManager.updateGroups(user, new ConcurrentSkipListSet<>(activeGroups));
+
+        return updated;
+    }
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/CoTCacheHelper.java b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/CoTCacheHelper.java
index 6ba2ef12..1b5fc1b9 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/CoTCacheHelper.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/CoTCacheHelper.java
@@ -4,12 +4,20 @@
 import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.SQLException;
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
 import javax.sql.DataSource;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.ignite.Ignite;
 import org.apache.ignite.IgniteCache;
@@ -59,9 +67,6 @@ public class CoTCacheHelper {
 	@Autowired
 	private DataSource dataSource;
 
-	@Autowired
-	private CoreConfig coreConfig;
-
 	private boolean messagingProfileActive = false;
 
 	private int maxCacheSize;
@@ -70,7 +75,7 @@ public class CoTCacheHelper {
 
 	@PostConstruct
 	private void postConstruct() {
-		maxCacheSize = coreConfig.getRemoteConfiguration().getBuffer().getQueue().getCotCacheMaxSize();
+		maxCacheSize = CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getQueue().getCotCacheMaxSize();
 	}
 
 	private IgniteCache<Object, Object> getCoTCache() {
@@ -91,6 +96,7 @@ private IgniteCache<Object, Object> getCoTCache() {
 			}
 		}
 
+		CoreConfig coreConfig = CoreConfigFacade.getInstance();
 		// use on-heap memory
 		boolean onHeapEnabled = coreConfig.getRemoteConfiguration().getBuffer().getQueue().isOnHeapEnabled();
 		cacheConfig.setOnheapCacheEnabled(onHeapEnabled);
@@ -443,7 +449,7 @@ public Collection<CotCacheWrapper> getLatestCotWrappersForUids(Set<String> uids,
 		getCoTCache().putAll(cachePutMap);
 
 		for (Object val : cacheWrapperMap.values()) {
-			
+
 			if (addDetails || remoteUtil.isGroupVectorAllowed(groupVector, ((CotCacheWrapper) val).getGroupsBitVectorString())) {
 				results.add((CotCacheWrapper) val);
 			}
@@ -474,41 +480,41 @@ private CotElement queryLatestCotElementForUid(String uid, String groupVector) {
 							uid,
 							groupVector},
 					new ResultSetExtractor<CotElement>() {
-				@Override
-				public CotElement extractData(ResultSet results) throws SQLException {
-					if (results == null) {
-						throw new IllegalStateException("null result set");
-					}
-
-					if (results.next()) {
-						CotElement cotElement = new CotElement();
-						cotElement.uid = results.getString(1);
-						cotElement.lon = results.getDouble(2);
-						cotElement.lat = results.getDouble(3);
-						cotElement.hae = results.getString(4);
-						cotElement.cottype = results.getString(5);
-						cotElement.servertime = results.getTimestamp(6);
-						cotElement.le = results.getDouble(7);
-						cotElement.detailtext = results.getString(8);
-						cotElement.cotId = results.getLong(9);
-						cotElement.how = results.getString(10);
-						cotElement.staletime = results.getTimestamp(11);
-						cotElement.ce = results.getDouble(12);
-						cotElement.groupString = results.getString(13);
-
-						return cotElement;
-					} 
-
-					return null;
-				}
-			});
+						@Override
+						public CotElement extractData(ResultSet results) throws SQLException {
+							if (results == null) {
+								throw new IllegalStateException("null result set");
+							}
+
+							if (results.next()) {
+								CotElement cotElement = new CotElement();
+								cotElement.uid = results.getString(1);
+								cotElement.lon = results.getDouble(2);
+								cotElement.lat = results.getDouble(3);
+								cotElement.hae = results.getString(4);
+								cotElement.cottype = results.getString(5);
+								cotElement.servertime = results.getTimestamp(6);
+								cotElement.le = results.getDouble(7);
+								cotElement.detailtext = results.getString(8);
+								cotElement.cotId = results.getLong(9);
+								cotElement.how = results.getString(10);
+								cotElement.staletime = results.getTimestamp(11);
+								cotElement.ce = results.getDouble(12);
+								cotElement.groupString = results.getString(13);
+
+								return cotElement;
+							}
+
+							return null;
+						}
+					});
 
 		} catch (Exception e) {
 			logger.error("sql exception in getLatestCotForUids! " + e.getMessage());
 			return null;
 		}
 	}
-	
+
 	private Collection<CotElement> queryLatestCotElementsForUids(Set<String> uids, String groupVector) {
 
 		try (Connection connection = dataSource.getConnection()) {
@@ -526,44 +532,44 @@ private Collection<CotElement> queryLatestCotElementsForUids(Set<String> uids, S
 			return new JdbcTemplate(dataSource).query(sql,
 					new Object[] {
 							uidArray
-			},
+					},
 					new ResultSetExtractor<List<CotElement>>() {
-				@Override
-				public List<CotElement> extractData(ResultSet results) throws SQLException {
-					if (results == null) {
-						throw new IllegalStateException("null result set");
-					}
-
-					LinkedList<CotElement> cotElements = new LinkedList<>();
-					while (results.next()) {
-						CotElement cotElement = new CotElement();
-						cotElement.uid = results.getString(1);
-						cotElement.lon = results.getDouble(2);
-						cotElement.lat = results.getDouble(3);
-						cotElement.hae = results.getString(4);
-						cotElement.cottype = results.getString(5);
-						cotElement.servertime = results.getTimestamp(6);
-						cotElement.le = results.getDouble(7);
-						cotElement.detailtext = results.getString(8);
-						cotElement.cotId = results.getLong(9);
-						cotElement.how = results.getString(10);
-						cotElement.staletime = results.getTimestamp(11);
-						cotElement.ce = results.getDouble(12);
-						cotElement.groupString = results.getString(13);
-
-						cotElements.add(cotElement);
-					}
-
-					return cotElements;
-				}
-			});
+						@Override
+						public List<CotElement> extractData(ResultSet results) throws SQLException {
+							if (results == null) {
+								throw new IllegalStateException("null result set");
+							}
+
+							LinkedList<CotElement> cotElements = new LinkedList<>();
+							while (results.next()) {
+								CotElement cotElement = new CotElement();
+								cotElement.uid = results.getString(1);
+								cotElement.lon = results.getDouble(2);
+								cotElement.lat = results.getDouble(3);
+								cotElement.hae = results.getString(4);
+								cotElement.cottype = results.getString(5);
+								cotElement.servertime = results.getTimestamp(6);
+								cotElement.le = results.getDouble(7);
+								cotElement.detailtext = results.getString(8);
+								cotElement.cotId = results.getLong(9);
+								cotElement.how = results.getString(10);
+								cotElement.staletime = results.getTimestamp(11);
+								cotElement.ce = results.getDouble(12);
+								cotElement.groupString = results.getString(13);
+
+								cotElements.add(cotElement);
+							}
+
+							return cotElements;
+						}
+					});
 
 		} catch (Exception e) {
 			logger.error("exception in getLatestCotForUids ", e);
 			return null;
 		}
 	}
-	
+
 
 	private boolean isDisabled() {
 		return maxCacheSize < 1;
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/ContactCacheHelper.java b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/ContactCacheHelper.java
index f46e5210..d220df9d 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/ContactCacheHelper.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/ContactCacheHelper.java
@@ -3,8 +3,9 @@
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 
@@ -17,12 +18,8 @@
 public class ContactCacheHelper {
 
 	private static final Logger log = Logger.getLogger(ContactCacheHelper.class);
-	
-	private Cache<String, List<ClientEndpoint>> contactCache;
-
 
-	@Autowired
-	private CoreConfig config;
+	private Cache<String, List<ClientEndpoint>> contactCache;
 
 	@PostConstruct
 	public void init() {
@@ -30,10 +27,10 @@ public void init() {
 		if (log.isDebugEnabled()) {
 			log.debug("in init");
 		}
-		
+
 		contactCache = Caffeine.newBuilder()
-				  .expireAfterWrite(config.getCachedConfiguration().getBuffer().getQueue().getContactCacheUpdateRateLimitSeconds() * 4, TimeUnit.SECONDS)
-				  .build();
+				.expireAfterWrite(CoreConfigFacade.getInstance().getCachedConfiguration().getBuffer().getQueue().getContactCacheUpdateRateLimitSeconds() * 4, TimeUnit.SECONDS)
+				.build();
 	}
 
 	// invalidate the contact cache 
@@ -41,13 +38,13 @@ public void clearContactCache() {
 
 		// concurrently hitting this block can result in concurrent invalidations - this is intentional
 		try {
-			
+
 			if (contactCache != null) {
 				contactCache.invalidateAll();
 			}
 		} catch (Exception e) {
 			throw new TakException(e);
-		} 
+		}
 	}
 
 	public Cache<String, List<ClientEndpoint>> getContactsCache() {
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/DataFeedCotCacheHelper.java b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/DataFeedCotCacheHelper.java
index 7b110ce3..63451c92 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/DataFeedCotCacheHelper.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/DataFeedCotCacheHelper.java
@@ -7,12 +7,13 @@
 import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import com.bbn.marti.config.DataFeed;
 import com.bbn.marti.remote.CoreConfig;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.github.benmanes.caffeine.cache.Cache;
 import com.github.benmanes.caffeine.cache.Caffeine;
 
@@ -20,10 +21,7 @@
 
 public class DataFeedCotCacheHelper {
 	private static final Logger logger = Logger.getLogger(DataFeedCotCacheHelper.class);
-	
-	@Autowired
-	private CoreConfig config;
-	
+
 	private static DataFeedCotCacheHelper instance;
 	public static DataFeedCotCacheHelper getInstance() {
 		if (instance == null) {
@@ -35,16 +33,16 @@ public static DataFeedCotCacheHelper getInstance() {
 		}
 		return instance;
 	}
-	
+
 	private Map<String, Cache<String, CotEventContainer>> dataFeedCaches = new HashMap<>();
 	private Cache<String, CotEventContainer> latestSACacheForDataFeed(DataFeed dataFeed) {
 		Cache<String, CotEventContainer> cache = dataFeedCaches.get(dataFeed.getUuid());
 		if (cache == null) {
 			synchronized (this) {
 				if (cache == null) {
-					Caffeine<Object, Object> builder = Caffeine.newBuilder();					
+					Caffeine<Object, Object> builder = Caffeine.newBuilder();
 					cache = builder.expireAfterWrite(dataFeed.getSyncCacheRetentionSeconds(), TimeUnit.SECONDS).build();
-					
+
 					dataFeedCaches.put(dataFeed.getUuid(), cache);
 				}
 			}
@@ -52,18 +50,18 @@ private Cache<String, CotEventContainer> latestSACacheForDataFeed(DataFeed dataF
 
 		return cache;
 	}
-	
+
 	public void cacheDataFeedEvent(DataFeed dataFeed, CotEventContainer data) {
-		if (dataFeed.isSync() && config.getRemoteConfiguration().getBuffer().getLatestSA().isEnable()) {
-			
+		if (dataFeed.isSync() && CoreConfigFacade.getInstance().getRemoteConfiguration().getBuffer().getLatestSA().isEnable()) {
+
 			Cache<String, CotEventContainer> cache = latestSACacheForDataFeed(dataFeed);
 			cache.put(data.getUid(), data);
 		}
 	}
-	
+
 	public Collection<CotEventContainer> getCachedDataFeedEvents(String dataFeedUid) {
 		Cache<String, CotEventContainer> cache = dataFeedCaches.get(dataFeedUid);
-		
+
 		if (cache == null) {
 			return new ArrayList<>();
 		} else {
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/DatafeedCacheHelper.java b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/DatafeedCacheHelper.java
index 1ed7a3ea..3e892050 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/DatafeedCacheHelper.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/DatafeedCacheHelper.java
@@ -3,6 +3,7 @@
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -18,15 +19,12 @@
 
 public class DatafeedCacheHelper {
 
-    private static final Logger log = LoggerFactory.getLogger(DatafeedCacheHelper.class);
+	private static final Logger log = LoggerFactory.getLogger(DatafeedCacheHelper.class);
 
 	private Cache<String, List<PluginDataFeed>> pluginDatafeedCache;
 
 	public static final String ALL_PLUGIN_DATAFEED_KEY = "ALL_PLUGIN_DATAFEED_KEY";
 
-	@Autowired
-	private CoreConfig config;
-	
 	private boolean init = false;
 
 	@EventListener({ContextRefreshedEvent.class})
@@ -35,52 +33,52 @@ public void init() {
 		if (log.isDebugEnabled()) {
 			log.debug("in init");
 		}
-		
+
 		pluginDatafeedCache = Caffeine.newBuilder()
-				  .expireAfterWrite(config.getCachedConfiguration().getBuffer().getQueue().getPluginDatafeedCacheSeconds(), TimeUnit.SECONDS)
-				  .build();
-		
-		log.info("Done initializing PluginDatafeedCacheHelper with buffer cache value: {} seconds", String.valueOf(config.getCachedConfiguration().getBuffer().getQueue().getPluginDatafeedCacheSeconds()));
-		
+				.expireAfterWrite(CoreConfigFacade.getInstance().getCachedConfiguration().getBuffer().getQueue().getPluginDatafeedCacheSeconds(), TimeUnit.SECONDS)
+				.build();
+
+		log.info("Done initializing PluginDatafeedCacheHelper with buffer cache value: {} seconds", String.valueOf(CoreConfigFacade.getInstance().getCachedConfiguration().getBuffer().getQueue().getPluginDatafeedCacheSeconds()));
+
 		init = true;
 	}
 
 	public void clearCache() {
 
 		try {
-			
+
 			if (pluginDatafeedCache != null) {
 				pluginDatafeedCache.invalidateAll();
 			}
 		} catch (Exception e) {
 			throw new TakException(e);
-		} 
+		}
 	}
 
 	public Cache<String, List<PluginDataFeed>> getPluginDatafeedCache() {
 		if (!init) {
 			throw new TakException("plugin data feed cache not initialized");
 		}
-		
+
 		return pluginDatafeedCache;
 	}
 
 	public List<PluginDataFeed> getPluginDatafeed(String feedUuid) {
 		return getPluginDatafeedCache().getIfPresent(feedUuid);
 	}
-	
+
 	public void cachePluginDatafeed(String feedUuid, List<PluginDataFeed> pluginDatafeed) {
 		getPluginDatafeedCache().put(feedUuid, pluginDatafeed);
 	}
-	
+
 	public List<PluginDataFeed> getAllPluginDatafeeds() {
 		return getPluginDatafeedCache().getIfPresent(ALL_PLUGIN_DATAFEED_KEY);
 	}
-	
+
 	public void cacheAllPluginDatafeeds(List<PluginDataFeed> allPluginDatafeeds) {
 		getPluginDatafeedCache().put(ALL_PLUGIN_DATAFEED_KEY, allPluginDatafeeds);
 	}
-	
+
 	public void invalidate(String key) {
 		getPluginDatafeedCache().invalidate(key);
 	}
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/HibernateProxyTypeAdapter.java b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/HibernateProxyTypeAdapter.java
new file mode 100644
index 00000000..650e3b68
--- /dev/null
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/HibernateProxyTypeAdapter.java
@@ -0,0 +1,56 @@
+package tak.server.cache;
+
+import java.io.IOException;
+
+import org.hibernate.Hibernate;
+import org.hibernate.proxy.HibernateProxy;
+
+import com.google.gson.Gson;
+import com.google.gson.TypeAdapter;
+import com.google.gson.TypeAdapterFactory;
+import com.google.gson.reflect.TypeToken;
+import com.google.gson.stream.JsonReader;
+import com.google.gson.stream.JsonWriter;
+
+/**
+ * This TypeAdapter unproxies Hibernate proxied objects, and serializes them
+ * through the registered (or default) TypeAdapter of the base class.
+ */
+public class HibernateProxyTypeAdapter extends TypeAdapter<HibernateProxy> {
+
+    public static final TypeAdapterFactory FACTORY = new TypeAdapterFactory() {
+        @Override
+        @SuppressWarnings("unchecked")
+        public <T> TypeAdapter<T> create(Gson gson, TypeToken<T> type) {
+            return (HibernateProxy.class.isAssignableFrom(type.getRawType()) ? (TypeAdapter<T>) new HibernateProxyTypeAdapter(gson) : null);
+        }
+    };
+    private final Gson context;
+
+    private HibernateProxyTypeAdapter(Gson context) {
+        this.context = context;
+    }
+
+    @Override
+    public HibernateProxy read(JsonReader	 in) throws IOException {
+        throw new UnsupportedOperationException("Not supported");
+    }
+
+    @SuppressWarnings({"rawtypes", "unchecked"})
+    @Override
+    public void write(JsonWriter out, HibernateProxy value) throws IOException {
+        if (value == null) {
+            out.nullValue();
+            return;
+        }
+        // Retrieve the original (not proxy) class
+        Class<?> baseType = Hibernate.getClass(value);
+        // Get the TypeAdapter of the original class, to delegate the serialization
+        TypeAdapter delegate = context.getAdapter(TypeToken.get(baseType));
+        // Get a filled instance of the original class
+        Object unproxiedValue = ((HibernateProxy) value).getHibernateLazyInitializer()
+                .getImplementation();
+        // Serialize the value
+        delegate.write(out, unproxiedValue);
+    }
+}
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/MissionCacheHelper.java b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/MissionCacheHelper.java
index 8e4ce6e0..bc3f6ce8 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/MissionCacheHelper.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/MissionCacheHelper.java
@@ -33,7 +33,7 @@ public class MissionCacheHelper {
 	private static final AtomicBoolean isInvalidateAllMissionCache = new AtomicBoolean(false);
 
 	private static final Logger logger = LoggerFactory.getLogger(MissionCacheHelper.class);
-
+	
 	public Mission getMission(String missionName, boolean hydrateDetails, boolean skipCache) {
 
 		if (Strings.isNullOrEmpty(missionName)) {
@@ -46,9 +46,7 @@ public Mission getMission(String missionName, boolean hydrateDetails, boolean sk
 
 		String key = getKey(missionName, hydrateDetails);
 
-		if (logger.isDebugEnabled()) {
-			logger.debug("getMission cache key: " + key);
-		}
+		logger.debug("getMission cache key: {} ", key);
 
 		Mission mission = null;
 
@@ -65,23 +63,29 @@ public Mission getMission(String missionName, boolean hydrateDetails, boolean sk
 		}
 
 		if (mission == null) {
-
 			if (logger.isDebugEnabled()) {
-				logger.debug("cache miss for " + key);
+				logger.debug("cache miss for {}", key);
 			}
 
 			mission = doMissionQuery(missionName, hydrateDetails);
 
 			if (mission != null) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("Unproxy ExternalMissionData and MapLayer");
+				}
+				
+				UnproxyHelper.unproxyMission(mission);
 
 				// cache the mission with the appropriate key
 				getCache(missionName).put(key, mission);
+
 			}
 
 		} else {
 			if (logger.isDebugEnabled()) {
 				logger.debug("cache hit for " + key);
 			}
+
 		}
 
 		return mission;
@@ -124,6 +128,12 @@ public Mission getMissionByGuid(UUID guid, boolean hydrateDetails, boolean skipC
 			mission = doMissionQueryGuid(guid, hydrateDetails);
 
 			if (mission != null) {
+				
+				if (logger.isDebugEnabled()) {
+					logger.debug("Unproxy ExternalMissionData and MapLayer");
+				}
+				
+				UnproxyHelper.unproxyMission(mission);
 
 				// cache the mission with the appropriate key
 				getCache(guid).put(key, mission);
@@ -141,13 +151,17 @@ public Mission getMissionByGuid(UUID guid, boolean hydrateDetails, boolean skipC
 	private Mission doMissionQuery(String missionName, boolean hydrateDetails) {
 
 		Mission mission = missionRepository.getByNameNoCache(missionName);
-
+		
 		if (logger.isTraceEnabled()) {
 			logger.trace("mission {} : {} ", missionName, mission);
 		}
-
-		if (mission != null && hydrateDetails) {
-			missionService.hydrate(mission, hydrateDetails);
+		
+		if (mission != null) {
+			if (hydrateDetails) {
+				missionService.hydrate(mission, hydrateDetails);
+			}else {
+				missionService.hydrateFeedNameForMission(mission);				
+			}
 		}
 
 		return mission;
@@ -161,79 +175,12 @@ private Mission doMissionQueryGuid(UUID guid, boolean hydrateDetails) {
 		
 		if (mission != null && hydrateDetails) {
 			missionService.hydrate(mission, hydrateDetails);
+			missionService.hydrateFeedNameForMission(mission);
 		}
-
+		
 		return mission;
 	}
 
-	public void putMission(Mission mission, boolean isDetailHydrated) {
-
-		if (mission == null) {
-			throw new IllegalArgumentException("null mission");
-		}
-
-
-		if (Strings.isNullOrEmpty(mission.getName())) {
-			throw new IllegalArgumentException("empty mission name");
-		}
-
-		String key = getKey(mission.getName(), isDetailHydrated);
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("put mission key: " + key + " isHydrated: " + isDetailHydrated + " mission: " + mission);
-		}
-
-		getCache(mission.getName()).put(key, mission);
-	}
-
-	public void putMissionIfDirty(Mission mission, boolean isDetailHydrated) {
-
-		if (mission == null) {
-			throw new IllegalArgumentException("null mission");
-		}
-
-
-		if (Strings.isNullOrEmpty(mission.getName())) {
-			throw new IllegalArgumentException("empty mission name");
-		}
-
-		String key = getKey(mission.getName(), isDetailHydrated);
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("putIfDirty cache key: " + key);
-		}
-
-		Object result = getCache(mission.getName()).get(key);
-
-		if (result == null) {
-			if (logger.isDebugEnabled()) {
-				logger.debug("no cache entry for key: " + key + " - putting");
-			}
-
-			getCache(mission.getName()).put(key, mission);
-		}
-	}
-
-	public void clear(Mission mission, boolean isDetailHydrated) {
-
-		if (mission == null) {
-			throw new IllegalArgumentException("null mission - can't remove");
-		}
-
-		if (Strings.isNullOrEmpty(mission.getName())) {
-			throw new IllegalArgumentException("empty mission name");
-		}
-
-		String key = getKey(mission.getName(), isDetailHydrated);
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("clear mission key: " + key + " isHydrated: " + isDetailHydrated);
-		}
-
-		//		getMissionCache(mission.getName()).put(key, "null");
-		getCache(mission.getName()).removeAsync(key);
-	}
-
 	/*
 	 * Get the Ignite cache created by the Spring cache manager so that the options will be the same and ensure that it's the same one
 	 */
@@ -247,14 +194,13 @@ public IgniteCache<Object, Object> getCache(String cacheName) {
 		}
 
 		return ((IgniteCache<Object, Object>) springNativeCache); 
-
 	}
 	
 	/*
 	 * Get the Ignite cache created by the Spring cache manager so that the options will be the same and ensure that it's the same one
 	 */
 	@SuppressWarnings("unchecked")
-	public IgniteCache<Object, Object> getCache(UUID cacheUUID) {
+	private IgniteCache<Object, Object> getCache(UUID cacheUUID) {
 
 		Object springNativeCache = cacheManager.getCache(cacheUUID.toString()).getNativeCache();
 
@@ -266,12 +212,12 @@ public IgniteCache<Object, Object> getCache(UUID cacheUUID) {
 
 	}
 
-	public String getKey(String missionName, boolean hydrateDetails) {
+	private String getKey(String missionName, boolean hydrateDetails) {
 
 		return "[getMission, " + missionName.toLowerCase() + ", " + (hydrateDetails ? "true, hydrated" : "false") + "]";
 	}
 	
-	public String getKeyGuid(UUID guid, boolean hydrateDetails) {
+	private String getKeyGuid(UUID guid, boolean hydrateDetails) {
 
 		return "[missionguid_" + guid + "_" + (hydrateDetails ? "true, hydrated" : "false") + "]";
 	}
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/cache/UnproxyHelper.java b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/UnproxyHelper.java
new file mode 100644
index 00000000..091b42fd
--- /dev/null
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/cache/UnproxyHelper.java
@@ -0,0 +1,59 @@
+package tak.server.cache;
+
+import java.util.Set;
+import java.util.concurrent.ConcurrentSkipListSet;
+
+import org.hibernate.Hibernate;
+
+import com.bbn.marti.maplayer.model.MapLayer;
+import com.bbn.marti.sync.model.ExternalMissionData;
+import com.bbn.marti.sync.model.Mission;
+import com.bbn.marti.sync.model.MissionChange;
+import com.bbn.marti.sync.model.MissionFeed;
+import com.bbn.marti.sync.model.Resource;
+
+public class UnproxyHelper {
+	
+	public static void unproxyMission(Mission mission) {
+		
+		Set<ExternalMissionData> unproxiedExtDataSet = getUnproxySet(mission.getExternalData());
+		mission.setExternalData(unproxiedExtDataSet);
+		
+		Set<MapLayer> unproxiedMapLayers = getUnproxySet(mission.getMapLayers());
+		mission.setMapLayers(unproxiedMapLayers);
+		
+		Set<MissionFeed> unproxyMissionFeed = getUnproxySet(mission.getFeeds());
+		mission.setFeeds(unproxyMissionFeed);
+		
+		Set<String> unproxiedKeywords = getUnproxySet(mission.getKeywords());
+		mission.setKeywords(unproxiedKeywords);
+		
+		Set<Mission> unproxiedChildren = getUnproxySet(mission.getChildren());
+		mission.setChildren(unproxiedChildren);
+		
+		Set<Resource> unproxiedContents = getUnproxySet(mission.getContents());
+		mission.setContents(unproxiedContents);
+		
+		Set<MissionChange> unproxiedMissionChanges = getUnproxySet(mission.getMissionChanges());
+		mission.setMissionChanges(unproxiedMissionChanges);
+		
+		Set<String> unproxiedUids = getUnproxySet(mission.getUids());
+		mission.setUids(unproxiedUids);
+		
+	}
+
+	@SuppressWarnings("unchecked")
+	private static <T> Set<T> getUnproxySet(Set<T> set) {
+			
+		Set<T> unproxiedSet = new ConcurrentSkipListSet<>();
+		
+		if (set != null) {
+			for (T element : set) {
+				unproxiedSet.add((T)Hibernate.unproxy(element));
+			}
+		}
+				
+		return unproxiedSet;
+
+	}
+}
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/feeds/DataFeedDTO.java b/src/takserver-core/takserver-war/src/main/java/tak/server/feeds/DataFeedDTO.java
index 54ae09f0..1610752a 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/feeds/DataFeedDTO.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/feeds/DataFeedDTO.java
@@ -3,12 +3,12 @@
 import java.io.Serializable;
 import java.net.URL;
 
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonInclude.Include;
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/filemanager/FileManagerApi.java b/src/takserver-core/takserver-war/src/main/java/tak/server/filemanager/FileManagerApi.java
index 609ce7dd..84dd2d0d 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/filemanager/FileManagerApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/filemanager/FileManagerApi.java
@@ -1,22 +1,16 @@
 package tak.server.filemanager;
 
 import java.rmi.RemoteException;
-import java.text.ParseException;
 import java.time.Instant;
-import java.util.AbstractMap;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.NavigableSet;
-import java.util.Map.Entry;
 
-import javax.naming.NamingException;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
-import org.eclipse.jetty.http.MimeTypes;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.errors.IntrusionException;
 import org.owasp.esapi.errors.ValidationException;
@@ -24,23 +18,16 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.ByteArrayResource;
-import org.springframework.data.domain.Page;
-import org.springframework.data.domain.PageRequest;
-import org.springframework.data.domain.Pageable;
-import org.springframework.data.domain.Sort;
 
 import com.bbn.marti.sync.model.Resource;
 import org.springframework.http.ContentDisposition;
 import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 
 import com.bbn.marti.cot.search.model.ApiResponse;
@@ -55,7 +42,7 @@
 import com.bbn.marti.sync.repository.ResourceRepository;
 import com.bbn.marti.util.CommonUtil;
 import com.bbn.marti.util.spring.RequestHolderBean;
-import com.bbn.marti.util.spring.SpringContextBeanForApi;
+import com.bbn.marti.remote.util.SpringContextBeanForApi;
 import com.google.common.base.Strings;
 
 import tak.server.Constants;
@@ -122,43 +109,43 @@ public ApiResponse<Collection<Map<String, String>>> getFileMetadata(
 		 try {
 			 String resourceSort = getResourceColumnName(sort);
 			 List<Resource> files = null;
-			 if(mission.isBlank() && !missionPackage) {
-				 if(page == -1 || limit == -1) {
-				 	if(name.isBlank()) {
+			 if (mission.isBlank() && !missionPackage) {
+				 if (page == -1 || limit == -1) {
+				 	if (name.isBlank()) {
 				 		files = fileManagerService.findAllFiles(0, 0, resourceSort, ascending, groupVector);
 				 	} else {
 				 		files = fileManagerService.findByName(0, 0, resourceSort, ascending, name, groupVector);
 				 	}
 				 } else {
-					 if(name.isBlank()) {
+					 if (name.isBlank()) {
 						 files = fileManagerService.findAllFiles(limit, (page * limit), resourceSort, ascending, groupVector);
 					 } else {
 						 files = fileManagerService.findByName(limit, (page * limit), resourceSort, ascending, name, groupVector);
 					 }
 				 }
 			 } else if (mission.isBlank() && missionPackage) {
-				 if(page == -1 || limit == -1) {
-					 if(sort.isBlank()) {
+				 if (page == -1 || limit == -1) {
+					 if (sort.isBlank()) {
 						 files = fileManagerService.getMissionPackageResources(0, 0, "", true, name, groupVector);
 					 } else {
 						 files = fileManagerService.getMissionPackageResources(0, 0, resourceSort, ascending, name, groupVector);
 					 }
 				 }else {
-					 if(sort.isBlank()) {
+					 if (sort.isBlank()) {
 						 files = fileManagerService.getMissionPackageResources(limit, (page * limit), "", true, name, groupVector);
 					 } else {
 						 files = fileManagerService.getMissionPackageResources(limit, (page * limit), resourceSort, ascending, name, groupVector);
 					 }
 				 }
 			 }	else{
-				 if(page == -1 || limit == -1) {
-					 if(sort.isBlank()) {
+				 if (page == -1 || limit == -1) {
+					 if (sort.isBlank()) {
 						 files = fileManagerService.getResourcesByMission(mission, 0, 0,"", true, name, groupVector);
 					 } else {
 						 files = fileManagerService.getResourcesByMission(mission, 0, 0, resourceSort, ascending, name, groupVector);
 					 }
 				 }else {
-					 if(sort.isBlank()) {
+					 if (sort.isBlank()) {
 						 files = fileManagerService.getResourcesByMission(mission, limit, (page * limit), "", true, name, groupVector);
 					 } else {
 						 files = fileManagerService.getResourcesByMission(mission, limit, (page * limit), resourceSort, ascending, name, groupVector);
@@ -184,7 +171,7 @@ public ApiResponse<Integer> getFileCount(@RequestParam(value = "mission", defaul
 	 throws RemoteException{
 		 Integer count = 0;
 		 try {
-			 if(mission.isBlank() && !missionPackage) {
+			 if (mission.isBlank() && !missionPackage) {
 				 count = (int) resourceRepository.count();
 			 } else if (mission.isBlank() && missionPackage) {
 				 count = fileManagerService.getPackageResourceCount();
@@ -255,7 +242,7 @@ public void deleteFile(@PathVariable("hash") String hash) throws RemoteException
 		 }
 		 
 		 try {
-			 if(!hash.isEmpty()) {
+			 if (!hash.isEmpty()) {
 				 persistenceStore.delete(hash, groupVector);
 			 }
 			 
@@ -350,11 +337,11 @@ private Map<String,String> buildMetadataEntry(Metadata metadata){
 			 if (size == null ) {
 				entry.put("Size","Unknown");
 			 } else {
-				if(size < 1024) {
+				if (size < 1024) {
 					entry.put("Size", size + "B");
-			 } else if(size < MBYTES) {
+			 } else if (size < MBYTES) {
 				entry.put("Size", (size/KBYTES) + "kB");
-			 } else if(size < GBYTES) {
+			 } else if (size < GBYTES) {
 				entry.put("Size", size/MBYTES + "MB");
 			 } else {
 				entry.put("Size", size/GBYTES + "GB");
@@ -366,7 +353,7 @@ private Map<String,String> buildMetadataEntry(Metadata metadata){
 			 entry.put("MimeType", metadata.getFirstSafely(Metadata.Field.MIMEType));
 			 
 			 String[] keywordsArray = metadata.getKeywords();
-			 if(keywordsArray != null) {
+			 if (keywordsArray != null) {
 				 String keywords = String.join(",", metadata.getKeywords());
 				 entry.put("Keywords",keywords);
 			 } else {
@@ -406,11 +393,11 @@ private Map<String,String> buildResourceEntry(Resource resource, NavigableSet<Gr
 			 if (size == null ) {
 				entry.put("Size","Unknown");
 			 } else {
-				if(size < 1024) {
+				if (size < 1024) {
 					entry.put("Size", size + "B");
-			 } else if(size < MBYTES) {
+			 } else if (size < MBYTES) {
 				entry.put("Size", (size/KBYTES) + "kB");
-			 } else if(size < GBYTES) {
+			 } else if (size < GBYTES) {
 				entry.put("Size", size/MBYTES + "MB");
 			 } else {
 				entry.put("Size", size/GBYTES + "GB");
@@ -423,7 +410,7 @@ private Map<String,String> buildResourceEntry(Resource resource, NavigableSet<Gr
 			 
 			 resource.setKeywords(fileManagerService.getKeywordsForResource(resource.getHash()));
 			 List<String> keywordsArray = resource.getKeywords();
-			 if(keywordsArray != null) {
+			 if (keywordsArray != null) {
 				 String keywords = String.join(",", resource.getKeywords());
 				 entry.put("Keywords",keywords);
 			 } else {
@@ -447,7 +434,7 @@ private Map<String,String> buildResourceEntry(Resource resource, NavigableSet<Gr
 					resource.getGroupVector(), groups));
 			
 			NavigableSet<String> groupsArray = resource.getGroups();
-			if(groupsArray != null) {
+			if (groupsArray != null) {
 				 String groupString = String.join(",", groupsArray);
 				 entry.put("Groups",groupString);
 			 } else {
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/filemanager/FileManagerServiceDefaultImpl.java b/src/takserver-core/takserver-war/src/main/java/tak/server/filemanager/FileManagerServiceDefaultImpl.java
index 4921b722..d37d03be 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/filemanager/FileManagerServiceDefaultImpl.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/filemanager/FileManagerServiceDefaultImpl.java
@@ -13,9 +13,9 @@
 import java.util.Map;
 import java.util.TimeZone;
 
-import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
-import javax.persistence.Query;
+import jakarta.persistence.EntityManager;
+import jakarta.persistence.PersistenceContext;
+import jakarta.persistence.Query;
 import javax.sql.DataSource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -67,7 +67,7 @@ public List<String> extractData(ResultSet results) throws SQLException {
 						values.addAll(Lists.newArrayList((String[]) value.getArray()));
 					}
 				}
-				if(values.size() == 0) {
+				if (values.size() == 0) {
 					values.add("none");
 				}
 				return values;
@@ -80,24 +80,24 @@ public List<Resource> getMissionPackageResources(int limit, int offset, String s
 				   + "from resource where 'missionpackage' = ANY(keywords) AND " + RemoteUtil.getInstance().getGroupClause();
 		List<Object> params = new ArrayList<>();
 		params.add(groupVector);
-		if(!name.isBlank()) {
+		if (!name.isBlank()) {
 			sql = sql + "and name like ? ";
 			params.add("%"+name+"%");
 		}
 		// If Limit is 0, do not page
 		if (limit == 0) {
-			if(!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
+			if (!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
 				sql = sql + "order by " + getResourceColumnName(sort) + " ";
-				if(ascending) {
+				if (ascending) {
 					sql = sql + "asc ";
 				} else {
 					sql = sql + "desc ";
 				}
 			}
 		} else {
-			if(!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
+			if (!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
 				sql = sql + "order by " + getResourceColumnName(sort) + " ";
-				if(ascending) {
+				if (ascending) {
 					sql = sql + "asc ";
 				} else {
 					sql = sql + "desc ";
@@ -118,18 +118,18 @@ public List<Resource> findAllFiles(int limit, int offset, String sort, Boolean a
 		params.add(groupVector);
 		// If Limit is 0, do not page
 		if (limit == 0) {
-			if(!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
+			if (!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
 				sql = sql + "order by " + getResourceColumnName(sort) + " ";
-				if(ascending) {
+				if (ascending) {
 					sql = sql + "asc ";
 				} else {
 					sql = sql + "desc ";
 				}
 			}
 		} else {
-			if(!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
+			if (!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
 				sql = sql + "order by " + getResourceColumnName(sort) + " ";
-				if(ascending) {
+				if (ascending) {
 					sql = sql + "asc ";
 				} else {
 					sql = sql + "desc ";
@@ -148,24 +148,24 @@ public List<Resource> findByName(int limit, int offset, String sort, Boolean asc
 				   + "from resource where " + RemoteUtil.getInstance().getGroupClause();;
 		List<Object> params = new ArrayList<>();
 		params.add(groupVector);
-		if(!name.isBlank()) {
+		if (!name.isBlank()) {
 			sql = sql + "and name like ? ";
 			params.add("%"+name+"%");
 		}
 		// If Limit is 0, do not page
 		if (limit == 0) {
-			if(!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
+			if (!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
 				sql = sql + "order by " + getResourceColumnName(sort) + " ";
-				if(ascending) {
+				if (ascending) {
 					sql = sql + "asc ";
 				} else {
 					sql = sql + "desc ";
 				}
 			}
 		} else {
-			if(!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
+			if (!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
 				sql = sql + "order by " + getResourceColumnName(sort) + " ";
-				if(ascending) {
+				if (ascending) {
 					sql = sql + "asc ";
 				} else {
 					sql = sql + "desc ";
@@ -188,24 +188,24 @@ public List<Resource> getResourcesByMission(String mission, int limit, int offse
 		List<Object> params = new ArrayList<>();
 		params.add(mission);
 		params.add(groupVector);
-		if(!name.isBlank()) {
+		if (!name.isBlank()) {
 			sql = sql + "and r.name like ? ";
 			params.add("%"+name+"%");
 		}
 		// If Limit is 0, do not page
 		if (limit == 0) {
-			if(!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
+			if (!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
 				sql = sql + "order by " + getResourceColumnName(sort) + " ";
-				if(ascending) {
+				if (ascending) {
 					sql = sql + "asc ";
 				} else {
 					sql = sql + "desc ";
 				}
 			}
 		} else {
-			if(!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
+			if (!sort.isBlank() && !getResourceColumnName(sort).isBlank()) {
 				sql = sql + "order by " + getResourceColumnName(sort) + " ";
-				if(ascending) {
+				if (ascending) {
 					sql = sql + "asc ";
 				} else {
 					sql = sql + "desc ";
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/retention/RetentionApi.java b/src/takserver-core/takserver-war/src/main/java/tak/server/retention/RetentionApi.java
index 645321a9..d8d6a55d 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/retention/RetentionApi.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/retention/RetentionApi.java
@@ -3,8 +3,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.google.common.base.Strings;
 import org.owasp.esapi.errors.ValidationException;
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/system/ApiDependencyProxy.java b/src/takserver-core/takserver-war/src/main/java/tak/server/system/ApiDependencyProxy.java
index 278bef32..84aef671 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/system/ApiDependencyProxy.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/system/ApiDependencyProxy.java
@@ -18,8 +18,8 @@
 import tak.server.cache.CoTCacheHelper;
 
 public class ApiDependencyProxy implements ApplicationContextAware {
-	
-	
+
+
 	private static ApplicationContext springContext;
 
 	private static ApiDependencyProxy instance = null;
@@ -59,7 +59,7 @@ public ServerInfo serverInfo() {
 
 		return serverInfo;
 	}
-	
+
 	private MissionRoleRepository missionRoleRepository = null;
 
 	public MissionRoleRepository missionRoleRepository() {
@@ -87,7 +87,7 @@ public EnterpriseSyncService enterpriseSyncService() {
 
 		return enterpriseSyncService;
 	}
-	
+
 	private CoTCacheHelper cotCacheHelper = null;
 
 	public CoTCacheHelper cotCacheHelper() {
@@ -101,9 +101,9 @@ public CoTCacheHelper cotCacheHelper() {
 
 		return cotCacheHelper;
 	}
-	
+
 	private MissionRepository missionRepository = null;
-	
+
 	public MissionRepository missionRepository() {
 		if (missionRepository == null) {
 			synchronized (this) {
@@ -115,9 +115,9 @@ public MissionRepository missionRepository() {
 
 		return missionRepository;
 	}
-	
+
 	private SubscriptionManagerLite subscriptionManagerLite = null;
-	
+
 	public SubscriptionManagerLite subscriptionManagerLite() {
 		if (subscriptionManagerLite == null) {
 			synchronized (this) {
@@ -129,7 +129,7 @@ public SubscriptionManagerLite subscriptionManagerLite() {
 
 		return subscriptionManagerLite;
 	}
-	
+
 	private MissionService missionService = null;
 
 	public MissionService missionService() {
@@ -143,7 +143,7 @@ public MissionService missionService() {
 
 		return missionService;
 	}
-	
+
 	private GroupManager groupManager = null;
 
 	public GroupManager groupManager() {
@@ -157,7 +157,7 @@ public GroupManager groupManager() {
 
 		return groupManager;
 	}
-	
+
 	private PluginManager pluginManager = null;
 
 	public PluginManager pluginManager() {
@@ -171,7 +171,7 @@ public PluginManager pluginManager() {
 
 		return pluginManager;
 	}
-	
+
 	private CommonUtil commonUtil = null;
 
 	public CommonUtil commonUtil() {
@@ -185,17 +185,4 @@ public CommonUtil commonUtil() {
 
 		return commonUtil;
 	}
-
-	private CoreConfig coreConfig = null;
-
-	public CoreConfig coreConfig() {
-		if (coreConfig == null) {
-			synchronized (this) {
-				if (coreConfig == null) {
-					coreConfig = springContext.getBean(CoreConfig.class);
-				}
-			}
-		}
-		return coreConfig;
-	}
 }
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/util/ErrorController.java b/src/takserver-core/takserver-war/src/main/java/tak/server/util/ErrorController.java
index 6b8b705d..d94da2d3 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/util/ErrorController.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/util/ErrorController.java
@@ -7,8 +7,8 @@
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 
-import javax.servlet.RequestDispatcher;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.RequestDispatcher;
+import jakarta.servlet.http.HttpServletRequest;
 
 
 @Controller
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/util/ExecutorSource.java b/src/takserver-core/takserver-war/src/main/java/tak/server/util/ExecutorSource.java
index 6a9cc17b..bcc67d5c 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/util/ExecutorSource.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/util/ExecutorSource.java
@@ -16,11 +16,12 @@
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
 
-import com.bbn.marti.config.Buffer.Queue;
+import com.bbn.marti.config.Queue;
 import com.bbn.marti.config.Configuration;
 import com.bbn.marti.remote.CoreConfig;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
@@ -45,9 +46,9 @@ public class ExecutorSource {
 	
 	public final ExecutorService missionRepositoryProcessor;
 	
-	public ExecutorSource(CoreConfig coreConfig) {
+	public ExecutorSource() {
 		
-		config = coreConfig.getRemoteConfiguration();
+		config = CoreConfigFacade.getInstance().getRemoteConfiguration();
 
 		queue = config.getBuffer().getQueue();
 
diff --git a/src/takserver-core/takserver-war/src/main/java/tak/server/util/LoginAccessController.java b/src/takserver-core/takserver-war/src/main/java/tak/server/util/LoginAccessController.java
index 5ce62b2f..299753e1 100644
--- a/src/takserver-core/takserver-war/src/main/java/tak/server/util/LoginAccessController.java
+++ b/src/takserver-core/takserver-war/src/main/java/tak/server/util/LoginAccessController.java
@@ -1,9 +1,11 @@
 package tak.server.util;
 
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.view.InternalResourceView;
 
@@ -11,9 +13,17 @@
 @Controller
 public class LoginAccessController {
 
+	@Autowired
+	private HttpServletRequest request;
+
 	@PreAuthorize("hasRole('ROLE_NO_CLIENT_CERT') and hasRole('ROLE_ALLOW_LOGIN')")
 	@RequestMapping(value = "/login")
 	public ModelAndView getLoginPage() {
+
+		if (!HttpMethod.GET.matches(request.getMethod())) {
+			return null;
+		}
+
 		return new ModelAndView(new InternalResourceView("/Marti/login/index.html"));
 	}
 }
\ No newline at end of file
diff --git a/src/takserver-core/takserver-war/test/src/com/bbn/marti/service/IconsetIconTest.java b/src/takserver-core/takserver-war/test/src/com/bbn/marti/service/IconsetIconTest.java
index cd920073..abd3493b 100644
--- a/src/takserver-core/takserver-war/test/src/com/bbn/marti/service/IconsetIconTest.java
+++ b/src/takserver-core/takserver-war/test/src/com/bbn/marti/service/IconsetIconTest.java
@@ -5,8 +5,8 @@
 
 import java.io.StringReader;
 
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.Unmarshaller;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.Unmarshaller;
 
 import org.junit.Before;
 import org.junit.Test;
diff --git a/src/takserver-core/takserver-war/test/src/com/bbn/marti/util/PeekingIteratorTest.java b/src/takserver-core/takserver-war/test/src/com/bbn/marti/util/PeekingIteratorTest.java
index 1e78f8e9..4b2c9ce7 100644
--- a/src/takserver-core/takserver-war/test/src/com/bbn/marti/util/PeekingIteratorTest.java
+++ b/src/takserver-core/takserver-war/test/src/com/bbn/marti/util/PeekingIteratorTest.java
@@ -6,7 +6,6 @@
 import java.util.Iterator;
 import java.util.NoSuchElementException;
 
-import org.hamcrest.*;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.CoreMatchers.*;
 import static org.hamcrest.Matchers.*;
diff --git a/src/takserver-core/takserver-war/test/src/com/bbn/marti/util/RestrictedInputStreamTest.java b/src/takserver-core/takserver-war/test/src/com/bbn/marti/util/RestrictedInputStreamTest.java
index 29955343..0b23e1fc 100644
--- a/src/takserver-core/takserver-war/test/src/com/bbn/marti/util/RestrictedInputStreamTest.java
+++ b/src/takserver-core/takserver-war/test/src/com/bbn/marti/util/RestrictedInputStreamTest.java
@@ -9,7 +9,6 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 
-import org.hamcrest.*;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.CoreMatchers.*;
 import static org.hamcrest.Matchers.*;
diff --git a/src/takserver-fig-core/build.gradle b/src/takserver-fig-core/build.gradle
index 265ec831..24c1ccea 100644
--- a/src/takserver-fig-core/build.gradle
+++ b/src/takserver-fig-core/build.gradle
@@ -10,13 +10,11 @@ dependencies {
   implementation group: 'org.slf4j', name: 'slf4j-api', version: slf4j_version
   implementation group: 'org.slf4j', name: 'log4j-over-slf4j', version: slf4j_version
 
-  api 'javax.xml.bind:jaxb-api:' + jaxb_api_version
-
+  //api 'javax.xml.bind:jaxb-api:' + jaxb_api_version
+  api group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: jakarta_xml_bind_api_version
 
   //implementation 'javax.activation:activation:' + javax_activation_version
 
-  implementation 'javax.annotation:javax.annotation-api:' + javax_annotation_api_version
-
   // for netty performance, put javassist on the classpath
   implementation group: 'org.javassist', name: 'javassist', version: javassist_version
 
diff --git a/src/takserver-fig-core/rol/build.gradle b/src/takserver-fig-core/rol/build.gradle
index ea7d24b1..e8dcbbc2 100644
--- a/src/takserver-fig-core/rol/build.gradle
+++ b/src/takserver-fig-core/rol/build.gradle
@@ -28,15 +28,18 @@ apply plugin: 'idea'
 //apply plugin: 'com.github.johnrengelman.shadow'
 
 dependencies {
+
     implementation group: 'org.slf4j', name: 'log4j-over-slf4j', version: slf4j_version
 
     // antlr dependencies
     antlr 'org.antlr:antlr4:' + antlr_version
 
     // test dependencies
+    testImplementation project(':federation-common')
+    implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: jackson_version
+    implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: jackson_version
     testImplementation 'junit:junit:' + junit_version
     testImplementation('ch.qos.logback:logback-classic:' + logback_version)
-    testImplementation 'com.google.guava:guava:' +  guava_version
 
     // main dependencies
     api 'com.google.code.gson:gson:' + gson_version
@@ -44,8 +47,6 @@ dependencies {
     api group: 'com.google.code.gson', name: 'gson', version:gson_version
     compileOnly 'org.slf4j:slf4j-api:' + slf4j_version
 
-    implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: jackson_version
-    implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: jackson_version
 }
 
 def od = new File("${project.buildDir}/generated-src/antlr/main".toString())
diff --git a/src/takserver-fig-core/rol/gradle.properties b/src/takserver-fig-core/rol/gradle.properties
index 411ed3f3..969ede1d 100644
--- a/src/takserver-fig-core/rol/gradle.properties
+++ b/src/takserver-fig-core/rol/gradle.properties
@@ -1,4 +1,5 @@
-antlr_version=4.5.1
+#antlr_version=4.5.1
+antlr_version=4.10.1
 junit_version=4.12
 guava_version=19.0
 gson_version=2.3.1
diff --git a/src/takserver-fig-core/rol/src/main/antlr/mil/af/rl/rol/Rol.g4 b/src/takserver-fig-core/rol/src/main/antlr/mil/af/rl/rol/Rol.g4
index 87684d2c..56d62788 100644
--- a/src/takserver-fig-core/rol/src/main/antlr/mil/af/rl/rol/Rol.g4
+++ b/src/takserver-fig-core/rol/src/main/antlr/mil/af/rl/rol/Rol.g4
@@ -53,7 +53,7 @@ valuearray : LSBRACKET value (',' value)* RSBRACKET | LSBRACKET RSBRACKET ;
 value : STRING | IDENT | NUMBER | parameters | valuearray | 'true' | 'false' ;
 
 // identifier
-IDENT : [a-zA-Z0-9_\.]+ ;
+IDENT : [a-zA-Z0-9_.]+ ;
 
 // primitive types
 STRING :  DBLQUOTE (ESC | ~["\\])* DBLQUOTE ;
diff --git a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/CompoundRoleAssignmentVisitorTests.java b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/CompoundRoleAssignmentVisitorTests.java
index b5aa8a85..6459fbff 100644
--- a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/CompoundRoleAssignmentVisitorTests.java
+++ b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/CompoundRoleAssignmentVisitorTests.java
@@ -42,7 +42,7 @@ public class CompoundRoleAssignmentVisitorTests {
     public void execute() throws Exception {
         
         // parse and visit test programs
-        for (File rolFile : com.google.common.io.Files.fileTreeTraverser().preOrderTraversal(new File(getClass().getResource(ASSERTION_EXP_ROL_PATH).toURI()))) {
+        for (File rolFile : com.google.common.io.Files.fileTraverser().depthFirstPreOrder(new File(getClass().getResource(ASSERTION_EXP_ROL_PATH).toURI()))) {
             if (rolFile.isFile() && (rolFile.getName().toLowerCase().equals("role_assign_compound_safety_inspector__or.rol")) ||
                     (rolFile.getName().toLowerCase().equals("role_assign_compound_safety_inspector__and.rol")) ||
                     (rolFile.getName().toLowerCase().equals("role_assign_compound_safety_inspector__paren_or.rol")) ||
diff --git a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/DataFeedRolTests.java b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/DataFeedRolTests.java
index 4eb75e63..37d11718 100644
--- a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/DataFeedRolTests.java
+++ b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/DataFeedRolTests.java
@@ -4,18 +4,17 @@
 
 import java.io.File;
 import java.io.FileInputStream;
-import java.util.concurrent.atomic.AtomicInteger;
 
 import org.antlr.v4.runtime.ANTLRInputStream;
 import org.antlr.v4.runtime.BailErrorStrategy;
 import org.antlr.v4.runtime.CommonTokenStream;
 import org.antlr.v4.runtime.tree.ParseTree;
 import org.junit.Test;
-import com.google.common.base.Charsets;
-import com.google.common.io.Files;
 
 import mil.af.rl.rol.value.Parameters;
 
+import tak.server.federation.rol.MissionRolVisitor;
+
 public class DataFeedRolTests {
 		  
 	    private static final String ROL_RESOURCE_DATA_FEED_PATH = File.separator + "rol" + File.separator + "datafeed" + File.separator;
@@ -23,7 +22,7 @@ public class DataFeedRolTests {
 	    @Test
 	    public void execute() throws Exception {
 	        // parse and visit test programs
-	        for (File rolFile : com.google.common.io.Files.fileTreeTraverser().preOrderTraversal(new File(getClass().getResource(ROL_RESOURCE_DATA_FEED_PATH).toURI()))) {
+	        for (File rolFile : com.google.common.io.Files.fileTraverser().depthFirstPreOrder(new File(getClass().getResource(ROL_RESOURCE_DATA_FEED_PATH).toURI()))) {
 	            if (rolFile.isFile() && (rolFile.getName().toLowerCase().endsWith(".rol"))) {
 
 	                RolLexer lexer = new RolLexer(new ANTLRInputStream(new FileInputStream(rolFile)));
diff --git a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/MissionPackageRolTests.java b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/MissionPackageRolTests.java
index 8f4b6fdc..866f2dfb 100644
--- a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/MissionPackageRolTests.java
+++ b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/MissionPackageRolTests.java
@@ -4,7 +4,8 @@
 import java.io.File;
 import java.io.FileInputStream;
 
-import mil.af.rl.rol.value.Parameters;
+import com.google.common.base.Charsets;
+import com.google.common.io.Files;
 
 import org.antlr.v4.runtime.ANTLRInputStream;
 import org.antlr.v4.runtime.BailErrorStrategy;
@@ -14,8 +15,10 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.base.Charsets;
-import com.google.common.io.Files;
+import mil.af.rl.rol.value.Parameters;
+
+import tak.server.federation.rol.MissionRolVisitor;
+
 
 /*
  *
@@ -35,7 +38,7 @@ public class MissionPackageRolTests {
     public void execute() throws Exception {
 
         // parse and visit test programs
-        for (File rolFile : com.google.common.io.Files.fileTreeTraverser().preOrderTraversal(new File(getClass().getResource(ROL_RESOURCE_MP_PATH).toURI()))) {
+        for (File rolFile : com.google.common.io.Files.fileTraverser().depthFirstPreOrder(new File(getClass().getResource(ROL_RESOURCE_MP_PATH).toURI()))) {
             if (rolFile.isFile() && (rolFile.getName().toLowerCase().endsWith(".rol"))) {
 
                 logger.debug("Testing ROL program: " + rolFile.getName() + " " + Files.toString(rolFile, Charsets.UTF_8));
diff --git a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/MissionRolTests.java b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/MissionRolTests.java
index fdb1b636..8da01d71 100644
--- a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/MissionRolTests.java
+++ b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/MissionRolTests.java
@@ -4,7 +4,8 @@
 import java.io.File;
 import java.io.FileInputStream;
 
-import mil.af.rl.rol.value.Parameters;
+import com.google.common.base.Charsets;
+import com.google.common.io.Files;
 
 import org.antlr.v4.runtime.ANTLRInputStream;
 import org.antlr.v4.runtime.BailErrorStrategy;
@@ -14,9 +15,9 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.base.Charsets;
-import com.google.common.io.Files;
+import mil.af.rl.rol.value.Parameters;
 
+import tak.server.federation.rol.MissionRolVisitor;
 /*
  *
  * ROL Mission Federation Tests
@@ -35,7 +36,7 @@ public class MissionRolTests {
     public void execute() throws Exception {
 
         // parse and visit test programs
-        for (File rolFile : com.google.common.io.Files.fileTreeTraverser().preOrderTraversal(new File(getClass().getResource(ROL_RESOURCE_MISSION_PATH).toURI()))) {
+        for (File rolFile : com.google.common.io.Files.fileTraverser().depthFirstPreOrder(new File(getClass().getResource(ROL_RESOURCE_MISSION_PATH).toURI()))) {
             if (rolFile.isFile() && (rolFile.getName().toLowerCase().endsWith(".rol"))) {
 
                 logger.debug("Testing ROL program: " + rolFile.getName() + " " + Files.toString(rolFile, Charsets.UTF_8));
diff --git a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/OperationConstraintsVisitorTests.java b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/OperationConstraintsVisitorTests.java
index d806030b..fa537256 100644
--- a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/OperationConstraintsVisitorTests.java
+++ b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/OperationConstraintsVisitorTests.java
@@ -37,7 +37,7 @@ public class OperationConstraintsVisitorTests {
     public void execute() throws Exception {
         
         // parse and visit test programs
-        for (File rolFile : com.google.common.io.Files.fileTreeTraverser().preOrderTraversal(new File(getClass().getResource(CONSTRAINTS_ROL_PATH).toURI()))) {
+        for (File rolFile : com.google.common.io.Files.fileTraverser().depthFirstPreOrder(new File(getClass().getResource(CONSTRAINTS_ROL_PATH).toURI()))) {
             if (rolFile.isFile() && rolFile.getName().toLowerCase().endsWith(".rol")) {
                 
                 logger.debug("Testing ROL program: " + rolFile.getName() + " " + Files.toString(rolFile, Charsets.UTF_8));
diff --git a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/RolMissionPackageTests.java b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/RolMissionPackageTests.java
index 7b094918..4224ff8b 100644
--- a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/RolMissionPackageTests.java
+++ b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/RolMissionPackageTests.java
@@ -42,7 +42,7 @@ public void parser() throws Exception {
 
         int count = 0;
 
-        for (File rolFile : com.google.common.io.Files.fileTreeTraverser().preOrderTraversal(rolDir)) {
+        for (File rolFile : com.google.common.io.Files.fileTraverser().depthFirstPreOrder(rolDir)) {
             if (rolFile.isFile() && rolFile.getName().toLowerCase().endsWith(".rol")) {
 
                 RolLexer lexer = new RolLexer(new ANTLRInputStream(new FileInputStream(rolFile)));
diff --git a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/RolTests.java b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/RolTests.java
index a7a20aec..79983397 100644
--- a/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/RolTests.java
+++ b/src/takserver-fig-core/rol/src/test/java/mil/af/rl/rol/RolTests.java
@@ -41,7 +41,7 @@ public void parser() throws Exception {
 
         int count = 0;
 
-        for (File rolFile : com.google.common.io.Files.fileTreeTraverser().preOrderTraversal(rolDir)) {
+        for (File rolFile : com.google.common.io.Files.fileTraverser().depthFirstPreOrder(rolDir)) {
             if (rolFile.isFile() && rolFile.getName().toLowerCase().endsWith(".rol")) {
 
                 RolLexer lexer = new RolLexer(new ANTLRInputStream(new FileInputStream(rolFile)));
diff --git a/src/takserver-fig-core/src/main/java/com/bbn/roger/fig/FederationUtils.java b/src/takserver-fig-core/src/main/java/com/bbn/roger/fig/FederationUtils.java
index 4ab2261a..73ee07f8 100644
--- a/src/takserver-fig-core/src/main/java/com/bbn/roger/fig/FederationUtils.java
+++ b/src/takserver-fig-core/src/main/java/com/bbn/roger/fig/FederationUtils.java
@@ -13,7 +13,7 @@
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
-import javax.xml.bind.DatatypeConverter;
+import jakarta.xml.bind.DatatypeConverter;
 
 import com.google.common.base.Strings;
 import com.google.common.base.Throwables;
diff --git a/src/takserver-fig-core/src/main/java/com/bbn/roger/fig/FigProtocolNegotiator.java b/src/takserver-fig-core/src/main/java/com/bbn/roger/fig/FigProtocolNegotiator.java
index 860fa4d8..246879a9 100644
--- a/src/takserver-fig-core/src/main/java/com/bbn/roger/fig/FigProtocolNegotiator.java
+++ b/src/takserver-fig-core/src/main/java/com/bbn/roger/fig/FigProtocolNegotiator.java
@@ -213,8 +213,8 @@ public void userEventTriggered0(ChannelHandlerContext ctx, Object evt) throws Ex
                         // validate as we go
                         SSLSession sslSession = checkNotNull(checkNotNull(checkNotNull(handler).engine(), "FIG Netty handler SSLEngine").getSession(), "FIG server SSL Session");
 
-                        checkNotNull(sslSession.getPeerCertificateChain());
-                        checkState(sslSession.getPeerCertificateChain().length > 0);
+                        checkNotNull(sslSession.getPeerCertificates());
+                        checkState(sslSession.getPeerCertificates().length > 0);
 
                         X509Certificate[] certs = new X509Certificate[sslSession.getPeerCertificates().length];
                         for (int i = 0; i < sslSession.getPeerCertificates().length; i++) {
diff --git a/src/takserver-package/build.gradle b/src/takserver-package/build.gradle
index a5c236a5..11641d0d 100644
--- a/src/takserver-package/build.gradle
+++ b/src/takserver-package/build.gradle
@@ -157,6 +157,9 @@ chmod 755 /opt/tak/utils
 mkdir -p /opt/tak/logs
 chown tak:tak /opt/tak/logs
 chmod 755 /opt/tak/logs
+if [ -f "/opt/tak/TAKIgniteConfig.xml" ]; then
+    chown -f tak:tak /opt/tak/TAKIgniteConfig.xml 2>/dev/null
+fi
 if [ -f "/opt/tak/CoreConfig.xml" ]; then
     chown -f tak:tak /opt/tak/CoreConfig.xml 2>/dev/null
 fi
@@ -215,7 +218,6 @@ if [ -f /etc/debian_version ]; then
     sh /opt/tak/setup-for-extracted-war.sh
 fi
 
-
 sudo /opt/tak/db-utils/takserver-setup-db.sh
 
 echo "By default, TAK Server requires a keystore and truststore (X.509 certificates). Follow the instructions in Appendix B of the configuration guide to create these certificates."
@@ -261,8 +263,10 @@ prePackage.dependsOn copyCoreConfigExample
 prePackage.dependsOn copyCoreScripts
 prePackage.dependsOn copyDbScripts
 prePackage.dependsOn copyDocs
+prePackage.dependsOn copySwagger
 prePackage.dependsOn copyPolicy
 prePackage.dependsOn copyLicense
+prePackage.dependsOn copyConfigScripts
 prePackage.dependsOn copyAPIScripts
 prePackage.dependsOn copyPluginsJar
 prePackage.dependsOn copyPluginsScripts
diff --git a/src/takserver-package/federation-hub/build.gradle b/src/takserver-package/federation-hub/build.gradle
index 115fbee8..b9ebb2f6 100644
--- a/src/takserver-package/federation-hub/build.gradle
+++ b/src/takserver-package/federation-hub/build.gradle
@@ -49,6 +49,7 @@ task copyFedHubJars(type: Copy) {
 task copyFedHubScripts(type: Copy) {
     from getRootProject().subprojects.collect { "${it.projectDir}/scripts" }
     include 'federation-hub*'
+    include 'db/'
     into "$buildDir/artifacts/scripts"
 }
 
@@ -58,6 +59,18 @@ task copyCertScripts(type: Copy) {
     into "$buildDir/artifacts/certs"
 }
 
+task copySELinuxPolicy(type: Copy) {
+    from project(':takserver-core').file('scripts/utils')
+    include 'takserver-policy.te'
+    into "$buildDir/artifacts"
+}
+
+task copySELinuxScript(type: Copy) {
+    from project(':takserver-core').file('scripts')
+    include 'apply-selinux.sh'
+    into "$buildDir/artifacts"
+}
+
 // RPM pre-install script.
 def preinstall_script_federation_hub = '''\
 
@@ -90,6 +103,7 @@ if [ -d "/opt/tak/federation-hub/configs" ] ; then
     mkdir -p /opt/tak/federation-hub/backup-configs
     cp -fr /opt/tak/federation-hub/configs/* /opt/tak/federation-hub/backup-configs/
 fi
+
 '''
 
 // RPM post-install script.
@@ -104,6 +118,9 @@ fi
 
 chown -fR tak:tak /opt/tak/federation-hub/configs
 
+# Set permissions on selinux configuration files and scripts.
+chmod 544 /opt/tak/federation-hub/*.sh
+
 # Set permissions on configuration files and scripts.
 chmod 644 /opt/tak/federation-hub/configs/*.xml 
 chmod 644 /opt/tak/federation-hub/configs/*.yml
@@ -111,6 +128,9 @@ chmod 644 /opt/tak/federation-hub/configs/*.yml
 chmod 544 /opt/tak/federation-hub/scripts/*.sh
 chmod u+w /opt/tak/federation-hub/scripts/*.sh
 
+chmod 544 /opt/tak/federation-hub/scripts/db/*.sh
+chmod u+w /opt/tak/federation-hub/scripts/db/*.sh
+
 # Set permissions on certificate scripts.
 chmod 500 /opt/tak/federation-hub/certs/*.sh
 chmod 600 /opt/tak/federation-hub/certs/cert-metadata.sh
@@ -129,6 +149,9 @@ cp /opt/tak/federation-hub/scripts/federation-hub-broker /etc/init.d
 cp /opt/tak/federation-hub/scripts/federation-hub-policy /etc/init.d
 cp /opt/tak/federation-hub/scripts/federation-hub-ui /etc/init.d
 
+# Add mongo repo to yum
+cp /opt/tak/federation-hub/scripts/db/mongodb-org.repo /etc/yum.repos.d/mongodb-org.repo
+
 # Set up logging directory.
 mkdir -p /opt/tak/federation-hub/logs
 chown tak:tak /opt/tak/federation-hub/logs
@@ -174,7 +197,8 @@ case "$1" in
  0|remove)
         # Delete user if TAK server is not running.
         if [ `service --status-all | grep -Fc 'takserver-messaging'` -eq 0 ] && \
-           [ `service --status-all | grep -Fc 'takserver-api'` -eq 0 ]
+           [ `service --status-all | grep -Fc 'takserver-api'` -eq 0 ] && \
+           [ `service --status-all | grep -Fc 'takserver-config'` -eq 0 ]
         then
             echo "Deleting tak user"
             userdel tak
@@ -208,7 +232,7 @@ boundaries of different networks participating in a TAK deployment. It can be ru
 with or without a co-located TAK server.
 '''
     license = '(c)2013-2021 Raytheon BBN. Licensed to US Government with unlimited rights.'
-    url = 'https://atakmap.com'
+    url = 'https://tak.gov'
     summary = 'Team Awareness Kit (TAK) Federation Hub'
 
     preInstall preinstall_script_federation_hub
@@ -237,6 +261,8 @@ prePackage.dependsOn copyFedHubJars
 prePackage.dependsOn copyFedHubScripts
 prePackage.dependsOn copyCertScripts
 prePackage.dependsOn copyLicense
+prePackage.dependsOn copySELinuxPolicy
+prePackage.dependsOn copySELinuxScript
 
 buildRpm.dependsOn prePackage
 
@@ -275,6 +301,11 @@ task createFedhubDockerLogDir() {
     }
 }
 
+task deleteNonDockerFedhubBrokerConfig(type : Delete) {
+    delete "$buildDir/artifacts/configs/federation-hub-broker.yml"
+    delete "$buildDir/artifacts/configs/federation-hub-broker-docker.yml"
+}
+
 def copyFedhubVersionFile = copyFedhubVersionFileDef()
 def copyFedhubResources = copyFedhubResourcesDef()
 def copyFedhubDocker = copyFedhubDockerDef()
@@ -286,7 +317,7 @@ task constructFedhubDockerZip(type: Zip) {
     dependsOn createVersionFile
     dependsOn createFedhubDockerLogDir
     dependsOn buildRpm
-
+   
     archiveName 'takserver-fedhub-docker-' + version + '.zip'
     duplicatesStrategy 'fail'
     destinationDir(file("$buildDir/distributions"))
@@ -298,4 +329,12 @@ task constructFedhubDockerZip(type: Zip) {
     with copyFedhubDocker.into('docker')
     with copyCertsSetup.into('tak/certs')
     with copyDocsToTopLevel.into('./')
+    
+    dependsOn deleteNonDockerFedhubBrokerConfig
+    
+    from(project(':federation-hub-broker').file('src/main/resources')) {
+    	include('federation-hub-broker-docker.yml')
+		rename('federation-hub-broker-docker.yml', 'federation-hub-broker.yml')
+		into('tak/federation-hub/configs')
+	}
 }
diff --git a/src/takserver-package/launcher/build.gradle b/src/takserver-package/launcher/build.gradle
index 48dbe012..1569a50c 100644
--- a/src/takserver-package/launcher/build.gradle
+++ b/src/takserver-package/launcher/build.gradle
@@ -61,6 +61,11 @@ chmod 644 /opt/tak/logging-restrictsize.xml
 chmod 544 /opt/tak/*.bat
 chmod 544 /opt/tak/*.sh
 
+chmod 544 /opt/tak/config/*.sh
+chmod u+w /opt/tak/config/takserver-config.sh
+cp /opt/tak/config/takserver-config.sh /opt/tak
+chown -f tak:tak /opt/tak/takserver-config.sh 2>/dev/null
+
 chmod 544 /opt/tak/messaging/*.sh
 chmod u+w /opt/tak/messaging/takserver-messaging.sh
 cp /opt/tak/messaging/takserver-messaging.sh /opt/tak
@@ -83,6 +88,11 @@ chown -f tak:tak /opt/tak/takserver-retention.sh 2>/dev/null
 chmod 500 /opt/tak/certs/*.sh
 chmod 600 /opt/tak/certs/cert-metadata.sh
 
+chown root:root /opt/tak/config/takserver-config
+chmod 755 /opt/tak/config/takserver-config
+cp /opt/tak/config/takserver-config /etc/init.d
+rm -rf /opt/tak/config
+
 chown root:root /opt/tak/messaging/takserver-messaging
 chmod 755 /opt/tak/messaging/takserver-messaging
 cp /opt/tak/messaging/takserver-messaging /etc/init.d
@@ -141,6 +151,9 @@ chmod 755 /opt/tak/utils
 mkdir -p /opt/tak/logs
 chown tak:tak /opt/tak/logs
 chmod 755 /opt/tak/logs
+if [ -f "/opt/tak/TAKIgniteConfig.xml" ]; then
+    chown -f tak:tak /opt/tak/TAKIgniteConfig.xml 2>/dev/null
+fi
 if [ -f "/opt/tak/CoreConfig.xml" ]; then
     chown -f tak:tak /opt/tak/CoreConfig.xml 2>/dev/null
 fi
@@ -226,6 +239,7 @@ prePackage.dependsOn copyPluginsJar
 prePackage.dependsOn copyRetentionJar
 prePackage.dependsOn copyCoreConfigXSD
 prePackage.dependsOn copyCoreConfigExample
+prePackage.dependsOn copyConfigScripts
 prePackage.dependsOn copyMessagingScripts
 prePackage.dependsOn copyAPIScripts
 prePackage.dependsOn copyPluginsScripts
diff --git a/src/takserver-package/takserver/build.gradle b/src/takserver-package/takserver/build.gradle
index 79981e6f..aa5b6f04 100644
--- a/src/takserver-package/takserver/build.gradle
+++ b/src/takserver-package/takserver/build.gradle
@@ -11,7 +11,7 @@ apply from: "../utils/utils.gradle"
 task copyLauncherScripts(type: Copy) {
     from project(':takserver-core').file('scripts')
     into "$buildDir/takArtifacts"
-    exclude 'utils*', 'messaging*', 'API*', 'plugins*', 'retention*', 'takserver.sh'
+    exclude 'config*', 'utils*', 'messaging*', 'API*', 'plugins*', 'retention*', 'takserver.sh'
 }
 
 // rpm postinstall script
@@ -26,6 +26,11 @@ chmod 644 /opt/tak/logging-restrictsize.xml
 chmod 544 /opt/tak/*.bat
 chmod 544 /opt/tak/*.sh
 
+chmod 544 /opt/tak/config/*.sh
+chmod u+w /opt/tak/config/takserver-config.sh
+cp /opt/tak/config/takserver-config.sh /opt/tak
+chown -f tak:tak /opt/tak/takserver-config.sh 2>/dev/null
+
 chmod 544 /opt/tak/messaging/*.sh
 chmod u+w /opt/tak/messaging/takserver-messaging.sh
 cp /opt/tak/messaging/takserver-messaging.sh /opt/tak
@@ -48,6 +53,11 @@ chown -f tak:tak /opt/tak/takserver-retention.sh 2>/dev/null
 chmod 500 /opt/tak/certs/*.sh
 chmod 600 /opt/tak/certs/cert-metadata.sh
 
+chown root:root /opt/tak/config/takserver-config
+chmod 755 /opt/tak/config/takserver-config
+cp /opt/tak/config/takserver-config /etc/init.d
+rm -rf /opt/tak/config
+
 chown root:root /opt/tak/messaging/takserver-messaging
 chmod 755 /opt/tak/messaging/takserver-messaging
 cp /opt/tak/messaging/takserver-messaging /etc/init.d
@@ -106,6 +116,9 @@ chmod 755 /opt/tak/utils
 mkdir -p /opt/tak/logs
 chown tak:tak /opt/tak/logs
 chmod 755 /opt/tak/logs
+if [ -f "/opt/tak/TAKIgniteConfig.xml" ]; then
+    chown -f tak:tak /opt/tak/TAKIgniteConfig.xml 2>/dev/null
+fi
 if [ -f "/opt/tak/CoreConfig.xml" ]; then
     chown -f tak:tak /opt/tak/CoreConfig.xml 2>/dev/null
 fi
@@ -208,6 +221,7 @@ prePackage.dependsOn copyJars
 prePackage.dependsOn copyWars
 prePackage.dependsOn copyCoreConfigXSD
 prePackage.dependsOn copyCoreConfigExample
+prePackage.dependsOn copyConfigScripts
 prePackage.dependsOn copyMessagingScripts
 prePackage.dependsOn copyAPIScripts
 prePackage.dependsOn copyPluginsJar
diff --git a/src/takserver-package/utils/utils.gradle b/src/takserver-package/utils/utils.gradle
index 2131a4a7..3a6d7d95 100644
--- a/src/takserver-package/utils/utils.gradle
+++ b/src/takserver-package/utils/utils.gradle
@@ -21,7 +21,7 @@ task copyWars(type: Copy) {
 	exclude 'takserver-war*', 'takserver-war-*.war'
 }
 
-// Get CoreConfig.xsd, other XSDs
+// Get CoreConfig.xsd and other XSDs including the TAKIgniteConfig.xsd
 task copyCoreConfigXSD(type: Copy) {
 	from project(':takserver-common').file('src/main/xsd')
 	include '*.xsd'
@@ -31,7 +31,7 @@ task copyCoreConfigXSD(type: Copy) {
 // Get CoreConfig.example.xml
 task copyCoreConfigExample(type: Copy) {
 	from project(':takserver-core').file('example/')
-	include 'CoreConfig.example.xml', 'logging-restrictsize.xml'
+	include 'TAKIgniteConfig.example.xml', 'CoreConfig.example.xml', 'logging-restrictsize.xml'
 	into "$buildDir/takArtifacts"
 }
 
@@ -39,7 +39,7 @@ task copyCoreConfigExample(type: Copy) {
 task copyCoreScripts(type: Copy) {
 	from project(':takserver-core').file('scripts')
 	into "$buildDir/takArtifacts"
-	exclude 'utils','messaging*', 'API*', 'plugins*', 'retention*', "launcher*", 'takserver.sh'
+	exclude 'config*', 'utils','messaging*', 'API*', 'plugins*', 'retention*', "launcher*", 'takserver.sh'
 }
 
 // Copy docs
@@ -49,6 +49,13 @@ task copyDocs(type: Copy) {
 	into "$buildDir/takArtifacts/docs"
 }
 
+// Copy swagger files
+task copySwagger(type: Copy) {
+	from project(':takserver-core').file('oas')
+	include '*.html'
+	into "$buildDir/takArtifacts/oas"
+}
+
 // Copy selinux policy
 task copyPolicy(type: Copy) {
 	from project(':takserver-core').file('scripts/utils')
@@ -108,22 +115,29 @@ task copyJarsNoDb(type: Copy) {
 			'federation-hub-*', 'federation-common-*', 'takserver-protobuf-*'
 }
 
-// Copy scripts
+// Copy Configuration Microervice scripts
+task copyConfigScripts(type: Copy) {
+	from project(':takserver-core').file('scripts')
+	into "$buildDir/takArtifacts"
+	exclude 'utils*', 'messaging*', 'API*', 'plugins*', 'retention*', 'launcher*', 'takserver.sh'
+}
+
+// Copy API Microervice scripts
 task copyAPIScripts(type: Copy) {
 	from project(':takserver-core').file('scripts')
 	into "$buildDir/takArtifacts"
-	exclude 'utils*', 'messaging*', 'plugins*', 'retention*', 'launcher*', 'takserver.sh'
+	exclude 'config*', 'utils*', 'messaging*', 'plugins*', 'retention*', 'launcher*', 'takserver.sh'
 }
 
-// Copy scripts
+// Copy Messaging Microervice scripts
 task copyMessagingScripts(type: Copy) {
 	from project(':takserver-core').file('scripts')
 	into "$buildDir/takArtifacts"
-	exclude 'utils*', 'API*', 'launcher*', 'plugins*', 'retention*', 'takserver.sh'
+	exclude 'config*', 'utils*', 'API*', 'launcher*', 'plugins*', 'retention*', 'takserver.sh'
 }
 
 // Copy scripts
-task copyLauncherAndMessagingScripts(type: Copy) {
+task copyLauncherAndConfigAndMessagingScripts(type: Copy) {
 	from project(':takserver-core').file('scripts')
 	into "$buildDir/takArtifacts"
 	exclude 'utils*', 'API*', 'plugins*', 'retention*', 'takserver.sh'
@@ -245,7 +259,7 @@ task createDockerDirs() {
 def copyCoreDockerFilesSpec() {
 	return from('build/takArtifacts') {
 		exclude('db-utils/pg_hba.conf', 'db-utils/postgresql.conf',
-				'CoreConfig.example.xml', 'takserver-plugins.sh', 'takserver-plugins-cluster.sh',
+				'TAKIgniteConfig.example.xml', 'CoreConfig.example.xml', 'takserver-plugins.sh', 'takserver-plugins-cluster.sh',
 				'takserver-plugins', 'takserver-pm.jar', 'takserver-retention.jar', 'mission-archive', 'retention')
 	}
 }
@@ -300,7 +314,7 @@ task constructDockerZip(type: Zip) {
 	dependsOn (':takserver-package:prePackage')
 	dependsOn copyCoreScripts
 	dependsOn copyDbScripts
-	dependsOn copyLauncherAndMessagingScripts
+	dependsOn copyLauncherAndConfigAndMessagingScripts
 	dependsOn createVersionFile
 
 	archiveName 'takserver-docker-' + version + '.zip'
@@ -310,7 +324,7 @@ task constructDockerZip(type: Zip) {
 
 	from('build/takArtifacts') {
 		exclude('db-utils/pg_hba.conf', 'db-utils/postgresql.conf',
-				'CoreConfig.example.xml', 'takserver-plugins.sh', 'takserver-plugins-cluster.sh',
+				'TAKIgniteConfig.example.xml', 'CoreConfig.example.xml', 'takserver-plugins.sh', 'takserver-plugins-cluster.sh',
 				'takserver-plugins', 'takserver-pm.jar', 'takserver-retention.jar', 'mission-archive', 'retention')
 		into('tak')
 	}
@@ -349,8 +363,10 @@ task constructDockerZip(type: Zip) {
 
 	// Include the standard docker CoreConfig.xml
 	from(project(':takserver-core').file('example')) {
+		include('TAKIgniteConfig.example.xml')
 		include('CoreConfig.example.docker.xml')
 		rename('CoreConfig.example.docker.xml', 'tak/CoreConfig.example.xml')
+		rename('TAKIgniteConfig.example.xml', 'tak/TAKIgniteConfig.example.xml')
 	}
 
 	from(project(':takserver-core').file('docker')) {
@@ -380,7 +396,7 @@ task constructIronbankDBZip(type: Zip) {
 	dependsOn createDockerDirs
 	dependsOn createVersionFile
 	dependsOn fetchRpmsForHardenedDocker
-	dependsOn copyLauncherAndMessagingScripts
+	dependsOn copyLauncherAndConfigAndMessagingScripts
 
 	archiveName 'takserver-ironbank-db-' + version + '.zip'
 	duplicatesStrategy 'fail'
@@ -402,6 +418,7 @@ task constructIronbankDBZip(type: Zip) {
 
 	// Include the hardened docker CoreConfig.xml
 	from(project(':takserver-core').file('example')) {
+		include('TAKIgniteConfig.example.xml')
 		include('CoreConfig.example.docker-hardened.xml')
 		rename('CoreConfig.example.docker-hardened.xml', 'CoreConfig.example.xml')
 	}
@@ -418,7 +435,7 @@ task constructHardenedDockerZip(type: Zip) {
 	dependsOn createDockerDirs
 	dependsOn createVersionFile
 	dependsOn fetchRpmsForHardenedDocker
-	dependsOn copyLauncherAndMessagingScripts
+	dependsOn copyLauncherAndConfigAndMessagingScripts
 
 
 	archiveName 'takserver-docker-hardened-' + version + '.zip'
@@ -428,7 +445,7 @@ task constructHardenedDockerZip(type: Zip) {
 
 	from('build/takArtifacts') {
 		exclude('db-utils/pg_hba.conf', 'db-utils/postgresql.conf',
-				'CoreConfig.example.xml', 'takserver-plugins.sh', 'takserver-plugins-cluster.sh',
+				'TAKIgniteConfig.example.xml', 'CoreConfig.example.xml', 'takserver-plugins.sh', 'takserver-plugins-cluster.sh',
 				'takserver-plugins', 'takserver-pm.jar', 'takserver-retention.jar', 'mission-archive', 'retention', 'db-utils/takserver-setup-db.sh')
 		into('tak')
 	}
@@ -465,10 +482,12 @@ task constructHardenedDockerZip(type: Zip) {
 		into('tak')
 	}
 
-	// Include the hardened CoreConfig.xml
+	// Include the hardened CoreConfig.xml and TAKIgniteConfig.example.xml
 	from(project(':takserver-core').file('example')) {
+		include('TAKIgniteConfig.example.xml')
 		include('CoreConfig.example.docker-hardened.xml')
 		rename('CoreConfig.example.docker-hardened.xml', 'tak/CoreConfig.example.xml')
+		rename('TAKIgniteConfig.example.xml', 'tak/TAKIgniteConfig.example.xml')
 	}
 
 	from(project(':takserver-core').file('docker')) {
@@ -499,7 +518,7 @@ task constructHardenedDockerZip(type: Zip) {
 
 task constructFullDockerZip(type: Zip) {
 	dependsOn createDockerDirs
-	dependsOn copyLauncherAndMessagingScripts
+	dependsOn copyLauncherAndConfigAndMessagingScripts
 	dependsOn createVersionFile
 	dependsOn (':takserver-package:prePackage')
 
@@ -512,7 +531,7 @@ task constructFullDockerZip(type: Zip) {
 
 	from('build/takArtifacts') {
 		exclude('db-utils/pg_hba.conf', 'db-utils/postgresql.conf',
-				'CoreConfig.example.xml', 'takserver-plugins.sh', 'takserver-plugins-cluster.sh',
+				'TAKIgniteConfig.example.xml', 'CoreConfig.example.xml', 'takserver-plugins.sh', 'takserver-plugins-cluster.sh',
 				'takserver-plugins', 'takserver-pm.jar', 'takserver-retention.jar', 'mission-archive', 'retention')
 		into('tak')
 	}
@@ -553,10 +572,12 @@ task constructFullDockerZip(type: Zip) {
 		into('tak')
 	}
 
-	// Include the standard docker CoreConfig.xml
+	// Include the standard docker CoreConfig.xml and TAKIgniteConfig.example.xml
 	from(project(':takserver-core').file('example')) {
+		include('TAKIgniteConfig.example.xml')
 		include('CoreConfig.example.docker.xml')
-		rename('(.*)', 'tak/CoreConfig.example.xml')
+ 		rename('CoreConfig.example.docker.xml', 'tak/CoreConfig.example.xml')
+		rename('TAKIgniteConfig.example.xml', 'tak/TAKIgniteConfig.example.xml')
 	}
 
 	from(project(':takserver-core').file('docker')) {
@@ -589,7 +610,7 @@ task constructFullDockerZip(type: Zip) {
 
 task constructHardenedFullDockerZip(type: Zip) {
 	dependsOn createDockerDirs
-	dependsOn copyLauncherAndMessagingScripts
+	dependsOn copyLauncherAndConfigAndMessagingScripts
 	dependsOn createVersionFile
 	dependsOn fetchRpmsForHardenedDocker
 	dependsOn createLogDir
@@ -604,7 +625,7 @@ task constructHardenedFullDockerZip(type: Zip) {
 
 	from('build/takArtifacts') {
 		exclude('db-utils/pg_hba.conf', 'db-utils/postgresql.conf',
-				'CoreConfig.example.xml', 'takserver-plugins.sh', 'takserver-plugins-cluster.sh',
+				'TAKIgniteConfig.example.xml', 'CoreConfig.example.xml', 'takserver-plugins.sh', 'takserver-plugins-cluster.sh',
 				'takserver-plugins', 'takserver-pm.jar', 'takserver-retention.jar', 'mission-archive', 'retention')
 		into('tak')
 	}
@@ -633,10 +654,12 @@ task constructHardenedFullDockerZip(type: Zip) {
 		into('tak')
 	}
 
-	// Include the standard docker CoreConfig.xml
+	// Include the standard docker CoreConfig.xml and TAKIgniteConfig.example.xml
 	from(project(':takserver-core').file('docker/hardened/full')) {
+		include('TAKIgniteConfig.example.xml')
 		include('CoreConfig.example.docker-hardened-full.xml')
-		rename('(.*)', 'tak/CoreConfig.example.xml')
+		rename('CoreConfig.example.docker-hardened-full.xml', 'tak/CoreConfig.example.xml')
+		rename('TAKIgniteConfig.example.xml', 'tak/TAKIgniteConfig.example.xml')
 	}
 
 	from(project(':takserver-core').file('docker')) {
diff --git a/src/takserver-plugin-manager/build.gradle b/src/takserver-plugin-manager/build.gradle
index c195e1ae..3edc3565 100644
--- a/src/takserver-plugin-manager/build.gradle
+++ b/src/takserver-plugin-manager/build.gradle
@@ -10,7 +10,6 @@ import java.nio.file.Paths
 apply plugin: 'eclipse'
 apply plugin: 'idea'
 apply plugin: 'org.springframework.boot'
-apply plugin: 'io.spring.dependency-management'
 
 group = 'tak'
 
@@ -63,6 +62,14 @@ dependencies {
   implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: log4j_api_version
   implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: log4j_api_version
 
+  // required for audit log custom logging layout
+  implementation group: 'ch.qos.logback', name: 'logback-classic', version: logback_version
+  implementation group: 'ch.qos.logback.contrib', name: 'logback-jackson', version: logback_jackson_version
+  implementation group: 'ch.qos.logback.contrib', name: 'logback-json-classic', version: logback_jackson_version
+  // https://mvnrepository.com/artifact/org.codehaus.janino/janino License: BSD 3-Clause
+  // required for conditional processing of logback configuration
+  implementation group: 'org.codehaus.janino', name: 'janino', version: janino_version
+
   implementation(project(':takserver-common')) {
     exclude group: 'io.micrometer', module:'micrometer-registry-cloudwatch'
     exclude group: 'pull-parser'
@@ -80,7 +87,7 @@ dependencies {
    // nats message queue
   implementation group: 'io.nats', name: 'jnats', version: nats_version
 
-  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: spring_boot_version
 //  implementation group: 'org.springframework.boot', name: 'spring-boot-loader', version: spring_boot_version
 //  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jdbc', version: spring_boot_version
   implementation group: 'org.springframework', name: 'spring-context'
@@ -89,15 +96,17 @@ dependencies {
 
   implementation group: 'org.postgresql', name: 'postgresql', version: postgres_version
 
-  implementation group: 'org.hibernate', name: 'hibernate-spatial', version: hibernate_version
+  implementation group: 'org.hibernate.orm', name: 'hibernate-spatial', version: hibernate_version
 
     testImplementation group: 'junit', name: 'junit', version: junit_version
   testImplementation group: 'org.mockito', name: 'mockito-core', version: mockito_version
-  testImplementation("org.springframework.boot:spring-boot-starter-test") {
+  testImplementation("org.springframework.boot:spring-boot-starter-test:$spring_boot_version") {
     exclude group: "com.vaadin.external.google", module:"android-json"
   }
 
   testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: logback_version
+  
+  implementation group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: jakarta_xml_bind_api_version
 
 }
 
diff --git a/src/takserver-plugin-manager/src/main/java/tak/server/plugins/datalayer/PluginFileApiJDBC.java b/src/takserver-plugin-manager/src/main/java/tak/server/plugins/datalayer/PluginFileApiJDBC.java
index 46f90bb8..4cd63057 100644
--- a/src/takserver-plugin-manager/src/main/java/tak/server/plugins/datalayer/PluginFileApiJDBC.java
+++ b/src/takserver-plugin-manager/src/main/java/tak/server/plugins/datalayer/PluginFileApiJDBC.java
@@ -14,6 +14,7 @@
 import javax.naming.NamingException;
 import javax.sql.DataSource;
 
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -21,10 +22,7 @@
 import org.springframework.cache.CacheManager;
 import org.springframework.cache.Cache.ValueWrapper;
 
-import com.bbn.marti.remote.CoreConfig;
-import com.bbn.marti.remote.util.RemoteUtil;
 import com.bbn.marti.config.Cluster;
-import com.google.common.base.Strings;
 
 import tak.server.Constants;
 
@@ -40,19 +38,15 @@ public class PluginFileApiJDBC{
 	@Autowired
 	private CacheManager cacheManager;
 	
-	private CoreConfig coreConfig;
-	private Cluster clusterConfig;
 	private boolean esyncEnableCache = false;
 
-	
-	public PluginFileApiJDBC(CoreConfig coreConfig) {
-		
-		clusterConfig = coreConfig.getRemoteConfiguration().getCluster();
-		
+
+	public PluginFileApiJDBC() {
+
 		// 0 means false, disable esync cache
-		if (coreConfig.getRemoteConfiguration().getNetwork().getEsyncEnableCache() == 0) {
+		if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEsyncEnableCache() == 0) {
 			esyncEnableCache = false;
-		} else if (coreConfig.getRemoteConfiguration().getNetwork().getEsyncEnableCache() > 0) {
+		} else if (CoreConfigFacade.getInstance().getRemoteConfiguration().getNetwork().getEsyncEnableCache() > 0) {
 			// positive value means true, enable cache
 			esyncEnableCache = true;
 		} else {
@@ -141,6 +135,7 @@ public InputStream readFileContent(String hash) throws Exception {
 	}
 	
 	private boolean isCacheEsync() {
+		Cluster clusterConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster();
 		return esyncEnableCache || (clusterConfig.isEnabled() && clusterConfig.isKubernetes());
 	}
 
diff --git a/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/DistributedClusterPluginManager.java b/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/DistributedClusterPluginManager.java
index 6f505e6c..8080bdf7 100644
--- a/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/DistributedClusterPluginManager.java
+++ b/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/DistributedClusterPluginManager.java
@@ -33,7 +33,7 @@ private void initCache() {
     	// initialize plugins only if they arent in the cache    		
     	getAllPlugins()
     		.stream()
-    		.forEach(plugin -> getPluginStartedCache().putIfAbsent(plugin.getPluginInfo().getName(), new Boolean(plugin.getPluginInfo().isStarted())));
+    		.forEach(plugin -> getPluginStartedCache().putIfAbsent(plugin.getPluginInfo().getName(), Boolean.valueOf(plugin.getPluginInfo().isStarted())));
     	
     	// pull the most up to date plugin status from cache and set them
     	getAllPlugins()
diff --git a/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/DistributedPluginManager.java b/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/DistributedPluginManager.java
index fe0361d8..e3ba69d7 100644
--- a/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/DistributedPluginManager.java
+++ b/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/DistributedPluginManager.java
@@ -19,6 +19,7 @@
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 public class DistributedPluginManager implements PluginManager, Service {
 
@@ -328,26 +329,25 @@ private synchronized void persistPluginArchiveEnabledPropertyInPluginConfigurati
     @Override
     public void onFileUpload(String pluginClassName, Metadata metadata) {
 
-        if (Strings.isNullOrEmpty(pluginClassName)) {
-            throw new IllegalArgumentException("plugin class name is empty");
-        }
-
         AtomicInteger counter = new AtomicInteger();
 
-        // notify any plugin matching the class name
-        getAllPlugins()
-                .stream()
-                .filter(plugin -> plugin.getPluginInfo().getClassName().equals(pluginClassName))
-                .forEach(plugin -> {
-                    if (plugin.getPluginInfo().isStarted()) {
-                        plugin.onFileUploadEvent(metadata);
-                    } else {
-                        logger.error("Plugin {} is not started", pluginClassName);
-                    }
-                    counter.incrementAndGet();
-                });
+        Stream<PluginLifecycle> plugins = getAllPlugins().stream();
+
+        // if pluginClassName is provided, only notify plugins matching the class name
+        if (pluginClassName != null) {
+            plugins = plugins.filter(plugin -> plugin.getPluginInfo().getClassName().equals(pluginClassName));
+        }
+
+        plugins.forEach(plugin -> {
+            if (plugin.getPluginInfo().isStarted()) {
+                plugin.onFileUploadEvent(metadata);
+            } else {
+                logger.error("Plugin {} is not started", plugin.getPluginInfo().getClassName());
+            }
+            counter.incrementAndGet();
+        });
 
-        if (counter.get() == 0) {
+        if (pluginClassName != null && counter.get() == 0) {
             throw new IllegalArgumentException("no plugin with class name " + pluginClassName + " is currently installed.");
         }
     }
diff --git a/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/PluginService.java b/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/PluginService.java
index dec32a0b..01837481 100644
--- a/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/PluginService.java
+++ b/src/takserver-plugin-manager/src/main/java/tak/server/plugins/service/PluginService.java
@@ -6,6 +6,8 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;
 
+import com.bbn.marti.config.TAKIgniteConfiguration;
+import com.bbn.marti.remote.config.CoreConfigFacade;
 import org.apache.ignite.Ignite;
 import org.apache.ignite.Ignition;
 import org.apache.ignite.cache.spring.SpringCacheManager;
@@ -25,8 +27,8 @@
 
 import com.bbn.cluster.ClusterGroupDefinition;
 import com.bbn.marti.config.Cluster;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.ServerInfo;
+import com.bbn.marti.remote.util.LoggingConfigPropertiesSetupUtil;
 import com.zaxxer.hikari.HikariDataSource;
 
 import atakmap.commoncommo.protobuf.v1.MessageOuterClass.Message;
@@ -35,6 +37,7 @@
 import tak.server.PluginRegistry;
 import tak.server.cache.TakIgniteSpringCacheManager;
 import tak.server.ignite.IgniteConfigurationHolder;
+import tak.server.ignite.IgniteHolder;
 import tak.server.messaging.Messenger;
 import tak.server.plugins.PluginApi;
 import tak.server.plugins.PluginCoreConfigApi;
@@ -84,14 +87,25 @@ public static void main(String[] args) {
 			profiles.add(Constants.CLUSTER_PROFILE_NAME);
 			application.setAdditionalProfiles(profiles.toArray(new String[0]));
 		}
-		
-		ignite =  Ignition.getOrStart(IgniteConfigurationHolder.getInstance().getIgniteConfiguration
-				(PluginManagerConstants.PLUGIN_MANAGER_IGNITE_PROFILE, "127.0.0.1", isCluster, isK8Cluster, false, false, 47500, 100, 47100, 100, 512, 600000, 52428800, 52428800, -1, false, -1.f, false, false, -1, false, 300000, 300000, 600000));
-		
+
+		TAKIgniteConfiguration takIgniteConfiguration = IgniteConfigurationHolder.getInstance().getTAKIgniteConfiguration(
+				"127.0.0.1", isCluster, isK8Cluster, false, false, 47500,
+				100, 47100, 100, 512,
+				600000, 52428800, 52428800, -1,
+				false, -1.f, false, false,
+				-1, false, 300000, 300000,
+				600000);
+		IgniteConfigurationHolder.getInstance().setTAKIgniteConfiguration(takIgniteConfiguration);
+		IgniteConfigurationHolder.getInstance().setIgniteConfiguration(
+				IgniteConfigurationHolder.getInstance().getIgniteConfiguration(PluginManagerConstants.PLUGIN_MANAGER_IGNITE_PROFILE, takIgniteConfiguration));
+		ignite = IgniteHolder.getInstance().getIgnite();
+
 		if (ignite == null) {
 			System.exit(1);
 		}
 
+		LoggingConfigPropertiesSetupUtil.getInstance().setupLoggingConfiguration();
+
 		// start sping boot app
 		application.run(args);
 		JavaVersionChecker.check(logger);
@@ -309,9 +323,9 @@ public PluginCoreConfigApi pluginCoreConfigApi(Ignite ignite) {
 	}
 	
 	@Bean
-	public PluginFileApiJDBC pluginFileApiJDBC(CoreConfig coreConfig) {
+	public PluginFileApiJDBC pluginFileApiJDBC() {
 		
-		return new PluginFileApiJDBC(coreConfig);
+		return new PluginFileApiJDBC();
 	}
 	
 	@Bean
@@ -322,24 +336,17 @@ public PluginFileApi pluginFileApi(Ignite ignite, PluginFileApiJDBC pluginFileAp
 		return new PluginFileApiImpl(pluginFileApiFromApiProcess, pluginFileApiJDBC);
 	}
 
-    @Bean
-    public CoreConfig coreConfig(Ignite ignite) {
-    	    	    	
-    	return ignite.services(ClusterGroupDefinition.getMessagingClusterDeploymentGroup(ignite)).serviceProxy(Constants.DISTRIBUTED_CONFIGURATION, CoreConfig.class, false);
-    
-    }
-	
 	@Bean
-	public HikariDataSource dataSource(CoreConfig coreConfig) {
+	public HikariDataSource dataSource() {
 		
-		return DataSourceUtils.setupDataSourceFromCoreConfig(coreConfig);
+		return DataSourceUtils.setupDataSourceFromCoreConfig();
 	
 	}
 	
 	@Bean
-	CacheManager cacheManager(Ignite ignite, CoreConfig coreConfig) {
+	CacheManager cacheManager() {
 
-		Cluster clusterConfig = coreConfig.getRemoteConfiguration().getCluster();
+		Cluster clusterConfig = CoreConfigFacade.getInstance().getRemoteConfiguration().getCluster();
 		
 		SpringCacheManager scm = new TakIgniteSpringCacheManager(ignite);
 
@@ -351,7 +358,7 @@ CacheManager cacheManager(Ignite ignite, CoreConfig coreConfig) {
 
 		}
 
-		scm.setConfiguration(IgniteConfigurationHolder.getInstance().getConfiguration());
+		scm.setConfiguration(IgniteConfigurationHolder.getInstance().getIgniteConfiguration());
 
 		return scm;
 	}
diff --git a/src/takserver-plugin-manager/src/main/resources/logback-test.xml b/src/takserver-plugin-manager/src/main/resources/logback-test.xml
index cefe9298..8a6ce747 100644
--- a/src/takserver-plugin-manager/src/main/resources/logback-test.xml
+++ b/src/takserver-plugin-manager/src/main/resources/logback-test.xml
@@ -1,14 +1,37 @@
 <configuration scan="true" scanPeriod="30 seconds">
-        <appender name="plugins_application_log" class="ch.qos.logback.core.rolling.RollingFileAppender">
-            <file>logs/takserver-plugins.log</file>
-            <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-                <fileNamePattern>logs/takserver-plugins.%d{yyyy-MM-dd}.log.gz</fileNamePattern>
-                <maxHistory>90</maxHistory>
-            </rollingPolicy>
-            <encoder>
-                <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %logger{36} - %msg%n</pattern>
-            </encoder>
-        </appender>
+    <springProperty name="JSON_FORMAT_ENABLED" source="logging.json.enabled" defaultValue="false" />
+    <springProperty name="AUDIT_ENABLED" source="logging.audit.enabled" defaultValue="false" />
+    <springProperty name="PRETTY_PRINT" source="logging.pretty.enabled" defaultValue="false" />
+
+    <if condition='${AUDIT_ENABLED}'>
+        <then><property name="JSON_LAYOUT" value="com.bbn.marti.remote.AuditLogJsonLayout" /></then>
+        <else><property name="JSON_LAYOUT" value="ch.qos.logback.contrib.json.classic.JsonLayout" /></else>
+    </if>
+
+    <appender name="plugins_application_log" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/takserver-plugins.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>logs/takserver-plugins.%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+            <maxHistory>90</maxHistory>
+        </rollingPolicy>
+        <if condition="${JSON_FORMAT_ENABLED}">
+            <then>
+                <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
+                    <layout class="${JSON_LAYOUT}">
+                        <jsonFormatter class="ch.qos.logback.contrib.jackson.JacksonJsonFormatter">
+                            <prettyPrint>${PRETTY_PRINT}</prettyPrint>
+                        </jsonFormatter>
+                        <timestampFormat>yyyy-MM-dd'T'HH:mm:ss.SSS'Z'</timestampFormat>
+                    </layout>
+                </encoder>
+            </then>
+            <else>
+                <encoder>
+                    <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %logger{36} - %msg%n</pattern>
+                </encoder>
+            </else>
+        </if>
+    </appender>
     <root level="INFO">
         <appender-ref ref="plugins_application_log" />
     </root>
diff --git a/src/takserver-plugin-manager/src/main/resources/logback.xml b/src/takserver-plugin-manager/src/main/resources/logback.xml
index cefe9298..f01aa1d6 100644
--- a/src/takserver-plugin-manager/src/main/resources/logback.xml
+++ b/src/takserver-plugin-manager/src/main/resources/logback.xml
@@ -1,13 +1,37 @@
 <configuration scan="true" scanPeriod="30 seconds">
+    <springProperty name="JSON_FORMAT_ENABLED" source="logging.json.enabled" defaultValue="false" />
+    <springProperty name="AUDIT_ENABLED" source="logging.audit.enabled" defaultValue="false" />
+    <springProperty name="PRETTY_PRINT" source="logging.pretty.enabled" defaultValue="false" />
+
+    <if condition='${AUDIT_ENABLED}'>
+        <then><property name="JSON_LAYOUT" value="com.bbn.marti.remote.AuditLogJsonLayout" /></then>
+        <else><property name="JSON_LAYOUT" value="ch.qos.logback.contrib.json.classic.JsonLayout" /></else>
+    </if>
+
         <appender name="plugins_application_log" class="ch.qos.logback.core.rolling.RollingFileAppender">
             <file>logs/takserver-plugins.log</file>
             <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
                 <fileNamePattern>logs/takserver-plugins.%d{yyyy-MM-dd}.log.gz</fileNamePattern>
                 <maxHistory>90</maxHistory>
             </rollingPolicy>
-            <encoder>
-                <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %logger{36} - %msg%n</pattern>
-            </encoder>
+            <if condition="${JSON_FORMAT_ENABLED}">
+                <then>
+                    
+                    <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
+                        <layout class="${JSON_LAYOUT}">
+                            <jsonFormatter class="ch.qos.logback.contrib.jackson.JacksonJsonFormatter">
+                                <prettyPrint>${PRETTY_PRINT}</prettyPrint>
+                            </jsonFormatter>
+                            <timestampFormat>yyyy-MM-dd'T'HH:mm:ss.SSS'Z'</timestampFormat>
+                        </layout>
+                    </encoder>
+                </then>
+                <else>
+                    <encoder>
+                        <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %logger{36} - %msg%n</pattern>
+                    </encoder>
+                </else>
+            </if>
         </appender>
     <root level="INFO">
         <appender-ref ref="plugins_application_log" />
diff --git a/src/takserver-plugins/build.gradle b/src/takserver-plugins/build.gradle
index 08817757..7def5f2b 100644
--- a/src/takserver-plugins/build.gradle
+++ b/src/takserver-plugins/build.gradle
@@ -28,16 +28,19 @@ dependencies {
 
   implementation group: 'org.yaml', name: 'snakeyaml', version: snake_yaml_version
   implementation group: 'org.slf4j', name: 'slf4j-api', version: slf4j_version
+  implementation group: 'org.slf4j', name: 'log4j-over-slf4j', version: slf4j_version
 
   api(project(':takserver-protobuf')) {
     exclude group: 'io.grpc'
     exclude group: 'io.netty'
   }
 
-  implementation group: 'org.hibernate', name: 'hibernate-core', version: hibernate_version
+  implementation group: 'org.hibernate.orm', name: 'hibernate-core', version: hibernate_version
   implementation group: 'com.googlecode.json-simple', name: 'json-simple', version: json_simple_version
-  implementation group: 'javax.xml.bind', name: 'jaxb-api', version: jaxb_api_version
-  implementation group: 'javax.persistence', name: 'javax.persistence-api', version: javax_persistence_api_version
+  //implementation group: 'javax.xml.bind', name: 'jaxb-api', version: jaxb_api_version
+  implementation group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: jakarta_xml_bind_api_version
+  //implementation group: 'javax.persistence', name: 'javax.persistence-api', version: javax_persistence_api_version
+  implementation group: 'jakarta.persistence', name: 'jakarta.persistence-api', version: jakarta_persistence_api_version
   implementation group: 'com.intellij', name: 'annotations', version: intellij_annotations_version // IntelliJ @NotNull annotation
   implementation group: 'com.fasterxml.jackson.core', name: 'jackson-annotations', version: jackson_version
   implementation group: 'joda-time', name: 'joda-time', version: joda_version
@@ -74,3 +77,9 @@ sourceSets {
         }
     }
 }
+
+configurations {
+    all {
+        exclude group: 'ch.qos.logback', module: 'logback-classic'
+    }
+}
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/maplayer/model/MapLayer.java b/src/takserver-plugins/src/main/java/com/bbn/marti/maplayer/model/MapLayer.java
index a8d7867b..82b20802 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/maplayer/model/MapLayer.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/maplayer/model/MapLayer.java
@@ -4,26 +4,34 @@
 import java.util.Date;
 import java.util.Objects;
 
-import javax.persistence.*;
-import javax.xml.bind.annotation.XmlTransient;
+import com.google.common.collect.ComparisonChain;
+import com.google.common.collect.Ordering;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
+import jakarta.persistence.Temporal;
+import jakarta.persistence.TemporalType;
+import jakarta.xml.bind.annotation.XmlTransient;
 
 import com.bbn.marti.sync.model.Mission;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import org.jetbrains.annotations.NotNull;
 
 import com.fasterxml.jackson.annotation.JsonFormat;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonInclude;
 
-//import io.swagger.annotations.ApiModel;
 import tak.server.Constants;
 
 @Entity(name = "maplayer")
 @Table(name = "maplayer")
 @Cacheable
-//@ApiModel
 @JsonInclude(JsonInclude.Include.NON_NULL)
-public class MapLayer implements Serializable {
+public class MapLayer implements Serializable, Comparable<MapLayer> {
 
 	/**
 	 * 
@@ -59,7 +67,7 @@ public class MapLayer implements Serializable {
     private boolean enabled;
     private boolean ignoreErrors;
     private boolean invertYCoordinate;
-    protected Mission mission;
+    transient protected Mission mission;
 
 
     public MapLayer() {
@@ -437,4 +445,40 @@ public String toString() {
         sb.append('}');
         return sb.toString();
     }
+
+    @Override
+    public int compareTo(MapLayer that) {
+        return ComparisonChain.start()
+                .compare(this.id, that.id, Ordering.natural().nullsFirst())
+                .compare(this.minZoom, that.minZoom, Ordering.natural().nullsFirst())
+                .compare(this.maxZoom, that.maxZoom, Ordering.natural().nullsFirst())
+                .compare(this.north, that.north, Ordering.natural().nullsFirst())
+                .compare(this.south, that.south, Ordering.natural().nullsFirst())
+                .compare(this.east, that.east, Ordering.natural().nullsFirst())
+                .compare(this.west, that.west, Ordering.natural().nullsFirst())
+                .compare(this.uid, that.uid, Ordering.natural().nullsFirst())
+                .compare(this.creatorUid, that.creatorUid, Ordering.natural().nullsFirst())
+                .compare(this.name, that.name, Ordering.natural().nullsFirst())
+                .compare(this.description, that.description, Ordering.natural().nullsFirst())
+                .compare(this.type, that.type, Ordering.natural().nullsFirst())
+                .compare(this.url, that.url, Ordering.natural().nullsFirst())
+                .compare(this.tileType, that.tileType, Ordering.natural().nullsFirst())
+                .compare(this.serverParts, that.serverParts, Ordering.natural().nullsFirst())
+                .compare(this.backgroundColor, that.backgroundColor, Ordering.natural().nullsFirst())
+                .compare(this.tileUpdate, that.tileUpdate, Ordering.natural().nullsFirst())
+                .compare(this.additionalParameters, that.additionalParameters, Ordering.natural().nullsFirst())
+                .compare(this.coordinateSystem, that.coordinateSystem, Ordering.natural().nullsFirst())
+                .compare(this.version, that.version, Ordering.natural().nullsFirst())
+                .compare(this.layers, that.layers, Ordering.natural().nullsFirst())
+                .compare(this.path, that.path, Ordering.natural().nullsFirst())
+                .compare(this.after, that.after, Ordering.natural().nullsFirst())
+                .compare(this.opacity, that.opacity, Ordering.natural().nullsFirst())
+                .compare(this.createTime, that.createTime, Ordering.natural().nullsFirst())
+                .compare(this.modifiedTime, that.modifiedTime, Ordering.natural().nullsFirst())
+                .compare(this.defaultLayer, that.defaultLayer, Ordering.natural().nullsFirst())
+                .compare(this.enabled, that.enabled, Ordering.natural().nullsFirst())
+                .compare(this.ignoreErrors, that.ignoreErrors, Ordering.natural().nullsFirst())
+                .compare(this.invertYCoordinate, that.invertYCoordinate, Ordering.natural().nullsFirst())
+                .result();
+    }
 }
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/ExternalMissionData.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/ExternalMissionData.java
index 324ccd32..593bd235 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/ExternalMissionData.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/ExternalMissionData.java
@@ -4,12 +4,17 @@
 package com.bbn.marti.sync.model;
 
 import java.io.Serializable;
-import javax.persistence.*;
-import javax.xml.bind.annotation.XmlElement;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
+import jakarta.xml.bind.annotation.XmlElement;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import org.hibernate.annotations.GenericGenerator;
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Location.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Location.java
index 4839f945..3a0c1e55 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Location.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Location.java
@@ -1,8 +1,8 @@
 package com.bbn.marti.sync.model;
 
 import java.io.Serializable;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlRootElement;
 import com.fasterxml.jackson.annotation.JsonInclude;
 
 @JsonInclude(JsonInclude.Include.NON_NULL)
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/LogEntry.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/LogEntry.java
index 8559125f..5c717e0d 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/LogEntry.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/LogEntry.java
@@ -7,16 +7,16 @@
 import java.util.Set;
 import java.util.concurrent.ConcurrentSkipListSet;
 
-import javax.persistence.Cacheable;
-import javax.persistence.Column;
-import javax.persistence.ElementCollection;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.JoinTable;
-import javax.persistence.Table;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.ElementCollection;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.JoinTable;
+import jakarta.persistence.Table;
 
 import org.hibernate.annotations.GenericGenerator;
 import org.jetbrains.annotations.NotNull;
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Mission.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Mission.java
index bf949774..fe252d2d 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Mission.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Mission.java
@@ -9,23 +9,23 @@
 import java.util.Set;
 import java.util.concurrent.ConcurrentSkipListSet;
 
-import javax.persistence.Cacheable;
-import javax.persistence.CascadeType;
-import javax.persistence.CollectionTable;
-import javax.persistence.Column;
-import javax.persistence.ElementCollection;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.JoinTable;
-import javax.persistence.ManyToMany;
-import javax.persistence.ManyToOne;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
-import javax.persistence.Transient;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.CollectionTable;
+import jakarta.persistence.Column;
+import jakarta.persistence.ElementCollection;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.JoinTable;
+import jakarta.persistence.ManyToMany;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.OneToMany;
+import jakarta.persistence.Table;
+import jakarta.persistence.Transient;
 
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionChange.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionChange.java
index 15737907..a49bf4ff 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionChange.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionChange.java
@@ -5,23 +5,23 @@
 import java.io.Serializable;
 import java.util.Date;
 
-import javax.persistence.Cacheable;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.ManyToOne;
-import javax.persistence.Table;
-import javax.persistence.Transient;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
-import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
+import jakarta.persistence.Transient;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlTransient;
+import jakarta.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
@@ -72,7 +72,7 @@ public class MissionChange implements Serializable, Comparable<MissionChange> {
     protected String missionFeedUid;
     protected String mapLayerUid;
 
-    protected Mission mission;
+    transient protected Mission mission;
     protected String missionName; // mission name is denormalized here to track all event by mission name, even deletions (because if the mission id foreign key was joined on, the mission name would be lost when the mission record is deleted.
                                   // Mission change records will not be deleted at the application layer
 
@@ -326,13 +326,16 @@ public void setCreatorUid(String creatorUid) {
 
     @Override
 	public String toString() {
-		return "MissionChange [id=" + id + ", type=" + type + ", contentHash=" + contentHash + ", contentUid="
-				+ contentUid + ", externalDataUid=" + externalDataUid + ", externalDataName=" + externalDataName
-				+ ", externalDataTool=" + externalDataTool + ", externalDataToken=" + externalDataToken
-				+ ", externalDataNotes=" + externalDataNotes + ", mission=" + mission + ", missionName=" + missionName
-				+ ", timestamp=" + timestamp + ", servertime=" + servertime + ", creatorUid=" + creatorUid
-				+ ", uidDetails=" + uidDetails + ", externalMissionData=" + externalMissionData + ", tempResource="
-				+ tempResource + ", tempLogEntry=" + tempLogEntry + "]";
+		return "MissionChange [id=" + id + ", isFederatedChange=" + isFederatedChange + ", type=" + type
+				+ ", contentHash=" + contentHash + ", contentUid=" + contentUid + ", externalDataUid=" + externalDataUid
+				+ ", externalDataName=" + externalDataName + ", externalDataTool=" + externalDataTool
+				+ ", externalDataToken=" + externalDataToken + ", externalDataNotes=" + externalDataNotes
+				+ ", missionFeedUid=" + missionFeedUid + ", mapLayerUid=" + mapLayerUid + ", mission=" + mission
+				+ ", missionName=" + missionName + ", timestamp=" + timestamp + ", servertime=" + servertime
+				+ ", creatorUid=" + creatorUid + ", uidDetails=" + uidDetails + ", externalMissionData="
+				+ externalMissionData + ", tempResource=" + tempResource + ", tempLogEntry=" + tempLogEntry
+				+ ", tempExternalMissionData=" + tempExternalMissionData + ", mapLayer=" + mapLayer + ", missionFeed="
+				+ missionFeed + ", contentResource=" + contentResource + "]";
 	}
 
     @Override
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionFeed.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionFeed.java
index 33cebd51..1befe377 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionFeed.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionFeed.java
@@ -1,8 +1,16 @@
 package com.bbn.marti.sync.model;
 
-import javax.persistence.*;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlTransient;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
+import jakarta.persistence.Transient;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlTransient;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -15,6 +23,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.base.Strings;
 import com.google.common.collect.ComparisonChain;
+import com.google.common.collect.Ordering;
 
 import org.json.simple.JSONArray;
 import org.slf4j.Logger;
@@ -36,7 +45,7 @@ public class MissionFeed implements Serializable, Comparable<MissionFeed> {
     protected String filterPolygon;
     protected String filterCotTypesSerialized;
     protected String filterCallsign;
-    protected Mission mission;
+    transient protected Mission mission;
     @Transient protected String name;
 
     public MissionFeed() {
@@ -137,9 +146,9 @@ public int compareTo(MissionFeed that) {
         return ComparisonChain.start()
                 .compare(this.uid, that.uid)
                 .compare(this.dataFeedUid, that.dataFeedUid)
-                .compare(this.filterPolygon, that.filterPolygon)
-                .compare(this.filterCotTypesSerialized, that.filterCotTypesSerialized)
-                .compare(this.filterCallsign, that.filterCallsign)
+                .compare(this.filterPolygon, that.filterPolygon, Ordering.natural().nullsFirst())
+                .compare(this.filterCotTypesSerialized, that.filterCotTypesSerialized, Ordering.natural().nullsFirst())
+                .compare(this.filterCallsign, that.filterCallsign, Ordering.natural().nullsFirst())
                 .result();
     }
 
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionLayer.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionLayer.java
index ff6c6974..2496ed79 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionLayer.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionLayer.java
@@ -4,11 +4,27 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
-import javax.persistence.*;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
-import java.util.*;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.OneToMany;
+import jakarta.persistence.Table;
+import jakarta.persistence.Transient;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlTransient;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
 import java.util.concurrent.CopyOnWriteArrayList;
 
 import com.bbn.marti.maplayer.model.MapLayer;
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionPermission.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionPermission.java
index 7b2f7f49..ced70c33 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionPermission.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionPermission.java
@@ -6,9 +6,15 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.persistence.*;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlTransient;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlTransient;
 import java.io.Serializable;
 
 @Entity
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionPermissions.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionPermissions.java
index 9b78c862..45b0c9cf 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionPermissions.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionPermissions.java
@@ -3,10 +3,10 @@
 
 import java.util.Set;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
 
 @XmlRootElement(name = "permissions")
 @XmlAccessorType(XmlAccessType.FIELD)
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionRole.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionRole.java
index 5bfc7866..fd7ce84e 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionRole.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/MissionRole.java
@@ -4,11 +4,24 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.google.common.collect.ComparisonChain;
-import javax.persistence.*;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
+
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.JoinTable;
+import jakarta.persistence.ManyToMany;
+import jakarta.persistence.Table;
+import jakarta.persistence.Transient;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlTransient;
+
 import java.io.Serializable;
 import java.util.HashSet;
 import java.util.Set;
@@ -109,7 +122,7 @@ public Set<String> getPermissions() {
 	@Override
 	public int compareTo(MissionRole that) {
 		return ComparisonChain.start()
-				.compare(this.role, that.role)
+				.compare(this.getRole(), that.getRole())
 				.result();
 	}
 
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Resource.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Resource.java
index 6d6014a3..993c761f 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Resource.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/Resource.java
@@ -9,20 +9,22 @@
 import java.util.NavigableSet;
 import java.util.SimpleTimeZone;
 
-import javax.persistence.Cacheable;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-import javax.persistence.Transient;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
-import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import jakarta.persistence.Cacheable;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import jakarta.persistence.Transient;
+import jakarta.persistence.Convert;
+import jakarta.persistence.Converter;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlTransient;
+import jakarta.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
 import org.hibernate.annotations.Formula;
-import org.hibernate.annotations.Type;
+//import org.hibernate.annotations.Type;
 import org.jetbrains.annotations.NotNull;
 import org.locationtech.jts.geom.Point;
 
@@ -148,7 +150,7 @@ public Resource(@NotNull Metadata metadata) {
         setHash(metadata.getHash());
         
         if (metadata.getSize() != null) {
-        	setSize(new Long(metadata.getSize()));
+        	setSize(Long.valueOf(metadata.getSize()));
         }
         
         setSubmitter(metadata.getFirst(Field.SubmissionUser));
@@ -317,7 +319,8 @@ public void setLongitude(Double longitude) {
         }
     }
 
-    @Type(type = "org.locationtech.jts.geom.Point")
+    //@Type(type = "org.locationtech.jts.geom.Point")
+    //@Convert(converter=Point.class)
     @Column(columnDefinition="Point", nullable = true)
     Point getLocation() { return location; }
 
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/UidDetails.java b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/UidDetails.java
index 7d814144..d8976982 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/UidDetails.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/sync/model/UidDetails.java
@@ -3,9 +3,9 @@
 import java.io.Serializable;
 import java.util.List;
 
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlAttribute;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 
diff --git a/src/takserver-plugins/src/main/java/com/bbn/marti/util/xml/DateAdapter.java b/src/takserver-plugins/src/main/java/com/bbn/marti/util/xml/DateAdapter.java
index 1386b71f..f9f71fcd 100644
--- a/src/takserver-plugins/src/main/java/com/bbn/marti/util/xml/DateAdapter.java
+++ b/src/takserver-plugins/src/main/java/com/bbn/marti/util/xml/DateAdapter.java
@@ -4,7 +4,7 @@
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.TimeZone;
-import javax.xml.bind.annotation.adapters.XmlAdapter;
+import jakarta.xml.bind.annotation.adapters.XmlAdapter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
diff --git a/src/takserver-plugins/src/main/java/tak/server/Constants.java b/src/takserver-plugins/src/main/java/tak/server/Constants.java
index 7350d317..659d96e3 100644
--- a/src/takserver-plugins/src/main/java/tak/server/Constants.java
+++ b/src/takserver-plugins/src/main/java/tak/server/Constants.java
@@ -62,6 +62,9 @@ public class Constants {
 
 	public static final String XML_HEADER = "<?xml version='1.0' encoding='UTF-8' standalone='yes'?>";
 
+	// Pub/Sub topics
+	public static final String CONFIG_TOPIC_KEY = "CONFIG_TOPIC_KEY";
+
 	// Attribute keys for objects kept in the WebSocket session
     public static final String SOCKET_TOPIC_KEY = "SOCKET_TOPIC";
     public static final String SOCKET_SESSION_KEY = "SOCKET_MARTI_SESSION_ID";
@@ -115,6 +118,7 @@ public class Constants {
 	public static final String FEDERATION_OUTGOING_CACHE = "federation-outgoing-cache";
 	public static final String IGNITE_SUBSCRIPTION_UID_TRACKER_CACHE = "ignite-subscription-uid-tacker-cache";
 	public static final String IGNITE_SUBSCRIPTION_CLIENTUID_TRACKER_CACHE = "ignite-subscription-clientuid-tacker-cache";
+	public static final String INGITE_LATEST_SA_CONNECTION_UID_CACHE = "ignite-latest-sa-connection-uid-cache";
 	public static final String IGNITE_USER_OUTBOUND_GROUP_CACHE = "ignite-user-outbound-group-cache";
 	public static final String IGNITE_USER_INBOUND_GROUP_CACHE = "ignite-user-inbound-group-cache";
 	public static final String LATEST_COT_CACHE = "latest-cot-cache";
@@ -136,6 +140,7 @@ public class Constants {
 	public static final String CLUSTER_PROFILE_NAME = "cluster";
 	public static final String MESSAGING_PROFILE_NAME = "messaging";	// messaging process
 	public static final String API_PROFILE_NAME = "api";				// API process
+	public static final String CONFIG_PROFILE_NAME = "config";				// Config process
 	public static final String HTTP_UI_PROFILE_NAME = "http-ui"; 		// reserved for future use
 	public static final String MONOLITH_PROFILE_NAME = "monolith"; 		// single-process execution
 	public static final String PLUGINS_ENABLED_PROFILE_NAME = "plugins"; 		// plugins enabled
diff --git a/src/takserver-plugins/src/main/java/tak/server/cot/CotElement.java b/src/takserver-plugins/src/main/java/tak/server/cot/CotElement.java
index 9281a8c0..3821477d 100644
--- a/src/takserver-plugins/src/main/java/tak/server/cot/CotElement.java
+++ b/src/takserver-plugins/src/main/java/tak/server/cot/CotElement.java
@@ -55,7 +55,7 @@ public class CotElement implements Serializable {
 	 * Returns the callsign from a Query Result, if present, or the uid, if it is not.
 	 */
 	public String getCallsign() {
-		if(callsign == null || callsign.isEmpty() || callsign.equals(errorMessage))
+		if (callsign == null || callsign.isEmpty() || callsign.equals(errorMessage))
 			return uid;
 		return callsign;
 	}
diff --git a/src/takserver-plugins/src/main/java/tak/server/cot/CotParser.java b/src/takserver-plugins/src/main/java/tak/server/cot/CotParser.java
index fd69c315..ec2203e3 100644
--- a/src/takserver-plugins/src/main/java/tak/server/cot/CotParser.java
+++ b/src/takserver-plugins/src/main/java/tak/server/cot/CotParser.java
@@ -97,21 +97,21 @@ private CotParser(ValidationErrorCallback errback, boolean isValidating) {
                 reader.setErrorHandler(new ErrorHandler() {
                     @Override
                     public void warning(SAXParseException exception) throws SAXException {
-                        if(errorCallback != null)
+                        if (errorCallback != null)
                             errorCallback.onValidationError(ErrorLevel.WARNING, exception);
                         throw exception;
                     }
 
                     @Override
                     public void fatalError(SAXParseException exception) throws SAXException {
-                        if(errorCallback != null)
+                        if (errorCallback != null)
                             errorCallback.onValidationError(ErrorLevel.FATAL, exception);
                         throw exception;
                     }
 
                     @Override
                     public void error(SAXParseException exception) throws SAXException {
-                        if(errorCallback != null)
+                        if (errorCallback != null)
                             errorCallback.onValidationError(ErrorLevel.ERROR, exception);
                         throw exception;
                     }
diff --git a/src/takserver-plugins/src/main/java/tak/server/cot/XmlContainer.java b/src/takserver-plugins/src/main/java/tak/server/cot/XmlContainer.java
index ca03c3bb..f46cb5db 100644
--- a/src/takserver-plugins/src/main/java/tak/server/cot/XmlContainer.java
+++ b/src/takserver-plugins/src/main/java/tak/server/cot/XmlContainer.java
@@ -44,7 +44,7 @@ public Document document() {
   }
 
   public boolean matchXPath(String b) {
-    if(doc != null) {
+    if (doc != null) {
       XPath xpath = DocumentHelper.createXPath(b);
       return xpath.booleanValueOf(doc);
     }
diff --git a/src/takserver-plugins/src/main/java/tak/server/proto/StreamingProtoBufHelper.java b/src/takserver-plugins/src/main/java/tak/server/proto/StreamingProtoBufHelper.java
index 7d0e0407..db4ada1c 100644
--- a/src/takserver-plugins/src/main/java/tak/server/proto/StreamingProtoBufHelper.java
+++ b/src/takserver-plugins/src/main/java/tak/server/proto/StreamingProtoBufHelper.java
@@ -4,7 +4,10 @@
 import java.nio.ByteBuffer;
 import java.util.Date;
 
-import org.dom4j.*;
+import org.dom4j.Attribute;
+import org.dom4j.Document;
+import org.dom4j.DocumentHelper;
+import org.dom4j.Element;
 import org.dom4j.io.SAXReader;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -578,7 +581,7 @@ public static CotEventContainer proto2cot(TakMessage takMessage) {
 
                         // if we see one of the currently defined detail types appear in the xmlDetail section
                         // then the xmlDetail contents shall override whatever appeared in the proto message.
-                        if(0 == name.compareTo(CONTACT)
+                        if (0 == name.compareTo(CONTACT)
                         || 0 == name.compareTo(GROUP)
                         || 0 == name.compareTo(PRECISION_LOCATION)
                         || 0 == name.compareTo(STATUS)
diff --git a/src/takserver-plugins/src/main/java/tak/server/util/Association.java b/src/takserver-plugins/src/main/java/tak/server/util/Association.java
index 08193d05..e58717d3 100644
--- a/src/takserver-plugins/src/main/java/tak/server/util/Association.java
+++ b/src/takserver-plugins/src/main/java/tak/server/util/Association.java
@@ -36,7 +36,7 @@ public V setValue(V value) {
 	
 	@Override
 	public boolean equals(Object other) {
-		if(this != other) {
+		if (this != other) {
 			if (other != null && other instanceof Association) {
 				Association that = (Association) other;
 				return getKey().equals(that.getKey());
diff --git a/src/takserver-protobuf/build.gradle b/src/takserver-protobuf/build.gradle
index 83132acf..9081a4c5 100644
--- a/src/takserver-protobuf/build.gradle
+++ b/src/takserver-protobuf/build.gradle
@@ -32,8 +32,8 @@ dependencies {
   api "io.netty:netty-tcnative-boringssl-static:$netty_tcnative_version:osx-aarch_64"
   api "io.netty:netty-tcnative-boringssl-static:$netty_tcnative_version:windows-x86_64"
 
-  implementation 'javax.activation:activation:' + javax_activation_version
-
+  //implementation 'javax.activation:activation:' + javax_activation_version
+  
   // guava
   api group: 'com.google.guava', name: 'guava', version: guava_version
 }
diff --git a/src/takserver-retention/build.gradle b/src/takserver-retention/build.gradle
index 3a8b81e2..1e3ff438 100644
--- a/src/takserver-retention/build.gradle
+++ b/src/takserver-retention/build.gradle
@@ -8,7 +8,6 @@ apply plugin: 'eclipse'
 apply plugin: 'idea'
 apply plugin: 'java-library'
 apply plugin: 'org.springframework.boot'
-apply plugin: 'io.spring.dependency-management'
 
 group 'tak'
 
@@ -28,18 +27,20 @@ dependencies {
 
     implementation group: 'xerces', name: 'xercesImpl', version: xerces_version
 
-    implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: log4j_api_version
-    implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: log4j_api_version
+    //implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: log4j_api_version
+    //implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: log4j_api_version
+    implementation group: 'org.slf4j', name: 'slf4j-api', version: slf4j_version
     implementation group: 'org.slf4j', name: 'log4j-over-slf4j', version: slf4j_version
-
+    implementation group: 'ch.qos.logback', name: 'logback-classic', version: logback_version
+    
     implementation project(':takserver-common')
     implementation group: 'com.h2database', name: 'h2', version: h2_version
 
     implementation group: 'org.springframework.boot', name: 'spring-boot-loader', version: spring_boot_version
-    implementation group: 'org.springframework', name: 'spring-context'
-    implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
-    implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jdbc'
-    implementation 'org.apache.commons:commons-lang3'
+    implementation group: 'org.springframework', name: 'spring-context', version: spring_version
+    implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: spring_boot_version
+    implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jdbc', version: spring_boot_version
+    implementation group: 'org.apache.commons', name: 'commons-lang3', version: commons_lang_version
 	implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: jackson_version
     implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: jackson_version
     implementation group: 'com.fasterxml.jackson.core', name: 'jackson-annotations', version: jackson_version
@@ -50,10 +51,20 @@ dependencies {
     runtimeOnly "org.postgresql:postgresql:$postgres_version"
 
 
+    // required for audit log custom logging filter
+    implementation group: 'ch.qos.logback', name: 'logback-classic', version: logback_version
+    implementation group: 'ch.qos.logback.contrib', name: 'logback-jackson', version: logback_jackson_version
+    implementation group: 'ch.qos.logback.contrib', name: 'logback-json-classic', version: logback_jackson_version
+    // https://mvnrepository.com/artifact/org.codehaus.janino/janino License: BSD 3-Clause
+    // required for conditional processing of logback configuration
+    implementation group: 'org.codehaus.janino', name: 'janino', version: janino_version
+
     testImplementation group: 'junit', name: 'junit', version: junit_version
     testImplementation group: 'org.mockito', name: 'mockito-core', version: mockito_version
-    testImplementation("org.springframework.boot:spring-boot-starter-test") {
+    testImplementation("org.springframework.boot:spring-boot-starter-test:$spring_boot_version") {
         exclude group: "com.vaadin.external.google", module: "android-json"
     }
     testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: logback_version
+    
+    implementation group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: jakarta_xml_bind_api_version
 }
diff --git a/src/takserver-retention/src/main/java/tak/server/retention/RetentionApplication.java b/src/takserver-retention/src/main/java/tak/server/retention/RetentionApplication.java
index 32d9d741..e8ef7afb 100644
--- a/src/takserver-retention/src/main/java/tak/server/retention/RetentionApplication.java
+++ b/src/takserver-retention/src/main/java/tak/server/retention/RetentionApplication.java
@@ -3,9 +3,12 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;
 
+import com.bbn.marti.config.TAKIgniteConfiguration;
+import com.bbn.marti.remote.exception.TakException;
 import com.zaxxer.hikari.HikariDataSource;
 import org.apache.ignite.Ignite;
 import org.apache.ignite.Ignition;
+import org.apache.ignite.configuration.IgniteConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.CommandLineRunner;
@@ -14,22 +17,24 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
+
 import org.springframework.scheduling.annotation.EnableScheduling;
+
 import tak.server.Constants;
 import tak.server.ignite.IgniteConfigurationHolder;
-import tak.server.plugins.PluginManagerConstants;
 import tak.server.retention.config.DistributedRetentionPolicyConfig;
 import tak.server.retention.scheduler.ExpirationTaskService;
 import tak.server.retention.scheduler.SingleTaskSchedulerService;
 import tak.server.retention.service.DistributedMissionArchiveManager;
 import tak.server.retention.service.MissionArchiveHelper;
+import tak.server.util.ActiveProfiles;
 import tak.server.util.DataSourceUtils;
 
 import com.bbn.cluster.ClusterGroupDefinition;
-import com.bbn.marti.remote.CoreConfig;
 import com.bbn.marti.remote.service.MissionArchiveManager;
 import com.bbn.marti.remote.service.RetentionPolicyConfig;
 import com.bbn.marti.remote.service.RetentionQueryService;
+import com.bbn.marti.remote.util.LoggingConfigPropertiesSetupUtil;
 import tak.server.util.JavaVersionChecker;
 
 @SpringBootApplication
@@ -43,7 +48,11 @@ public void run(String... args) throws Exception { }
 
     public static void main(String[] args) {
         JavaVersionChecker.check();
-        ApplicationContext ctx = SpringApplication.run(RetentionApplication.class, args);
+        System.setProperty("spring.profiles.active",  Constants.RETENTION_PROFILE_NAME);
+
+        SpringApplication application = new SpringApplication();
+        LoggingConfigPropertiesSetupUtil.getInstance().setupLoggingConfiguration();
+        ApplicationContext ctx = application.run(RetentionApplication.class, args);
         JavaVersionChecker.check(logger);
 
         SingleTaskSchedulerService  singleTaskSchedulerService = ctx.getBean(SingleTaskSchedulerService.class);
@@ -63,8 +72,13 @@ SpringContextBeanForRetention SpringContextBeanForRetention() {
 
     @Bean
     Ignite ignite() {
-    	return Ignition.getOrStart(IgniteConfigurationHolder.getInstance().getIgniteConfiguration
-				(Constants.RETENTION_PROFILE_NAME, "127.0.0.1", false, false, false, false, 47500, 100, 47100, 100, 512, 600000, 52428800, 52428800, -1, false, -1.f, false, false, -1, false, 300000, 300000, 600000));
+        // setup the IgniteConfigurationHolder here
+        TAKIgniteConfiguration takIgniteConfiguration =
+                IgniteConfigurationHolder.getInstance().getTAKIgniteConfiguration();
+        IgniteConfiguration ic = IgniteConfigurationHolder.getInstance().getIgniteConfiguration(
+                Constants.RETENTION_PROFILE_NAME, takIgniteConfiguration);
+        IgniteConfigurationHolder.getInstance().setIgniteConfiguration(ic);
+        return Ignition.getOrStart(ic);
     }
 
     @Bean
@@ -106,6 +120,7 @@ private boolean accessRetentionQueryService(RetentionQueryService retentionQuery
     @Bean
     public RetentionPolicyConfig dataRetentionPolicyService(Ignite ignite) {
         DistributedRetentionPolicyConfig dpc = new DistributedRetentionPolicyConfig();
+
         ignite.services(ClusterGroupDefinition.getRetentionClusterDeploymentGroup(ignite)).deployNodeSingleton(Constants.DISTRIBUTED_RETENTION_POLICY_CONFIGURATION, dpc);
 
         return ignite.services(ClusterGroupDefinition.getRetentionClusterDeploymentGroup(ignite)).serviceProxy(Constants.DISTRIBUTED_RETENTION_POLICY_CONFIGURATION,
@@ -121,54 +136,15 @@ public MissionArchiveManager missionArchiveManager(Ignite ignite) {
         		MissionArchiveManager.class, false);
     }
 
-    @Bean
-    public CoreConfig coreConfig(Ignite ignite) {
-       final CoreConfig coreConfig = ignite.services(ClusterGroupDefinition.getMessagingClusterDeploymentGroup(ignite)).serviceProxy(Constants.DISTRIBUTED_CONFIGURATION,
-                CoreConfig.class, false);
-
-        boolean isCoreConfigAvailable = false;
-
-        // block and wait for CoreConfig to become available in messaging process
-        try {
-            isCoreConfigAvailable = canAccessCoreConfig(coreConfig).get();
-        } catch (InterruptedException | ExecutionException e) {
-            logger.error("interrupted checking CoreConfig availability", e);
-        }
-
-        logger.info("CoreConfig available: {}", isCoreConfigAvailable);
-
-        return coreConfig;
-    }
-
     @Bean
     public MissionArchiveHelper missionArchiveHelper() {
        return new MissionArchiveHelper();
     }
 
-    private CompletableFuture<Boolean> canAccessCoreConfig(final CoreConfig coreConfig) {
-
-        try {
-            logger.info("Waiting for the Core Config process...");
-            return CompletableFuture.completedFuture(accessCoreConfig(coreConfig));
-        } catch (Exception e) {
-            try {
-                Thread.sleep(10000L);
-            } catch (InterruptedException e1) {
-                logger.error("interrupted sleep", e1);
-            }
-            return canAccessCoreConfig(coreConfig);
-        }
-    }
-
-    private boolean accessCoreConfig(CoreConfig coreConfig) throws Exception {
-        coreConfig.getRemoteConfiguration().getRepository().getConnection(); // check for config
-        return true;
-    }
-
     @Bean
-    public HikariDataSource dataSource(CoreConfig coreConfig) {
+    public HikariDataSource dataSource() {
         HikariDataSource hikariDataSource = null;
-        hikariDataSource = DataSourceUtils.setupDataSourceFromCoreConfig(coreConfig);
+        hikariDataSource = DataSourceUtils.setupDataSourceFromCoreConfig();
         hikariDataSource.setMaximumPoolSize(2);
         return hikariDataSource;
     }
diff --git a/src/takserver-retention/src/main/java/tak/server/retention/scheduler/ExpirationTaskService.java b/src/takserver-retention/src/main/java/tak/server/retention/scheduler/ExpirationTaskService.java
index 33ac19ac..a1c432eb 100644
--- a/src/takserver-retention/src/main/java/tak/server/retention/scheduler/ExpirationTaskService.java
+++ b/src/takserver-retention/src/main/java/tak/server/retention/scheduler/ExpirationTaskService.java
@@ -67,7 +67,7 @@ public void scheduleAllMissionTasks() {
     // Remove scheduled task
     public void cancelFutureScheduledTask(String id) {
         ScheduledFuture<?> scheduledTask = scheduledTasks.get(id);
-        if(scheduledTask != null) {
+        if (scheduledTask != null) {
             scheduledTask.cancel(true);
             logger.info("scheduledTask is being cancelled = " + scheduledTask + " the id is " + id);
 
diff --git a/src/takserver-retention/src/main/resources/logback.xml b/src/takserver-retention/src/main/resources/logback.xml
index 565ba2e1..f153ce43 100644
--- a/src/takserver-retention/src/main/resources/logback.xml
+++ b/src/takserver-retention/src/main/resources/logback.xml
@@ -1,21 +1,57 @@
 <configuration scan="true" scanPeriod="30 seconds">
+<!--    TODO: Access logging configurations -->
+    <springProperty name="JSON_FORMAT_ENABLED" source="logging.json.enabled" defaultValue="false" />
+    <springProperty name="AUDIT_ENABLED" source="logging.audit.enabled" defaultValue="false" />
+    <springProperty name="PRETTY_PRINT" source="logging.pretty.enabled" defaultValue="false" />
+
+    <if condition='${AUDIT_ENABLED}'>
+        <then><property name="JSON_LAYOUT" value="com.bbn.marti.remote.AuditLogJsonLayout" /></then>
+        <else><property name="JSON_LAYOUT" value="ch.qos.logback.contrib.json.classic.JsonLayout" /></else>
+    </if>
+
         <appender name="retention_application_log" class="ch.qos.logback.core.rolling.RollingFileAppender">
             <file>logs/takserver-retention.log</file>
             <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
                 <fileNamePattern>logs/takserver-retention.%d{yyyy-MM-dd}.log.gz</fileNamePattern>
                 <maxHistory>90</maxHistory>
             </rollingPolicy>
-            <encoder>
-                <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %logger{36} - %msg%n</pattern>
-            </encoder>
+            <if condition="${JSON_FORMAT_ENABLED}">
+                <then>
+                    <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
+                        <layout class="${JSON_LAYOUT}">
+                            <jsonFormatter class="ch.qos.logback.contrib.jackson.JacksonJsonFormatter">
+                                <prettyPrint>${PRETTY_PRINT}</prettyPrint>
+                            </jsonFormatter>
+                            <timestampFormat>yyyy-MM-dd'T'HH:mm:ss.SSS'Z'</timestampFormat>
+                        </layout>
+                    </encoder>
+                </then>
+                <else>
+                    <encoder>
+                        <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %level %logger{36} - %msg%n</pattern>
+                    </encoder>
+                </else>
+            </if>
         </appender>
     <root level="INFO">
         <appender-ref ref="retention_application_log" />
     </root>
     <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
-        <encoder>
-            <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %logger{36} - %msg%n</pattern>
-        </encoder>
+        <if condition="${JSON_FORMAT_ENABLED}">
+            <then>
+                <layout class="${JSON_LAYOUT}">
+                    <jsonFormatter class="ch.qos.logback.contrib.jackson.JacksonJsonFormatter">
+                        <prettyPrint>${PRETTY_PRINT}</prettyPrint>
+                    </jsonFormatter>
+                    <timestampFormat>yyyy-MM-dd'T'HH:mm:ss.SSS'Z'</timestampFormat>
+                </layout>
+            </then>
+            <else>
+                <encoder>
+                    <pattern>%d{yyyy-MM-dd-HH:mm:ss.SSS} [%thread] %level %logger{36} - %msg%n</pattern>
+                </encoder>
+            </else>
+        </if>
     </appender>
     <root level="info">
         <appender-ref ref="console" />
diff --git a/src/takserver-schemamanager/build.gradle b/src/takserver-schemamanager/build.gradle
index bd6c7a4e..2c3e40d4 100644
--- a/src/takserver-schemamanager/build.gradle
+++ b/src/takserver-schemamanager/build.gradle
@@ -33,6 +33,8 @@ dependencies {
   implementation group: 'org.slf4j', name: 'slf4j-api', version: slf4j_version
   implementation group: 'com.zaxxer', name: 'HikariCP', version: hikaricp_version
   implementation group: 'xerces', name: 'xercesImpl', version: xerces_version
+  
+  implementation group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: jakarta_xml_bind_api_version
 }
 
 
diff --git a/src/takserver-schemamanager/src/main/java/com/bbn/tak/schema/SchemaManager.java b/src/takserver-schemamanager/src/main/java/com/bbn/tak/schema/SchemaManager.java
index 155f74b8..27e8625e 100644
--- a/src/takserver-schemamanager/src/main/java/com/bbn/tak/schema/SchemaManager.java
+++ b/src/takserver-schemamanager/src/main/java/com/bbn/tak/schema/SchemaManager.java
@@ -16,9 +16,9 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
+import jakarta.xml.bind.JAXBContext;
+import jakarta.xml.bind.JAXBException;
+import jakarta.xml.bind.Unmarshaller;
 
 import org.apache.commons.lang3.StringUtils;
 import org.flywaydb.core.Flyway;
@@ -341,7 +341,7 @@ private void readCoreConfig() {
         com.bbn.marti.config.Connection connection = null;
 
         try {
-            logger.info("trying to load configuration from file " + "CoreConfig.xml");
+            logger.info("trying to load configuration from file CoreConfig.xml");
             configuration = loadJAXifiedXML(Configuration.class.getPackage().getName());
         } catch (JAXBException | FileNotFoundException ex) {
             logger.warn("Failure reading database configuration from file " + ex.getMessage() +
@@ -360,7 +360,6 @@ private void readCoreConfig() {
                 commonOptions.setJdbcUrl(connection.getUrl());
             }
         }
-        StringUtils.substringAfterLast(commonOptions.jdbcUrl, "/");
         commonOptions.setDatabase(StringUtils.substringAfterLast(commonOptions.jdbcUrl, "/"));
 
         if (logger.isDebugEnabled()) {
diff --git a/src/takserver-schemamanager/src/main/resources/db/migration/V88__drop_classification_and_caveat.sql b/src/takserver-schemamanager/src/main/resources/db/migration/V88__drop_classification_and_caveat.sql
new file mode 100644
index 00000000..10e787b4
--- /dev/null
+++ b/src/takserver-schemamanager/src/main/resources/db/migration/V88__drop_classification_and_caveat.sql
@@ -0,0 +1,3 @@
+DROP TABLE IF EXISTS classification_caveat;
+DROP TABLE IF EXISTS classification;
+DROP TABLE IF EXISTS caveat;
\ No newline at end of file
diff --git a/src/takserver-schemamanager/src/main/resources/db/migration/V89__update_data_feed_tags_and_filter_groups_function.sql b/src/takserver-schemamanager/src/main/resources/db/migration/V89__update_data_feed_tags_and_filter_groups_function.sql
new file mode 100644
index 00000000..49cbbcfd
--- /dev/null
+++ b/src/takserver-schemamanager/src/main/resources/db/migration/V89__update_data_feed_tags_and_filter_groups_function.sql
@@ -0,0 +1,27 @@
+CREATE OR REPLACE FUNCTION insert_data_feed_tags(data_feed_id bigint, data_feed_tags character varying[])
+ RETURNS void
+ LANGUAGE plpgsql
+AS $function$
+declare
+tag varchar;
+begin
+    FOREACH tag in array data_feed_tags LOOP
+        INSERT INTO data_feed_tag (data_feed_id, tag) VALUES( data_feed_id, tag) ON CONFLICT DO NOTHING;
+end LOOP;
+END;
+$function$
+;
+
+CREATE OR REPLACE FUNCTION insert_data_feed_filter_groups(data_feed_id bigint, data_feed_filter_groups character varying[])
+ RETURNS void
+ LANGUAGE plpgsql
+AS $function$
+declare
+filter_group varchar;
+begin
+    FOREACH filter_group in array data_feed_filter_groups LOOP
+        INSERT INTO data_feed_filter_group (data_feed_id, filter_group) VALUES( data_feed_id, filter_group) ON CONFLICT DO NOTHING;
+end LOOP;
+END;
+$function$
+;
\ No newline at end of file
diff --git a/src/takserver-takcl-core/CommandDoclet.java b/src/takserver-takcl-core/CommandDoclet.java
index a8e41731..999c2632 100644
--- a/src/takserver-takcl-core/CommandDoclet.java
+++ b/src/takserver-takcl-core/CommandDoclet.java
@@ -1,10 +1,8 @@
-import com.sun.javadoc.*;
 import com.sun.javadoc.ProgramElementDoc;
 import com.sun.tools.doclets.standard.Standard;
 import com.sun.tools.javadoc.Main;
 
 import java.lang.System;
-import java.lang.reflect.*;
 import java.util.ArrayList;
 import java.util.List;
 
diff --git a/src/takserver-takcl-core/build.gradle b/src/takserver-takcl-core/build.gradle
index f03951dd..9b66ea2f 100644
--- a/src/takserver-takcl-core/build.gradle
+++ b/src/takserver-takcl-core/build.gradle
@@ -219,12 +219,13 @@ dependencies {
     implementation group: 'com.squareup.retrofit2', name: 'converter-scalars', version: '2.9.0'
 	// Keep the logging-interceptor in sync with the retrofit dependencies!
 	implementation group: 'com.squareup.okhttp3', name: 'logging-interceptor', version: '3.14.9'
-	implementation group: 'org.java-websocket', name: 'Java-WebSocket', version: '1.4.0'
+	implementation group: 'org.java-websocket', name: 'Java-WebSocket', version: '1.5.0'
     implementation group: 'io.grpc', name: 'grpc-protobuf', version: grpc_version
 
     implementation group: 'org.springframework.security', name: 'spring-security-core', version: spring_security_version
     implementation group: 'commons-io', name: 'commons-io', version: commons_io_version
-    implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: httpcomponents_version
+    //implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: httpcomponents_version
+    implementation group: 'org.apache.httpcomponents.client5', name: 'httpclient5', version: httpcomponents_version
     implementation group: 'org.dom4j', name: 'dom4j', version: dom4j_version
     implementation group: 'junit', name: 'junit', version: junit_version
     api group: 'com.google.code.gson', name: 'gson', version: gson_version
@@ -259,6 +260,8 @@ dependencies {
 
     cursedtakImplementation 'com.googlecode.lanterna:lanterna:3.0.1'
 	cursedtakImplementation group: 'xerces', name: 'xercesImpl', version: xerces_version
+	
+	implementation group: 'jakarta.xml.bind', name: 'jakarta.xml.bind-api', version: jakarta_xml_bind_api_version
 }
 
 
diff --git a/src/takserver-takcl-core/docker/init-db.sh b/src/takserver-takcl-core/docker/init-db.sh
index e04649eb..536a6b26 100644
--- a/src/takserver-takcl-core/docker/init-db.sh
+++ b/src/takserver-takcl-core/docker/init-db.sh
@@ -24,6 +24,7 @@ cd /init_files
 if [[ -f "takserver-base.rpm" ]];then
   rpm2cpio takserver-base.rpm | cpio -idm
   cp /init_files/opt/tak/CoreConfig.example.xml /init_files/opt/tak/CoreConfig.xml
+  cp /init_files/opt/tak/TAKIgniteConfig.example.xml /init_files/opt/tak/TAKIgniteConfig.xml
 fi
 
 sudo -u postgres /usr/pgsql-15/bin/psql --host=127.0.0.1 --port=5432 -U postgres -c "CREATE ROLE martiuser LOGIN ENCRYPTED PASSWORD 'md564d5850dcafc6b4ddd03040ad1260bc2' SUPERUSER INHERIT CREATEDB NOCREATEROLE;"
diff --git a/src/takserver-takcl-core/plugin-test-libs/takserver-receiver-plugin-sample-4.2-114-g6c068f1.jar b/src/takserver-takcl-core/plugin-test-libs/takserver-receiver-plugin-sample-4.2-114-g6c068f1.jar
new file mode 100644
index 00000000..3611050b
Binary files /dev/null and b/src/takserver-takcl-core/plugin-test-libs/takserver-receiver-plugin-sample-4.2-114-g6c068f1.jar differ
diff --git a/src/takserver-takcl-core/plugin-test-libs/takserver-receiver-plugin-sample-4.2-76-g0282e59.jar b/src/takserver-takcl-core/plugin-test-libs/takserver-receiver-plugin-sample-4.2-76-g0282e59.jar
deleted file mode 100644
index 50fe31d9..00000000
Binary files a/src/takserver-takcl-core/plugin-test-libs/takserver-receiver-plugin-sample-4.2-76-g0282e59.jar and /dev/null differ
diff --git a/src/takserver-takcl-core/plugin-test-libs/takserver-sender-plugin-sample-4.2-114-g6c068f1.jar b/src/takserver-takcl-core/plugin-test-libs/takserver-sender-plugin-sample-4.2-114-g6c068f1.jar
new file mode 100644
index 00000000..2e0b01ea
Binary files /dev/null and b/src/takserver-takcl-core/plugin-test-libs/takserver-sender-plugin-sample-4.2-114-g6c068f1.jar differ
diff --git a/src/takserver-takcl-core/plugin-test-libs/takserver-sender-plugin-sample-4.2-76-g0282e59.jar b/src/takserver-takcl-core/plugin-test-libs/takserver-sender-plugin-sample-4.2-76-g0282e59.jar
deleted file mode 100644
index 5a2bd9a2..00000000
Binary files a/src/takserver-takcl-core/plugin-test-libs/takserver-sender-plugin-sample-4.2-76-g0282e59.jar and /dev/null differ
diff --git a/src/takserver-takcl-core/scripts/cluster-tools/docker-deployer/deploy.sh b/src/takserver-takcl-core/scripts/cluster-tools/docker-deployer/deploy.sh
index a6540cbd..02579d70 100644
--- a/src/takserver-takcl-core/scripts/cluster-tools/docker-deployer/deploy.sh
+++ b/src/takserver-takcl-core/scripts/cluster-tools/docker-deployer/deploy.sh
@@ -2,17 +2,45 @@
 
 set -e
 
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+CANDIDATE_COUNT=$(ls -1 ${SCRIPT_DIR}/../../../../takserver-cluster/build/distributions/takserver-cluster-*.zip | wc -l)
+
 if [[ "${1}" == "" ]];then
-	echo Please provide the location of the "cluster" dir as an argument!
+	echo Please provide the location of the desired cluster-properties file!
+	exit 1
+fi
+
+if [[ ! -f "${1}" ]];then
+	echo The specified configuration file "${1}" does not exist!
+fi
+
+if [[ "${TAKSERVER_CERT_SOURCE}" == "" ]];then
+	echo Please set the environment variable TAKSERVER_CERT_SOURCE to the directory of your takserver certs!
 	exit 1
 fi
 
-CLUSTER_SRC="$(pwd)/${1}"
+if [[ "${CANDIDATE_COUNT}" != "1" ]];then
+	echo Please make sure one and only one cluster deploy zip exists in takserver-cluster/build/distributions!
+	exit 1
+fi
+
+CLUSTER_PROPERTIES=$(realpath ${1})
+
+DEPLOYMENT_ZIP=$(ls -1 ${SCRIPT_DIR}/../../../../takserver-cluster/build/distributions/takserver-cluster-*.zip)
+DEPLOYMENT_ZIP=$(realpath ${DEPLOYMENT_ZIP})
+CONTAINER_NAME=$(basename ${DEPLOYMENT_ZIP})
+CONTAINER_NAME="tak-deployer-${CONTAINER_NAME%.*}"
+
+CLUSTER_SRC="$(realpath ${1})"
+
+DOCKERFILE="${SCRIPT_DIR}/files/Dockerfile"
+DOCKERCONTEXT="${SCRIPT_DIR}/files"
 
-docker build --file=files/Dockerfile --tag=tak-deployer:latest ./files
-docker run -it --name=tak-cluster-deployer \
-	--mount type=bind,source="${CLUSTER_SRC}",target=/cluster-src,readonly \
+docker build --file="${DOCKERFILE}" --tag=tak-deployer:latest "${DOCKERCONTEXT}"
+docker run -it --name="${CONTAINER_NAME}" \
+	--mount type=bind,source="${CLUSTER_PROPERTIES}",target=/cluster-properties,readonly \
 	--mount type=bind,source="${HOME}"/.aws,target=/aws-src,readonly \
-	--mount type=bind,source=/home/awellman/Documents/TAKSERVER/test_certs-minimized,target=/certs-src,readonly \
+	--mount type=bind,source="${TAKSERVER_CERT_SOURCE}",target=/certs-src,readonly \
+	--mount type=bind,source="${DEPLOYMENT_ZIP}",target=/takserver-cluster.zip,readonly \
 	-v /var/run/docker.sock:/var/run/docker.sock \
 	tak-deployer:latest
diff --git a/src/takserver-takcl-core/scripts/cluster-tools/docker-deployer/files/docker_entrypoint.sh b/src/takserver-takcl-core/scripts/cluster-tools/docker-deployer/files/docker_entrypoint.sh
index 204651c2..6f289965 100644
--- a/src/takserver-takcl-core/scripts/cluster-tools/docker-deployer/files/docker_entrypoint.sh
+++ b/src/takserver-takcl-core/scripts/cluster-tools/docker-deployer/files/docker_entrypoint.sh
@@ -3,8 +3,9 @@
 set -e
 
 echo Copying read-only source directories to writable directories, please wait...
-cp -R /cluster-src /cluster
+unzip takserver-cluster.zip
 cp -R /aws-src /root/.aws
+cp -R /cluster-properties /cluster/cluster-properties
 cp -R /certs-src /cluster/takserver-core/certs/files
 
 cd /cluster
@@ -12,6 +13,6 @@ source cluster-properties
 
 export CLUSTER_HOME_DIR=/cluster
 
-python3 scripts/build-eks.py
+echo Please execute \`python3 scripts/build-eks.py\` to build the aws cluster ${TAK_CLUSTER_NAME}
 
 bash
diff --git a/src/takserver-takcl-core/scripts/cluster-tools/minikube-cluster-template.yaml b/src/takserver-takcl-core/scripts/cluster-tools/minikube-cluster-template.yaml
index 3da03ad1..d2d29c3b 100644
--- a/src/takserver-takcl-core/scripts/cluster-tools/minikube-cluster-template.yaml
+++ b/src/takserver-takcl-core/scripts/cluster-tools/minikube-cluster-template.yaml
@@ -1,6 +1,7 @@
 imagePullSecret: reg-cred
 certConfigMapName: cert-migration
 coreConfigMapName: core-config
+takIgniteConfigMapName: tak-ignite-config
 
 takserver:
   ingress:
@@ -30,6 +31,18 @@ takserver:
       fedv2:
         annotations: {}
         host: ""
+  config:
+    image:
+      repository: LOCAL_REPO/takserver-cluster/takserver-config
+      tag: LOCAL_TAG
+    replicas: 1
+    resources:
+      requests:
+        cpu: 1
+        memory: 1Gi
+      limits:
+        cpu: 1
+        memory: 1Gi
   messaging:
     image:
       repository: LOCAL_REPO/takserver-cluster/takserver-messaging
diff --git a/src/takserver-takcl-core/scripts/cluster-tools/start-local-cluster.sh b/src/takserver-takcl-core/scripts/cluster-tools/start-local-cluster.sh
index cad42892..a4c648a2 100644
--- a/src/takserver-takcl-core/scripts/cluster-tools/start-local-cluster.sh
+++ b/src/takserver-takcl-core/scripts/cluster-tools/start-local-cluster.sh
@@ -7,6 +7,7 @@ MK_DRIVER=docker # or docker, kvm2, virtualbox, qemu, etc. See https://minikube.
 MK_CPU_COUNT=12
 MK_MEMORY=16g
 DOCKER_REGISTRY_PORT=4000
+ENABLE_INGRES=false
 
 if [[ "${TAKCL_SERVER_POSTGRES_PASSWORD}" == "" ]];then
 	echo Please set the environment variable TAKCL_SERVER_POSTGRES_PASSWORD to a password to use this script!
@@ -134,6 +135,9 @@ build_docker() {
 	docker build -t ${PUBLISH_REPO}/takserver-base:${TAG} -f docker-files/Dockerfile.takserver-base .
 	docker push ${PUBLISH_REPO}/takserver-base:${TAG}
 
+	docker build -t ${PUBLISH_REPO}/takserver-config:${TAG} -f docker-files/Dockerfile.takserver-config --build-arg TAKSERVER_IMAGE_REPO=${PUBLISH_REPO}/takserver-base --build-arg TAKSERVER_IMAGE_TAG=${TAG} .
+	docker push ${PUBLISH_REPO}/takserver-config:${TAG}
+
 	docker build -t ${PUBLISH_REPO}/takserver-messaging:${TAG} -f docker-files/Dockerfile.takserver-messaging --build-arg TAKSERVER_IMAGE_REPO=${PUBLISH_REPO}/takserver-base --build-arg TAKSERVER_IMAGE_TAG=${TAG} .
 	docker push ${PUBLISH_REPO}/takserver-messaging:${TAG}
 
@@ -155,6 +159,7 @@ update_core_config() {
 	pushd ${CLUSTER_DIR}
 	if [[ ! -f CoreConfig.default.xml ]];then
 		cp CoreConfig.xml CoreConfig.default.xml
+		cp TAKIgniteConfig.xml TAKIgniteConfig.default.xml
 	fi
 
 	sed "s/DB_URL_PLACEHOLDER/jdbc:postgresql:\/\/${EXTERNAL_IP}:5432\/cot/g" CoreConfig.default.xml > CoreConfig.xml
@@ -175,16 +180,18 @@ deploy_local() {
 	# Start up a new minikube container
 	${MINIKUBE} stop || true
 	${MINIKUBE} delete || true
-	${MINIKUBE} start --memory=${MK_MEMORY} --cpus=${MK_CPU_COUNT} --kubernetes-version=${K8S_VERSION} --insecure-registry=${EXTERNAL_IP}:${DOCKER_REGISTRY_PORT} --driver=${MK_DRIVER}
-#	${MINIKUBE} addons enable ingress
-#	${KUBECTL} patch deployment -n ingress-nginx ingress-nginx-controller --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value":"--enable-ssl-passthrough"}]'  
-
+	${MINIKUBE} start --memory=${MK_MEMORY} --cpus=${MK_CPU_COUNT} --kubernetes-version=${K8S_VERSION} --insecure-registry=${EXTERNAL_IP}:${DOCKER_REGISTRY_PORT} --driver=${MK_DRIVER} --apiserver-port 9210
+	if [[ "${ENABLE_INGRESS}" == "true" ]];then
+		${MINIKUBE} addons enable ingress
+		${KUBECTL} patch deployment -n ingress-nginx ingress-nginx-controller --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value":"--enable-ssl-passthrough"}]'  
+	fi
 
 	# Crate the custom certificate store. Make sure admin.pem exists to ensure the admin user is activated and startup completes successfully!
 	${KUBECTL} create configmap cert-migration --from-file=${TAKSERVER_CERT_SOURCE} --dry-run=client -o yaml > deployments/helm/templates/cert-migration.yaml
 
 	update_core_config
 
+	${KUBECTL} create configmap tak-ignite-config --from-file=${CLUSTER_DIR}/TAKIgniteConfig.xml --dry-run=client -o yaml > deployments/helm/templates/tak-ignite-config.yaml
 	${KUBECTL} create configmap core-config --from-file=${CLUSTER_DIR}/CoreConfig.xml --dry-run=client -o yaml > deployments/helm/templates/core-config.yaml
 	if [[ -f readiness.py ]];then
 		${KUBECTL} create configmap readiness-config --from-file=readiness.py --dry-run=client -o yaml > deployments/helm/templates/readiness-config.yaml
@@ -232,6 +239,19 @@ delete_local_images() {
 }
 
 
+setup_ingress() {
+	if [[ "${ENABLE_INGRESS}" == "true" ]];then
+		${KUBECTL} apply -f minikube-ingress-loadbalancer.yaml
+		${KUBECTL} patch configmap tcp-services -n ingress-nginx --patch '{"data":{"8443":"takserver/takserver-api-service:8443"}}'
+		${KUBECTL} patch configmap tcp-services -n ingress-nginx --patch '{"data":{"8444":"takserver/takserver-api-service:8444"}}'
+		${KUBECTL} patch configmap tcp-services -n ingress-nginx --patch '{"data":{"8446":"takserver/takserver-api-service:8446"}}'
+		${KUBECTL} patch configmap tcp-services -n ingress-nginx --patch '{"data":{"8089":"takserver/takserver-messaging-service:8090"}}'
+		${KUBECTL} patch configmap tcp-services -n ingress-nginx --patch '{"data":{"9000":"takserver/takserver-messaging-service:9000"}}'
+		${KUBECTL} patch configmap tcp-services -n ingress-nginx --patch '{"data":{"9001":"takserver/takserver-messaging-service:9001"}}'
+		${KUBECTL} patch deployment ingress-nginx-controller -n ingress-nginx --patch "$(cat minikube-ingress-patch.yaml)"
+	fi
+}
+
 if [[ "${1}" == "--remove-local-images" ]];then
 	delete_local_images ${2} ${3}
 	exit 0
@@ -247,4 +267,4 @@ update_core_config
 build_docker
 get_dependencies
 deploy_local
-${KUBECTL} config set-context --current --namespace=takserver
+setup_ingress
diff --git a/src/takserver-takcl-core/scripts/starter.sh b/src/takserver-takcl-core/scripts/starter.sh
index bbf9b75a..5c49e484 100755
--- a/src/takserver-takcl-core/scripts/starter.sh
+++ b/src/takserver-takcl-core/scripts/starter.sh
@@ -6,11 +6,15 @@ START=false
 USE_COT_DB=false
 KILL_EXISTING_TAKSERVER=false
 
+START_RETENTION=false
+START_PM=false
+
 SERVER0_DOCKER_DB_IDENTIFIER=TakserverServer0DB
 POSTGRES_USER=martiuser
 POSTGRES_DB=cot
 POSTGRES_PORT=5432
 
+CONFIG_PID=null
 MESSAGING_PID=null
 API_PID=null
 PM_PID=null
@@ -32,10 +36,10 @@ if [[ "${2}" == "" ]];then
   exit 1
 fi
 
-if [[ -d "${2}" ]];then
-  echo The target test environment path should not exist!
-  exit 1
-fi
+#if [[ -d "${2}" ]];then
+#  echo The target test environment path should not exist!
+#  exit 1
+#fi
 
 DEPLOYMENT_DIR=${2}
 mkdir -p ${DEPLOYMENT_DIR}
@@ -48,7 +52,7 @@ JARGS="-Dloader.path=WEB-INF/lib-provided,WEB-INF/lib,WEB-INF/classes,file:lib/
     -Djava.security.egd=file:/dev/./urandom 
     -DIGNITE_UPDATE_NOTIFIER=false 
     -Djdk.tls.client.protocols=TLSv1.2 
-	-Dlogging.level.com.bbn=DEBUG 
+	  -Dlogging.level.com.bbn=DEBUG
     -Dlogging.level.tak=DEBUG 
     -Xmx2000m 
     -XX:+HeapDumpOnOutOfMemoryError"
@@ -84,6 +88,12 @@ ctrl_c() {
 	if [ $MESSAGING_PID != null ];then
 		kill -9 $MESSAGING_PID
 	fi
+
+	sleep 2
+
+	if [ $CONFIG_PID != null ];then
+		kill -9 $CONFIG_PID
+	fi
 }
 
 trap ctrl_c SIGINT
@@ -108,7 +118,7 @@ This script takes a single parameter, which can use a mix of the following chara
 the indicated startup tasks:
 
 \t(b)uild\t\tPerforms \`./gradlew clean buildRpm buildDocker\`
-\t(d)eploy\tDeploys takserver to /opt/tak
+\t(d)eploy\tDeploys takserver to the provided deployment dir
 \tsetup (c)ot databases\t\t Sets up DBs in docker and sets up the test script to use them
 \t(s)tart\t\tStarts the server
 \t(k)ill\t\tKills the currently running takserver, if one is running
@@ -154,7 +164,7 @@ fi
 
 if [ $BUILD == true ];then
 	echo BUILDING...
-	./gradlew clean buildRpm buildDocker
+	./gradlew --parallel clean buildRpm buildDocker
 	echo DONE
 fi
 
@@ -202,6 +212,7 @@ java $DB_JARGS
 
 	if [[ "${SERVER_SRC}" == "${DEFAULT_SERVER_SRC}" ]];then
 		cp "${SERVER_SRC}/CoreConfig.example.xml" "${DEPLOYMENT_DIR}/CoreConfig.xml"
+		cp "${SERVER_SRC}/TAKIgniteConfig.example.xml" "${DEPLOYMENT_DIR}/TAKIgniteConfig.xml"
 		if [[ "${USE_COT_DB}" == "true" ]];then
 			sed -i "s/password=\"\"/password=\"atakatak\"/g" "${DEPLOYMENT_DIR}/CoreConfig.xml"
 			sed -i "s/jdbc:postgresql:\/\/127.0.0.1:5432\/cot/jdbc:postgresql:\/\/${DOCKER0_IP}:5432\/cot/g" ${DEPLOYMENT_DIR}/CoreConfig.xml
@@ -216,8 +227,8 @@ java $DB_JARGS
 	echo DONE
 fi
 
-if [[ "${TAKCL_TEST_CERT_SRC_DIR}" != "" ]] && [[ -d "${TAKCL_TEST_CERT_SRC_DIR}" ]];then
-	cp -r ${TAKCL_TEST_CERT_SRC_DIR} ${DEPLOYMENT_DIR}/certs/files
+if [[ "${TAKSERVER_CERT_SOURCE}" != "" ]] && [[ -d "${TAKSERVER_CERT_SOURCE}" ]];then
+	cp -r ${TAKSERVER_CERT_SOURCE} ${DEPLOYMENT_DIR}/certs/files
 fi
 
 if [ $START == true ];then
@@ -240,21 +251,29 @@ if [ $START == true ];then
 	export JDK_JAVA_OPTIONS=${JARGS}
 
 	sync
-	
-	java -Dspring.profiles.active=messaging -jar takserver.war ${ARGS} &
+
+	java -Dspring.profiles.active=config -jar takserver.war ${ARGS} &
+	CONFIG_PID=$!
+  java -Dspring.profiles.active=messaging -jar takserver.war ${ARGS} &
 	MESSAGING_PID=$!
 	java -Dspring.profiles.active=api -jar takserver.war ${ARGS} &
 	API_PID=$!
-	java -jar takserver-pm.jar ${ARGS} &
-	PM_PID=$!
-	java -jar takserver-retention.jar &
-	RETENTION_PID=$!
 
+	if [[ "${START_PM}" == "true" ]];then
+		java -jar takserver-pm.jar ${ARGS} &
+		PM_PID=$!
+	fi
 
-	if [[ "${TAKCL_TEST_CERT_SRC_DIR}" != "" ]] && [[ -d "${TAKCL_TEST_CERT_SRC_DIR}" ]] &&  [[ "${TAKCL_ADMIN_CERT}" != "" ]] && [[ -f "${TAKCL_ADMIN_CERT}" ]] ;then
+	if [[ "${START_RETENTION}" == "true" ]];then
+		java -jar takserver-retention.jar &
+		RETENTION_PID=$!
+	fi
+
+
+	if [[ "${TAKSERVER_CERT_SOURCE}" != "" ]] && [[ -d "${TAKSERVER_CERT_SOURCE}" ]] && [[ -f "${TAKSERVER_CERT_SOURCE}/admin.pem" ]]; then
 		echo Sleeping 60 seconds before adding admin user...
 		sleep 60
-		java -jar ${DEPLOYMENT_DIR}/utils/UserManager.jar certmod -A ${TAKCL_ADMIN_CERT}
+		java -jar ${DEPLOYMENT_DIR}/utils/UserManager.jar certmod -A "${TAKSERVER_CERT_SOURCE}/admin.pem"
 	fi
 
 	echo DONE
@@ -282,6 +301,10 @@ if [ $START == true ];then
 			kill -9 ${MESSAGING_PID}
 		fi
 
+		if [[ ${CONFIG_PID} != null ]];then
+			echo CONFIG_PID=${CONFIG_PID}
+			kill -9 ${CONFIG_PID}
+		fi
 
 	}
 fi
diff --git a/src/takserver-takcl-core/scripts/suiterunner.py b/src/takserver-takcl-core/scripts/suiterunner.py
new file mode 100644
index 00000000..4debfa47
--- /dev/null
+++ b/src/takserver-takcl-core/scripts/suiterunner.py
@@ -0,0 +1,231 @@
+#!/usr/bin/env python3
+
+import argparse
+import glob
+import os
+import subprocess
+from typing import Dict
+from xml.etree import ElementTree
+from xml.etree.ElementTree import Element
+
+import sys
+
+parser = argparse.ArgumentParser()
+subparsers = parser.add_subparsers(dest='mode')
+run_group = subparsers.add_parser('run')
+validate_group = subparsers.add_parser('validate')
+validate_group.add_argument('--validation-target', type=str, default=None)
+
+if not os.path.exists('takserver-takcl-core'):
+    print("Please start the script from the src directory like './takserver-takcl-core/scripts/testrunner.sh'!",
+          file=sys.stderr)
+    exit(1)
+
+RESULTS_ROOT = os.path.abspath('TESTRUNNER_RESULTS')
+
+ALL_TESTS = {
+    # 'FedHubTests',
+    'FedHubTests.advancedFedHubTest',
+    'FedHubTests.basicFedHubTest',
+    'FedHubTests.basicMultiInputFedHubTest',
+    # 'FederationV1Tests',
+    'FederationV1Tests.advancedFederationTest',
+    'FederationV1Tests.basicFederationTest',
+    'FederationV1Tests.basicMultiInputFederationTest',
+    'FederationV1Tests.federateConnectionInitiatorWaitTest',
+    # 'FederationV2Tests',
+    'FederationV2Tests.advancedFederationTest',
+    'FederationV2Tests.basicFederationTest',
+    'FederationV2Tests.basicMultiInputFederationTest',
+    'FederationV2Tests.federateConnectionInitiatorWaitTest',
+    # 'GeneralTests',
+    'GeneralTests.LatestSAFileAuth',
+    'GeneralTests.LatestSAInputGroups',
+    'GeneralTests.anonWithGroupInputTest',
+    'GeneralTests.groupToNonGroup',
+    'GeneralTests.latestSAAnon',
+    'GeneralTests.latestSADisconnectTest',
+    'GeneralTests.mcastSendTest',
+    'GeneralTests.mcastTest',
+    'GeneralTests.sslTest',
+    'GeneralTests.streamTcpTest',
+    'GeneralTests.tcpTest',
+    'GeneralTests.udpTest',
+    # 'InputTests',
+    'InputTests.inputRemoveAddTest',
+    # 'PluginStartupTests',
+    'PluginStartupTests.pluginStartupValiationTest',
+    # 'PointToPointTests',
+    'PointToPointTests.basicPointToPointTest',
+    'PointToPointTests.callsignIdentificationTest',
+    'PointToPointTests.mixedIdentificationTest',
+    'PointToPointTests.uidIdentificationTest',
+    # 'StartupTests',
+    'StartupTests.jarStartupValiationTest',
+    # 'StreamingDataFeedsTests',
+    'StreamingDataFeedsTests.dataFeedRemoveAddTest',
+    # 'SubscriptionTests',
+    'SubscriptionTests.clientSubscriptions',
+    # 'UserManagementTests',
+    'UserManagementTests.UserManagerTest',
+    # 'WebsocketsFederationTests',
+    'WebsocketsFederationTests.advancedWebsocketsFederationV1Test',
+    'WebsocketsFederationTests.advancedWebsocketsFederationV2Test',
+    # 'WebsocketsTests',
+    'WebsocketsTests.basicSecureWebsocketTest',
+    'WebsocketsTests.simpleWSS',
+    'federationmissions.FederationEnterpriseFileSync',
+    'missions.EnterpriseFileSync',
+    'missions.MissionAddRetrieveRemove',
+    'missions.MissionDataFlowTests',
+    'missions.MissionFileSync',
+    'missions.MissionUserCustomRolesTests',
+    'missions.MissionUserDefaultRolesTests'
+}
+
+TEST_EXECUTION_LIST = [
+    # 'FedHubTests',
+    'FedHubTests.advancedFedHubTest',
+    'FedHubTests.basicFedHubTest',
+    'FedHubTests.basicMultiInputFedHubTest',
+    # 'FederationV1Tests',
+    # 'FederationV1Tests.advancedFederationTest',
+    # 'FederationV1Tests.basicFederationTest',
+    # 'FederationV1Tests.basicMultiInputFederationTest',
+    # 'FederationV1Tests.federateConnectionInitiatorWaitTest',
+    # 'FederationV2Tests',
+    'FederationV2Tests.advancedFederationTest',
+    'FederationV2Tests.basicFederationTest',
+    'FederationV2Tests.basicMultiInputFederationTest',
+    'FederationV2Tests.federateConnectionInitiatorWaitTest',
+    'GeneralTests',
+    'InputTests',
+    'PluginStartupTests',
+    'PointToPointTests.basicPointToPointTest',
+    'PointToPointTests.callsignIdentificationTest',
+    'PointToPointTests.mixedIdentificationTest',
+    'PointToPointTests.uidIdentificationTest',
+    'StreamingDataFeedsTests',
+    'SubscriptionTests',
+    'UserManagementTests',
+    # 'WebsocketsFederationTests.advancedWebsocketsFederationV1Test',
+    'WebsocketsFederationTests.advancedWebsocketsFederationV2Test',
+    # 'WebsocketsTests',
+    'WebsocketsTests.basicSecureWebsocketTest',
+    'WebsocketsTests.simpleWSS',
+    'federationmissions.FederationEnterpriseFileSync',
+    'missions.EnterpriseFileSync',
+    'missions.MissionAddRetrieveRemove',
+    'missions.MissionDataFlowTests',
+    'missions.MissionFileSync',
+    'missions.MissionUserCustomRolesTests',
+    'missions.MissionUserDefaultRolesTests',
+    'StartupTests'
+]
+
+def red(val: str):
+    return '\033[5;91m' + val + '\033[0m'
+    pass
+
+def green(val: str):
+    return '\033[33;32m' + val + '\033[0m'
+
+def display_results(pass_fail_dict: Dict[str, bool], duration_dict: Dict):
+    pass_fail_dict = dict(pass_fail_dict)
+    test_name_column_width = 0
+    for value in ALL_TESTS:
+        test_name_column_width = max(test_name_column_width, len(value))
+    test_name_column_width = test_name_column_width + 4
+
+    all_tests_sorted = sorted(ALL_TESTS)
+
+    print("|=======================================TEST RESULTS=======================================|")
+    print("| " + "Test Name".ljust(test_name_column_width) + '|  Result | Duration (s) |')
+
+    for test_name in all_tests_sorted:
+        if test_name in pass_fail_dict:
+            if pass_fail_dict[test_name]:
+                print('| ' + test_name.ljust(test_name_column_width) + '|    ' +
+                      green('PASS') + ' | ' + str(int(duration_dict[test_name])).rjust(12) + ' |')
+            else:
+                print('| ' + test_name.ljust(test_name_column_width) + '|    ' +
+                      red('FAIL') + ' | ' + str(int(duration_dict[test_name])).rjust(12) + ' |')
+            pass_fail_dict.pop(test_name)
+        else:
+            print('| ' + test_name.ljust(test_name_column_width) + '| ' +
+                  'NOT RUN' + ' | ' + 'n/a'.rjust(12) + ' |')
+
+    if len(pass_fail_dict) > 0:
+        print(red("|==================================UNACCOUNTED FOR TESTS===================================|"))
+        for test_name in sorted(pass_fail_dict.keys()):
+            if pass_fail_dict[test_name]:
+                print('| ' + test_name.ljust(test_name_column_width) + '|    ' +
+                      red('PASS') + ' | ' + str(int(duration_dict[test_name])).rjust(8) + ' |')
+            else:
+                print('| ' + test_name.ljust(test_name_column_width) + '|    ' +
+                      red('FAIL') + ' | ' + str(int(duration_dict[test_name])).rjust(8) + ' |')
+
+
+def validate_results(results_directory: str):
+    pass_fail_dict = dict()
+    duration_dict = dict()
+    for filepath in glob.glob(os.path.join(results_directory, '*')):
+        if filepath.endswith('.xml'):
+            try:
+                tree = ElementTree.parse(filepath)
+
+                root = tree.getroot()  # type: Element
+
+                testcase = root.find('testcase')
+
+                if isinstance(testcase, Element):
+                    if (testcase.get('classname').split('.')[-2] == 'missions' or
+                        testcase.get('classname').split('.')[-2] == 'federationmissions'):
+                        testname = testcase.get('classname').split('.')[-2] + '.' + \
+                                   testcase.get('classname').split('.')[-1]
+                        if testname in pass_fail_dict:
+                            pass_fail_dict[testname] = pass_fail_dict[testname] and testcase.find('error') is None
+                            duration_dict[testname] = duration_dict[testname] +  float(testcase.get('time'))
+                        else:
+                            pass_fail_dict[testname] = testcase.find('error') is None
+                            duration_dict[testname] = float(testcase.get('time'))
+                    else:
+                        testname = testcase.get('classname').split('.')[-1] + '.' + testcase.get('name')
+                        pass_fail_dict[testname] = testcase.find('error') is None
+                        duration_dict[testname] = float(testcase.get('time'))
+            except Exception as e:
+                pass
+
+    display_results(pass_fail_dict, duration_dict)
+
+
+def main():
+    args = parser.parse_args()
+
+    if args.mode == 'run':
+
+        for test in TEST_EXECUTION_LIST:
+            print("Running " + test + "....")
+            cmd = ['./takserver-takcl-core/scripts/testrunner.sh', 'run', test, '--unsafe-mode']
+            # print("CMD=" + ' '.join(cmd))
+            subprocess.call(cmd)
+            print("Finished running " + test + "!")
+
+        validate_results(RESULTS_ROOT)
+
+    elif args.mode == 'validate':
+        validation_target = RESULTS_ROOT if args.validation_target is None else args.validation_target
+
+        if not os.path.exists(validation_target):
+            print("The specified validation target directory '{d}' does not exist!".format(d=validation_target),
+                  file=sys.stderr)
+            exit(1)
+
+        validate_results(validation_target)
+
+    else:
+        parser.print_help()
+
+
+if __name__ == '__main__': \
+        main()
diff --git a/src/takserver-takcl-core/scripts/testrunner.sh b/src/takserver-takcl-core/scripts/testrunner.sh
index 56fd00b0..ef36c366 100755
--- a/src/takserver-takcl-core/scripts/testrunner.sh
+++ b/src/takserver-takcl-core/scripts/testrunner.sh
@@ -3,17 +3,11 @@
 set -e
 
 TAKCL_SERVER_LOG_LEVEL_OVERRIDES="com.bbn=TRACE tak=TRACE ${TAKCL_SERVER_LOG_LEVEL_OVERRIDES}"
-
+DB0_EXTERNAL_PORT=32445
+DB1_EXTERNAL_PORT=32446
+DB2_EXTERNAL_PORT=32447
 DOCKER_IMAGE='eclipse-temurin:17-jammy'
 
-# Rebuild and redeploy the test harness
-REDEPLOY_TAKCL=true
-
-# Rebuild and redeploy the UserManager, SchemaManager, PluginManager, and RetentionService
-REDEPLOY_AUXILLARY=false
-
-REDEPLOY_FEDHUB=false
-
 ping() {
 	set -e
 	nc ${1} ${2} -w 1 </dev/null >/dev/null 2>&1 && rval=$? || rval=$? && true
@@ -27,6 +21,9 @@ kill_db() {
 	if [[ "`docker ps | grep ${SERVER1_DOCKER_DB_IDENTIFIER}`" != "" ]];then
 		docker stop ${SERVER1_DOCKER_DB_IDENTIFIER}
 	fi
+	if [[ "`docker ps | grep ${SERVER2_DOCKER_DB_IDENTIFIER}`" != "" ]];then
+		docker stop ${SERVER2_DOCKER_DB_IDENTIFIER}
+	fi
 
 }
 
@@ -45,20 +42,41 @@ if [[ ! -d "takserver-takcl-core" ]];then
 	exit 1
 fi
 
-ARTIFACT_SRC="$(pwd)/takserver-package/build/takArtifacts"
 LOG_TARGET=$(pwd)/TESTRUNNER_RESULTS
 SERVER0_DOCKER_DB_IDENTIFIER=TakserverTestDB0
 SERVER1_DOCKER_DB_IDENTIFIER=TakserverTestDB1
+SERVER2_DOCKER_DB_IDENTIFIER=TakserverTestDB2
 USE_DB=false
 POSTGRES_USER=martiuser
 POSTGRES_DB=cot
 POSTGRES_PORT=5432
 
-if [[ ! -f "${ARTIFACT_SRC}/takserver.war" ]];then
+ARTIFACT_TEMPLATE_DIR="$(pwd)/takserver-package/build/takArtifacts"
+ARTIFACT_SRC="$(pwd)/takserver-package/build/testrunnerArtifacts"
+
+if [[ ! -f "${ARTIFACT_TEMPLATE_DIR}/takserver.war" ]] || [[ ! -d "takserver-package/federation-hub/build/artifacts/jars" ]] || [[ ! -d "takserver-package/federation-hub/build/artifacts/configs" ]];then
 	echo Please build the project with './gradlew clean buildDocker buildRpm' to populate the tak root source! Future executions will automatically update takserver.war but require setting variables at the top of this script to true for everything else!
 	exit 1
 fi
 
+if [[ -d "${ARTIFACT_SRC}" ]];then
+  rm -r "${ARTIFACT_SRC}"
+fi
+
+mkdir "${ARTIFACT_SRC}"
+
+if [[ ! -d "${ARTIFACT_SRC}/federation-hub" ]];then
+  mkdir "${ARTIFACT_SRC}/federation-hub"
+fi
+
+cp -r ${ARTIFACT_TEMPLATE_DIR}/* ${ARTIFACT_SRC}/
+cp takserver-package/federation-hub/build/artifacts/jars/* "${ARTIFACT_SRC}/federation-hub/"
+cp -r takserver-package/federation-hub/build/artifacts/configs "${ARTIFACT_SRC}/federation-hub/configs"
+cp federation-hub-broker/src/main/resources/federation-hub-broker.yml "${ARTIFACT_SRC}/federation-hub/configs/"
+cp takserver-takcl-core/plugin-test-libs/* "${ARTIFACT_SRC}/lib/"
+
+
+
 
 if [[ "${1}" == "run" ]];then
 	if [[ "${2}" == "" ]];then
@@ -76,10 +94,12 @@ if [[ "${1}" == "run" ]];then
 		USE_DB=true
 	fi
 
-	if [[ -d "${LOG_TARGET}" ]];then
+	if [[ -d "${LOG_TARGET}" ]] && [[ "${3}" != "--unsafe-mode" ]];then
 		echo Please remove the existing "${LOG_TARGET}" directory to continue!
 		exit 1
-	elif postgresql_running;then
+	fi
+
+	if postgresql_running;then
 		echo A local postgresql instance is already running! Please shut it down before proceeding!
 		exit 1
 	elif takserver_running;then
@@ -87,27 +107,6 @@ if [[ "${1}" == "run" ]];then
 		exit 1
 	fi
 
-
-	GRADLE_ARGS=" --parallel takserver-takcl-core:devDeployCore"
-	if [[ "${REDEPLOY_AUXILLARY}" == "true" ]];then
-		GRADLE_ARGS="${GRADLE_ARGS} takserver-takcl-core:devDeployAux"
-	else
-		echo OPEN SCRIPT AND set REDEPLOY_AUXILLARY=true TO BUILD PLUGIN MANAGER, RETENTION SERVICE, AND SCHEMA MANAGER!
-	fi
-
-	if [[ "${REDEPLOY_FEDHUB}" == "true" ]];then
-		GRADLE_ARGS="${GRADLE_ARGS} takserver-takcl-core:devDeployFedHub"
-	else
-		echo OPEN SCRIPT AND set REDEPLOY_FEDHUB=true TO BUILD FEDHUB!
-	fi
-
-	if [[ "${REDEPLOY_TAKCL}" == "true" ]];then
-		GRADLE_ARGS="${GRADLE_ARGS} takserver-takcl-core:devDeployTakcl"
-	fi
-
-	echo ./gradlew ${GRADLE_ARGS}
-	./gradlew ${GRADLE_ARGS}
-
 	mkdir -p ${LOG_TARGET}
 
 elif [[ "${1}" != "list" ]];then
@@ -128,7 +127,8 @@ else
 	CMD="
 	mkdir -p /opt/tak;
 	cp -R /opt/takbase/* /opt/tak/;
-	cp /opt/tak/CoreConfig.example.xml /opt/tak/CoreConfig.xml;"
+	cp /opt/tak/CoreConfig.example.xml /opt/tak/CoreConfig.xml;
+	cp /opt/tak/TAKIgniteConfig.example.xml /opt/tak/TAKIgniteConfig.xml; "
 
 	if [[ "${USE_DB}" == "true" ]];then
 		# Kill existing database instance
@@ -144,6 +144,7 @@ else
 				--env POSTGRES_HOST_AUTH_METHOD=trust \
 				--env POSTGRES_USER=${POSTGRES_USER} \
 				--env POSTGRES_DB=${POSTGRES_DB} \
+				-p ${DB0_EXTERNAL_PORT}:5432 \
 				postgis/postgis:15-3.3
 		fi
 
@@ -153,6 +154,17 @@ else
 				--env POSTGRES_HOST_AUTH_METHOD=trust \
 				--env POSTGRES_USER=${POSTGRES_USER} \
 				--env POSTGRES_DB=${POSTGRES_DB} \
+				-p ${DB1_EXTERNAL_PORT}:5432 \
+				postgis/postgis:15-3.3
+		fi
+
+		if [[ "`docker ps | grep ${SERVER2_DOCKER_DB_IDENTIFIER}`" == "" ]];then
+			docker run -it -d --rm --name ${SERVER2_DOCKER_DB_IDENTIFIER} \
+				--env POSTGRES_PASSWORD=${TAKCL_SERVER_POSTGRES_PASSWORD} \
+				--env POSTGRES_HOST_AUTH_METHOD=trust \
+				--env POSTGRES_USER=${POSTGRES_USER} \
+				--env POSTGRES_DB=${POSTGRES_DB} \
+				-p ${DB2_EXTERNAL_PORT}:5432 \
 				postgis/postgis:15-3.3
 		fi
 
@@ -160,22 +172,27 @@ else
 		# Get instance details and set them as necessary
 		DOCKER0_IP=`docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${SERVER0_DOCKER_DB_IDENTIFIER}`
 		DOCKER1_IP=`docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${SERVER1_DOCKER_DB_IDENTIFIER}`
-		JARGS="${JARGS} -Dcom.bbn.marti.takcl.server0DbHost=${DOCKER0_IP} -Dcom.bbn.marti.takcl.server1DbHost=${DOCKER1_IP}"
+		DOCKER2_IP=`docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${SERVER2_DOCKER_DB_IDENTIFIER}`
+		JARGS="${JARGS} -Dcom.bbn.marti.takcl.server0DbHost=${DOCKER0_IP} -Dcom.bbn.marti.takcl.server1DbHost=${DOCKER1_IP} -Dcom.bbn.marti.takcl.server2DbHost=${DOCKER2_IP}"
 
 #		CMD="${CMD}
-#		sed -i 's|<connection url=\"jdbc:postgresql://127.0.0.1:5432/cot\" username=\"martiuser\" password=\"\" />|<connection url=\"jdbc:postgresql://${DOCKER0_IP}:5432/cot\" username=\"${POSTGRES_USER}\" password=\"${TAKCL_SERVER_POSTGRES_PASSWORD}\"/>|g' /opt/tak/CoreConfig.xml;"
+#		 sed -i 's|<connection url=\"jdbc:postgresql://127.0.0.1:5432/cot\" username=\"martiuser\" password=\"\" />|<connection url=\"jdbc:postgresql://${DOCKER0_IP}:5432/cot\" username=\"${POSTGRES_USER}\" password=\"${TAKCL_SERVER_POSTGRES_PASSWORD}\"/>|g' /opt/tak/CoreConfig.xml;"
 
 		echo Waiting for DB to settle...
 		sleep 20
-		echo Locally executing "java -jar ${ARTIFACT_SRC}/db-utils/SchemaManager.jar -url jdbc:postgresql://${DOCKER0_IP}:5432/cot -user ${POSTGRES_USER} -password ${TAKCL_SERVER_POSTGRES_PASSWORD} upgrade"
-		java -jar ${ARTIFACT_SRC}/db-utils/SchemaManager.jar -url jdbc:postgresql://${DOCKER0_IP}:5432/cot -user ${POSTGRES_USER} -password ${TAKCL_SERVER_POSTGRES_PASSWORD} upgrade
-		echo Locally executing "java -jar ${ARTIFACT_SRC}/db-utils/SchemaManager.jar -url jdbc:postgresql://${DOCKER1_IP}:5432/cot -user ${POSTGRES_USER} -password ${TAKCL_SERVER_POSTGRES_PASSWORD} upgrade"
-		java -jar ${ARTIFACT_SRC}/db-utils/SchemaManager.jar -url jdbc:postgresql://${DOCKER1_IP}:5432/cot -user ${POSTGRES_USER} -password ${TAKCL_SERVER_POSTGRES_PASSWORD} upgrade
+		echo Locally executing "java -jar ${ARTIFACT_SRC}/db-utils/SchemaManager.jar -url jdbc:postgresql://127.0.0.1:${DB0_EXTERNAL_PORT}/cot -user ${POSTGRES_USER} -password ${TAKCL_SERVER_POSTGRES_PASSWORD} upgrade"
+		java -jar ${ARTIFACT_SRC}/db-utils/SchemaManager.jar -url jdbc:postgresql://127.0.0.1:${DB0_EXTERNAL_PORT}/cot -user ${POSTGRES_USER} -password ${TAKCL_SERVER_POSTGRES_PASSWORD} upgrade
+
+		echo Locally executing "java -jar ${ARTIFACT_SRC}/db-utils/SchemaManager.jar -url jdbc:postgresql://127.0.0.1:${DB1_EXTERNAL_PORT}/cot -user ${POSTGRES_USER} -password ${TAKCL_SERVER_POSTGRES_PASSWORD} upgrade"
+		java -jar ${ARTIFACT_SRC}/db-utils/SchemaManager.jar -url jdbc:postgresql://127.0.0.1:${DB1_EXTERNAL_PORT}/cot -user ${POSTGRES_USER} -password ${TAKCL_SERVER_POSTGRES_PASSWORD} upgrade
+
+		echo Locally executing "java -jar ${ARTIFACT_SRC}/db-utils/SchemaManager.jar -url jdbc:postgresql://127.0.0.1:${DB2_EXTERNAL_PORT}/cot -user ${POSTGRES_USER} -password ${TAKCL_SERVER_POSTGRES_PASSWORD} upgrade"
+		java -jar ${ARTIFACT_SRC}/db-utils/SchemaManager.jar -url jdbc:postgresql://127.0.0.1:${DB2_EXTERNAL_PORT}/cot -user ${POSTGRES_USER} -password ${TAKCL_SERVER_POSTGRES_PASSWORD} upgrade
+
 
 	else
 		JARGS="${JARGS} -Dcom.bbn.marti.takcl.dbEnabled=false"
-		CMD="${CMD}
-		sed -i 's/<repository enable=\"true\"/<repository enable=\"false\"/g' /opt/tak/CoreConfig.xml;"
+		CMD="${CMD}	sed -i 's/<repository enable=\"true\"/<repository enable=\"false\"/g' /opt/tak/CoreConfig.xml;"
 	fi
 
 	CMD="${CMD}
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/AppModules/TAKCLConfigModule.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/AppModules/TAKCLConfigModule.java
index 0bd7c755..e2ad1cf5 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/AppModules/TAKCLConfigModule.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/AppModules/TAKCLConfigModule.java
@@ -13,8 +13,9 @@
 import org.apache.commons.io.FileUtils;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
+import tak.server.util.JAXBUtils;
 
-import javax.xml.bind.JAXBException;
+import jakarta.xml.bind.JAXBException;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -128,6 +129,10 @@ public String getCleanConfigFilepath() {
 		return Paths.get(getTakServerPath(), fileRouter.getRunnableServerConfig().getCleanConfigFile()).toString();
 	}
 
+	public String getCleanTAKIgniteConfigFilepath() {
+		return Paths.get(getTakServerPath(), fileRouter.getRunnableServerConfig().getCleanTAKIgniteConfigFile()).toString();
+	}
+
 	/**
 	 * Sets the location the the server. This is used to indicate where the CoreConfig.xml is and other related files
 	 * modified by TAKCL
@@ -137,7 +142,7 @@ public String getCleanConfigFilepath() {
 	 */
 	@Command(description = "Sets the location of the server and CoreConfig.xml.")
 	public void setTAKServerPath(String path) {
-        fileRouter.getRunnableServerConfig().setModelServerDir(path);
+		fileRouter.getRunnableServerConfig().setModelServerDir(path);
 		saveChanges();
 	}
 
@@ -210,10 +215,18 @@ public String getServerConfigFilepath() {
 		return Paths.get(getTakServerPath(), fileRouter.getRunnableServerConfig().getConfigFile()).toString();
 	}
 
+	public String getServerTAKIgniteConfigFilepath() {
+		return Paths.get(getTakServerPath(), fileRouter.getRunnableServerConfig().getTAKIgniteConfigFile()).toString();
+	}
+
 	public String getServerConfigFilepath(@NotNull String serverIdentifier) {
 		return Paths.get(getTakServerPath(serverIdentifier), fileRouter.getRunnableServerConfig().getConfigFile()).toString();
 	}
 
+	public String getServerTAKIgniteConfigFilepath(@NotNull String serverIdentifier) {
+		return Paths.get(getTakServerPath(serverIdentifier), fileRouter.getRunnableServerConfig().getTAKIgniteConfigFile()).toString();
+	}
+
 	public String getServerUserFile() {
 		return Paths.get(getTakServerPath(), fileRouter.getRunnableServerConfig().getUserFile()).toString();
 	}
@@ -331,32 +344,32 @@ public FileRouter() {
 
 				String sysPropConfigFilepath = TAKCLCore.TakclOption.TakclConfigPath.getStringOrNull();
 				if (sysPropConfigFilepath != null) {
-					sysPropTakclConfiguration = Util.loadJAXifiedXML(sysPropConfigFilepath, TAKCLConfiguration.class.getPackage().getName());
+					sysPropTakclConfiguration = JAXBUtils.loadJAXifiedXML(sysPropConfigFilepath, TAKCLConfiguration.class.getPackage().getName());
 				} else {
 					sysPropTakclConfiguration = null;
 				}
 
 				if (Files.exists(configFilepath = Paths.get(workingPath, DEFAULT_LOCAL_CONFIG_FILE_LOCATION))) {
-					takclConfiguration = Util.loadJAXifiedXML(configFilepath.toString(), TAKCLConfiguration.class.getPackage().getName());
+					takclConfiguration = JAXBUtils.loadJAXifiedXML(configFilepath.toString(), TAKCLConfiguration.class.getPackage().getName());
 
 				} else if (Files.exists(configFilepath = Paths.get(localPath, DEFAULT_LOCAL_CONFIG_FILE_LOCATION))) {
-					takclConfiguration = Util.loadJAXifiedXML(configFilepath.toString(), TAKCLConfiguration.class.getPackage().getName());
+					takclConfiguration = JAXBUtils.loadJAXifiedXML(configFilepath.toString(), TAKCLConfiguration.class.getPackage().getName());
 
 				} else if (Files.exists(configFilepath = Paths.get(workingPath, DEFAULT_TAKA_CONFIG_FILE_LOCATION))) {
-					takaConfiguration = Util.loadJAXifiedXML(configFilepath.toString(), TAKAConfiguration.class.getPackage().getName());
+					takaConfiguration = JAXBUtils.loadJAXifiedXML(configFilepath.toString(), TAKAConfiguration.class.getPackage().getName());
 
 				} else if (Files.exists(configFilepath = Paths.get(workingPath, DEFAULT_CONFIG_FILE_LOCATION))) {
-					takclConfiguration = Util.loadJAXifiedXML(configFilepath.toString(), TAKCLConfiguration.class.getPackage().getName());
+					takclConfiguration = JAXBUtils.loadJAXifiedXML(configFilepath.toString(), TAKCLConfiguration.class.getPackage().getName());
 
 				} else if (Files.exists(configFilepath = Paths.get(localPath, DEFAULT_TAKA_CONFIG_FILE_LOCATION))) {
-					takaConfiguration = Util.loadJAXifiedXML(configFilepath.toString(), TAKAConfiguration.class.getPackage().getName());
+					takaConfiguration = JAXBUtils.loadJAXifiedXML(configFilepath.toString(), TAKAConfiguration.class.getPackage().getName());
 
 				} else if (Files.exists(configFilepath = Paths.get(localPath, DEFAULT_CONFIG_FILE_LOCATION))) {
-					takclConfiguration = Util.loadJAXifiedXML(configFilepath.toString(), TAKCLConfiguration.class.getPackage().getName());
+					takclConfiguration = JAXBUtils.loadJAXifiedXML(configFilepath.toString(), TAKCLConfiguration.class.getPackage().getName());
 				} else {
 					InputStream takclConfigStream = TAKCLConfigModule.class.getClassLoader().getResourceAsStream("TAKCLConfig.xml");
 					if (takclConfigStream != null) {
-						takclConfiguration = Util.loadJAXifiedXML(takclConfigStream, TAKCLConfiguration.class.getPackage().getName());
+						takclConfiguration = JAXBUtils.loadJAXifiedXML(takclConfigStream, TAKCLConfiguration.class.getPackage().getName());
 					}
 				}
 
@@ -506,11 +519,11 @@ private String getAbsoluteFilePath(@NotNull String filename, boolean mustExist)
 		public void saveChanges() {
 			try {
 				if (takclConfiguration != null) {
-					Util.saveJAXifiedObject(configFilepath, takclConfiguration, true);
+					JAXBUtils.saveJAXifiedObject(configFilepath, takclConfiguration, true);
 				}
 
 				if (takaConfiguration != null) {
-					Util.saveJAXifiedObject(configFilepath, takaConfiguration, true);
+					JAXBUtils.saveJAXifiedObject(configFilepath, takaConfiguration, true);
 				}
 			} catch (IOException | JAXBException e) {
 				throw new RuntimeException(e);
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/TAKCLCore.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/TAKCLCore.java
index 78e77096..0e36ac4c 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/TAKCLCore.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/TAKCLCore.java
@@ -40,9 +40,12 @@ public class TAKCLCore {
 	public static final boolean igniteScanInterfaces;
 	@Nullable
 	public static final String coreConfigPath;
+	@Nullable
+	public static final String takIgniteConfigPath;
 	public static final boolean cliIgnoreCoreConfig;
 	public static final long igniteManualRetryTimeout;
 	public static boolean useTakclIgniteConfig;
+	public static final boolean disableConfigProcess;
 	public static final boolean disableMessagingProcess;
 	public static final boolean disableApiProcess;
 
@@ -87,11 +90,13 @@ public enum TakclOption {
 		IgnitePortRangeOverride(SYSARG_PREFIX + "ignitePortRangeOverride", "TAKCL_IGNITE_PORT_RANGE_OVERRIDE", null, false),
 		IgniteIpAddressOverride(SYSARG_PREFIX + "igniteIpAddressOverride", "TAKCL_IGNITE_IP_ADDRESS_OVERRIDE", null, false),
 		CoreConfigPath(SYSARG_PREFIX + "coreConfigPath", "TAKCL_CORECONFIG_PATH", null, false),
+		TakIgniteConfigPath(SYSARG_PREFIX + "takIgniteConfigPath", "TAKCL_TAKIGNITECONFIG_PATH", null, false),
 		UserManagerTimeout("com.bbn.marti.usermanager.timeout", "USERMANAGER_TIMEOUT", "120000", false),
 		CliIgnoreCoreConfig(SYSARG_PREFIX + "ignoreCoreConfig", "TAKCL_CLI_IGNORE_CORE_CONFIG", "false", true),
 		TakclConfigPath(SYSARG_PREFIX + "config.filepath", "TAKCL_CONFIG_PATH", null, false),
 		// TODO: This is a hack. We should figure out why the tests don't like the ConfigurationHolder from takserver-common
 		UseTakclIgniteConfig(SYSARG_PREFIX + "takclIgniteConfig", "TAKCL_IGNITE_CONFIG", "true", true),
+		DisableConfigProcess(SYSARG_PREFIX + "disableConfigProcess", "TAKCL_DISABLE_CONFIG_PROCESS", "false", true),
 		DisableMessagingProcess(SYSARG_PREFIX + "disableMessagingProcess", "TAKCL_DISABLE_MESSAGING_PROCESS", "false", true),
 		DisableApiProcess(SYSARG_PREFIX + "disableApiProcess", "TAKCL_DISABLE_API_PROCESS", "false", true),
 		DisableFederationHubProcess(SYSARG_PREFIX + "disableFederationHubProcess", "TAKCL_DISABLE_FEDERATION_HUB_PROCESS", "true", true),
@@ -237,9 +242,11 @@ public static void printConfigValues() {
 		ignitePortOverride = TakclOption.IgnitePortOverride.getIntegerOrNull();
 		ignitePortRangeOverride = TakclOption.IgnitePortRangeOverride.getIntegerOrNull();
 		igniteIpAddressOverride = TakclOption.IgniteIpAddressOverride.getStringOrNull();
+		takIgniteConfigPath = TakclOption.TakIgniteConfigPath.getStringOrNull();
 		coreConfigPath = TakclOption.CoreConfigPath.getStringOrNull();
 		cliIgnoreCoreConfig = TakclOption.CliIgnoreCoreConfig.getBoolean();
 		useTakclIgniteConfig = TakclOption.UseTakclIgniteConfig.getBoolean() && TestExceptions.USE_TAKCL_IGNITE_CONFIGURATION_AS_INDICATED;
+		disableConfigProcess = TakclOption.DisableConfigProcess.getBoolean();
 		disableMessagingProcess = TakclOption.DisableMessagingProcess.getBoolean();
 		disableApiProcess = TakclOption.DisableApiProcess.getBoolean();
 		disableFederationHubProcess = TakclOption.DisableFederationHubProcess.getBoolean();
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/TakclIgniteHelper.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/TakclIgniteHelper.java
index 3df3a86f..506421ea 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/TakclIgniteHelper.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/TakclIgniteHelper.java
@@ -1,12 +1,19 @@
 package com.bbn.marti.takcl;
 
-import com.bbn.marti.config.Buffer;
-import com.bbn.marti.config.Cluster;
-import com.bbn.marti.config.Configuration;
-import com.bbn.marti.remote.groups.FileUserManagementInterface;
-import com.bbn.marti.remote.service.InputManager;
-import com.bbn.marti.takcl.cli.EndUserReadableException;
-import com.bbn.marti.test.shared.data.servers.AbstractServerProfile;
+import java.io.FileNotFoundException;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.net.SocketException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.atomic.AtomicInteger;
+import jakarta.xml.bind.JAXBException;
+
 import org.apache.ignite.Ignite;
 import org.apache.ignite.Ignition;
 import org.apache.ignite.cluster.ClusterGroup;
@@ -19,18 +26,24 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import org.slf4j.Logger;
+
+import com.bbn.marti.config.TAKIgniteConfiguration;
+import com.bbn.marti.remote.groups.FileUserManagementInterface;
+import com.bbn.marti.remote.service.InputManager;
+import com.bbn.marti.takcl.cli.EndUserReadableException;
+import com.bbn.marti.test.shared.data.servers.AbstractServerProfile;
+
 import tak.server.Constants;
 import tak.server.ignite.IgniteConfigurationHolder;
+import tak.server.util.JAXBUtils;
 
-import javax.xml.bind.JAXBException;
-import java.io.FileNotFoundException;
-import java.net.InetAddress;
-import java.net.NetworkInterface;
-import java.net.SocketException;
-import java.util.*;
-import java.util.concurrent.atomic.AtomicInteger;
-
-import static com.bbn.marti.takcl.TAKCLCore.*;
+import static com.bbn.marti.takcl.TAKCLCore.igniteManualRetryTimeout;
+import static com.bbn.marti.takcl.TAKCLCore.igniteNetworkTimeout;
+import static com.bbn.marti.takcl.TAKCLCore.ignitePortOverride;
+import static com.bbn.marti.takcl.TAKCLCore.ignitePortRangeOverride;
+import static com.bbn.marti.takcl.TAKCLCore.igniteScanInterfaces;
+import static com.bbn.marti.takcl.TAKCLCore.k8sMode;
+import static com.bbn.marti.takcl.TAKCLCore.useTakclIgniteConfig;
 
 public class TakclIgniteHelper {
 
@@ -43,41 +56,41 @@ public class TakclIgniteHelper {
 	private static final AtomicInteger identifierCounter = new AtomicInteger();
 
 	public static final void overrideServerConfigurationFromCoreConfig(@NotNull AbstractServerProfile serverProfile,
-	                                                                   @NotNull Configuration serverConfiguration) {
+																	   @NotNull TAKIgniteConfiguration serverIgniteConfiguration) {
 		if (serverConfigurationMap.containsKey(serverProfile.getConsistentUniqueReadableIdentifier())) {
 			logger.warn("Override already configured for '" + serverProfile.getConsistentUniqueReadableIdentifier() + "'!");
 			return;
 		}
-		logger.debug("Using Ignite configuration details from CoreConfig.xml");
-
-		if (serverConfiguration.getCluster() == null) {
-			serverConfiguration.setCluster(new Cluster());
-		}
-		Cluster clusterConfig = serverConfiguration.getCluster();
-		Buffer bufferConfig = serverConfiguration.getBuffer();
+		logger.debug("Using Ignite configuration details from TAKIgniteConfig.xml");
 
 		String igniteProfile = "takcl" + identifierCounter.getAndIncrement();
-		String igniteHost = bufferConfig.getIgniteHost();
-		boolean isCluster = clusterConfig.isEnabled();
-		boolean isKubernetes = clusterConfig.isKubernetes();
+		String igniteHost = serverIgniteConfiguration.getIgniteHost();
+		boolean isCluster = serverIgniteConfiguration.isClusterEnabled();
+		boolean isKubernetes = serverIgniteConfiguration.isClusterKubernetes();
 		boolean useEmbeddedIgnite = false;
-		boolean isIgniteMulticast = bufferConfig.isIgniteMulticast();
-		Integer igniteNonMulticastDiscoveryPort = bufferConfig.getIgniteNonMulticastDiscoveryPort();
-		Integer igniteNonMulticastDiscoveryPortCount = bufferConfig.getIgniteNonMulticastDiscoveryPortCount();
-		int igniteCommunicationPort = bufferConfig.getIgniteCommunicationPort();
-		int igniteCommunicationPortCount = bufferConfig.getIgniteCommunicationPortCount();
-		int igniteQueueCapacity = bufferConfig.getQueue().getCapacity();
-		long workerTimeoutMS = bufferConfig.getIgniteWorkerTimeoutMilliseconds();
-
-		IgniteConfigurationHolder ich = new IgniteConfigurationHolder();
-
-		IgniteConfiguration igniteConfig = ich.getIgniteConfiguration(igniteProfile, igniteHost, isCluster, isKubernetes,
-				useEmbeddedIgnite, isIgniteMulticast, igniteNonMulticastDiscoveryPort, igniteNonMulticastDiscoveryPortCount,
-				igniteCommunicationPort, igniteCommunicationPortCount, igniteQueueCapacity, workerTimeoutMS, serverConfiguration.getBuffer().getQueue().getCacheOffHeapInitialSizeBytes(), serverConfiguration.getBuffer().getQueue().getCacheOffHeapMaxSizeBytes(),
-				-1, false, -1.f, false, false, -1, true, -1, -1, -1);
+		boolean isIgniteMulticast = serverIgniteConfiguration.isIgniteMulticast();
+		Integer igniteNonMulticastDiscoveryPort = serverIgniteConfiguration.getIgniteNonMulticastDiscoveryPort();
+		Integer igniteNonMulticastDiscoveryPortCount = serverIgniteConfiguration.getIgniteNonMulticastDiscoveryPortCount();
+		int igniteCommunicationPort = serverIgniteConfiguration.getIgniteCommunicationPort();
+		int igniteCommunicationPortCount = serverIgniteConfiguration.getIgniteCommunicationPortCount();
+		int igniteQueueCapacity = serverIgniteConfiguration.getCapacity();
+		long workerTimeoutMS = serverIgniteConfiguration.getIgniteWorkerTimeoutMilliseconds();
+
+		TAKIgniteConfiguration takIgniteConfig = IgniteConfigurationHolder.getInstance().getTAKIgniteConfiguration(
+				igniteHost, isCluster, isKubernetes,	useEmbeddedIgnite, isIgniteMulticast,
+				igniteNonMulticastDiscoveryPort, igniteNonMulticastDiscoveryPortCount,
+				igniteCommunicationPort, igniteCommunicationPortCount, igniteQueueCapacity, workerTimeoutMS,
+				serverIgniteConfiguration.getCacheOffHeapInitialSizeBytes(),
+				serverIgniteConfiguration.getCacheOffHeapMaxSizeBytes(),
+				-1, false, -1.f, false,
+				false, -1, true,
+				-1, -1, -1);
+
+		IgniteConfiguration igniteConfig =  IgniteConfigurationHolder.getInstance().getIgniteConfiguration(igniteProfile, takIgniteConfig);
 		igniteConfig.setGridLogger(new Slf4jLogger(TAKCLogging.getLogger("org.apache.ignite")));
 
 
+
 		if (TAKCLCore.igniteClientFailureDetectionTimeout != null) {
 			logger.trace("Setting clientFailureDetectionTimout to " + TAKCLCore.igniteClientFailureDetectionTimeout);
 			igniteConfig.setClientFailureDetectionTimeout(TAKCLCore.igniteClientFailureDetectionTimeout);
@@ -128,6 +141,7 @@ public static final void overrideServerConfigurationFromCoreConfig(@NotNull Abst
 			}
 		}
 
+
 		serverConfigurationMap.put(serverProfile.getConsistentUniqueReadableIdentifier(), igniteConfig);
 	}
 
@@ -290,7 +304,7 @@ private static synchronized TakclIgniteInstance getIgnite(AbstractServerProfile
 
 		IgniteConfiguration igniteConfiguration;
 		if (serverConfigurationMap.containsKey(tag)) {
-			logger.debug("Getting Existing Server Configuration from CoreConfig.xml for " + serverProfile);
+			logger.debug("Getting Existing Server Configuration from TAKIgniteConfig.xml for " + serverProfile);
 			igniteConfiguration = serverConfigurationMap.get(tag);
 
 		} else if (k8sMode) {
@@ -303,8 +317,8 @@ private static synchronized TakclIgniteInstance getIgnite(AbstractServerProfile
 				if (useTakclIgniteConfig) {
 					igniteConfiguration = createOldIgniteConfiguration(serverProfile);
 				} else {
-					Configuration config = Util.loadJAXifiedXML(serverProfile.getConfigFilePath(), Configuration.class.getPackage().getName());
-					overrideServerConfigurationFromCoreConfig(serverProfile, config);
+					TAKIgniteConfiguration takIgniteConfig = JAXBUtils.loadJAXifiedXML(serverProfile.getTAKIgniteConfigFilePath(), TAKIgniteConfiguration.class.getPackage().getName());
+					overrideServerConfigurationFromCoreConfig(serverProfile, takIgniteConfig);
 					igniteConfiguration = serverConfigurationMap.get(tag);
 				}
 			} catch (FileNotFoundException | JAXBException e) {
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/Util.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/Util.java
index 896190a7..c528be00 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/Util.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/Util.java
@@ -1,6 +1,7 @@
 package com.bbn.marti.takcl;
 
 import com.bbn.marti.config.Configuration;
+import com.bbn.marti.config.TAKIgniteConfiguration;
 import com.bbn.marti.takcl.AppModules.TAKCLConfigModule;
 import com.bbn.marti.xml.bindings.UserAuthenticationFile;
 import com.google.common.base.Strings;
@@ -8,17 +9,21 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import org.slf4j.Logger;
+import tak.server.util.JAXBUtils;
+
+import jakarta.xml.bind.JAXBException;
+import java.io.IOException;
 
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import java.io.*;
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
+import java.util.Set;
 
 /**
  * Created on 11/2/15.
@@ -31,76 +36,6 @@ public class Util {
 
 	private static final Random random = new Random();
 
-	/**
-	 * Parses an XML resource stream to the specified packageName.  It assumes the packageName is valid and that is has been
-	 * generated from the schema
-	 *
-	 * @param xmlInputStream The input stream for the XML data to load
-	 * @param packageName    The getConsistentUniqueReadableIdentifier of the package that corresponds to the contents of the file
-	 * @param <T>            The type corresponding to the packagename
-	 * @return The object of type {@link T} if the file exists, null if it does not
-	 * @throws FileNotFoundException If the file was not found
-	 * @throws JAXBException         If a parsing exception occurs
-	 */
-	public static <T> T loadJAXifiedXML(InputStream xmlInputStream, String packageName) throws FileNotFoundException, JAXBException {
-		JAXBContext jc = JAXBContext.newInstance(packageName);
-		Unmarshaller u = jc.createUnmarshaller();
-		return (T) u.unmarshal(xmlInputStream);
-	}
-
-
-	/**
-	 * Parses an XML file to the specified packageName.  It assumes the packageName is valid and that is has been
-	 * generated from the schema
-	 *
-	 * @param xmlFile     The file to open
-	 * @param packageName The getConsistentUniqueReadableIdentifier of the package that corresponds to the contents of the file
-	 * @param <T>         The type corresponding to the packagename
-	 * @return The object of type {@link T} if the file exists, null if it does not
-	 * @throws FileNotFoundException If the file was not found
-	 * @throws JAXBException         If a parsing exception occurs
-	 */
-	public static <T> T loadJAXifiedXML(String xmlFile, String packageName) throws FileNotFoundException, JAXBException {
-		File f = new File(xmlFile);
-		InputStream is = new FileInputStream(f);
-		return loadJAXifiedXML(is, packageName);
-	}
-
-
-	/**
-	 * Saves The object created with JAXB to an xml file
-	 *
-	 * @param xmlFile              The target file
-	 * @param obj                  THe object to serialize
-	 * @param createNewIfNecessary If true, a new file will be created if one does not exist
-	 * @throws IOException   If an IOException occurs. May result in a mangled file
-	 * @throws JAXBException If a JAXBException occurs. Will not result in a mangled file
-	 */
-	public static void saveJAXifiedObject(String xmlFile, Object obj, boolean createNewIfNecessary) throws IOException, JAXBException {
-		// First write it into a ByteArrayOutputStream so JAXBExceptions don't result in a mangled original file
-		ByteArrayOutputStream baos = new ByteArrayOutputStream();
-		String packageName = obj.getClass().getPackage().getName();
-		JAXBContext jc = JAXBContext.newInstance(packageName);
-		Marshaller m = jc.createMarshaller();
-		m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
-		m.marshal(obj, baos);
-
-		// Yay, not JAXBException. Now write to the file
-		File file = new File(xmlFile);
-
-		// Create a new file if necessary and allowed
-		if (!file.exists() && createNewIfNecessary) {
-			file.createNewFile();
-		}
-
-		// Write to the file
-		OutputStream fos = new FileOutputStream(file);
-		baos.writeTo(fos);
-		fos.flush();
-		fos.close();
-	}
-
-
 	@NotNull
 	public static String getBestHost(@Nullable String potentialHost) {
 		if (potentialHost != null) {
@@ -177,18 +112,18 @@ public static String getUserDisplayString(UserAuthenticationFile.User user) {
 
 		sb.append("\tUsername:      \'").append(user.getIdentifier()).append("\'\n");
 		sb.append("\tRole:          ").append(user.getRole().value()).append("\n");
-		
+
 		if (!Strings.isNullOrEmpty(user.getFingerprint())) {
 			sb.append("\tFingerprint:   ").append(user.getFingerprint()).append("\n");
 		}
-		
+
 		if (!user.getGroupList().isEmpty()) {
-			
+
 			sb.append("\tGroups (read and write permission):        \n");
 			if (showAll) {
 				sb.append("\t");
 			}
-			
+
 			for (String group : user.getGroupList()) {
 				if (showAll) {
 					sb.append(group).append(", ");
@@ -198,7 +133,7 @@ public static String getUserDisplayString(UserAuthenticationFile.User user) {
 				}
 			}
 		}
-		
+
 		if (!user.getGroupListIN().isEmpty()) {
 			sb.append("\tGroups IN (write permission):        \n");
 			if (showAll) {
@@ -213,7 +148,7 @@ public static String getUserDisplayString(UserAuthenticationFile.User user) {
 				}
 			}
 		}
-		
+
 		if (!user.getGroupListOUT().isEmpty()) {
 			sb.append("\tGroups OUT (read permission):        \n");
 			if (showAll) {
@@ -228,11 +163,11 @@ public static String getUserDisplayString(UserAuthenticationFile.User user) {
 				}
 			}
 		}
-		
+
 		if (user.getGroupList().isEmpty() && user.getGroupListIN().isEmpty() && user.getGroupListOUT().isEmpty()) {
 			sb.append("\t\tNo groups specified, user will be assigned __ANON__ group by default\n");
 		}
-		
+
 		return sb.toString();
 	}
 
@@ -302,7 +237,54 @@ public static Configuration getCoreConfig() {
 		try {
 			Path ccPath = getCoreConfigPath();
 			if (ccPath != null) {
-				return Util.loadJAXifiedXML(ccPath.toString(), Configuration.class.getPackage().getName());
+				return JAXBUtils.loadJAXifiedXML(ccPath.toString(), Configuration.class.getPackage().getName());
+			} else {
+				return null;
+			}
+		} catch (IOException | JAXBException e) {
+			throw new RuntimeException(e);
+		}
+	}
+
+	@Nullable
+	public static Path getTAKIgniteConfigPath() {
+		try {
+			if (TAKCLCore.takIgniteConfigPath != null) {
+				Path ccPath = Paths.get(TAKCLCore.takIgniteConfigPath).toAbsolutePath();
+				logger.debug("Reading TAKIgniteConfig from system property with value '" + ccPath.toAbsolutePath().toString() + "'.");
+				return ccPath;
+			}
+
+			Path jarPath = Paths.get(Util.class.getProtectionDomain().getCodeSource().getLocation()
+					.toURI()).getParent();
+			if (Files.exists(jarPath.resolve("TAKIgniteConfig.xml"))) {
+				Path ccPath = jarPath.resolve("TAKIgniteConfig.xml").toAbsolutePath();
+				logger.debug("Reading TAKIgniteConfig from '" + ccPath.toAbsolutePath().toString() + "'.");
+				return ccPath;
+
+			} else if (Files.exists(jarPath.getParent().resolve("TAKIgniteConfig.xml"))) {
+				Path ccPath = jarPath.getParent().resolve("TAKIgniteConfig.xml").toAbsolutePath();
+				logger.debug("Reading TAKIgniteConfig from '" + ccPath.toAbsolutePath().toString() + "'.");
+				return ccPath;
+			} else if (Files.exists(Paths.get(".").resolve("TAKIgniteConfig.xml"))) {
+				Path ccPath = Paths.get("TAKIgniteConfig.xml").toAbsolutePath();
+				logger.debug("Reading TAKIgniteConfig from '" + ccPath.toAbsolutePath().toString() + "'.");
+				return ccPath;
+			} else {
+				logger.debug("No TAKIgniteConfig file found.");
+			}
+		} catch (URISyntaxException e) {
+			throw new RuntimeException(e);
+		}
+		return null;
+	}
+
+	@Nullable
+	public static TAKIgniteConfiguration getTAKIgniteConfig() {
+		try {
+			Path ccPath = getTAKIgniteConfigPath();
+			if (ccPath != null) {
+				return JAXBUtils.loadJAXifiedXML(ccPath.toString(), TAKIgniteConfiguration.class.getPackage().getName());
 			} else {
 				return null;
 			}
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/AdvancedCliMainHelper.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/AdvancedCliMainHelper.java
index 8bb42a0e..2f3f65b7 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/AdvancedCliMainHelper.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/AdvancedCliMainHelper.java
@@ -1,6 +1,7 @@
 package com.bbn.marti.takcl.cli.advanced;
 
 import com.bbn.marti.config.Configuration;
+import com.bbn.marti.config.TAKIgniteConfiguration;
 import com.bbn.marti.takcl.AppModules.generic.AppModuleInterface;
 import com.bbn.marti.takcl.AppModules.generic.BaseAppModuleInterface;
 import com.bbn.marti.takcl.AppModules.generic.ServerAppModuleInterface;
@@ -8,14 +9,17 @@
 import com.bbn.marti.takcl.TakclIgniteHelper;
 import com.bbn.marti.takcl.Util;
 import com.bbn.marti.takcl.cli.EndUserReadableException;
-import com.bbn.marti.takcl.cli.InvalidArgumentValueException;
-import com.bbn.marti.takcl.cli.NoSuchCommandArgumentException;
-import com.bbn.marti.takcl.cli.NoSuchCommandException;
 import com.bbn.marti.test.shared.data.servers.AbstractServerProfile;
 import com.bbn.marti.test.shared.data.servers.ImmutableServerProfiles;
 import org.jetbrains.annotations.Nullable;
 
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Timer;
+import java.util.TimerTask;
 
 import static com.bbn.marti.takcl.cli.CommandCommon.output;
 
@@ -109,9 +113,9 @@ public void run() {
 			// Construct server instance
 			AbstractServerProfile spi = ImmutableServerProfiles.DEFAULT_LOCAL_SERVER;
 
-			Configuration localConfig = Util.getCoreConfig();
-			if (localConfig != null && !TAKCLCore.cliIgnoreCoreConfig) {
-				TakclIgniteHelper.overrideServerConfigurationFromCoreConfig(spi, localConfig);
+			TAKIgniteConfiguration localTAKIgniteConfig = Util.getTAKIgniteConfig();
+			if (localTAKIgniteConfig != null && !TAKCLCore.cliIgnoreCoreConfig) {
+				TakclIgniteHelper.overrideServerConfigurationFromCoreConfig(spi, localTAKIgniteConfig);
 			} else {
 				System.err.println("WARNING: No CoreConfig could be found. The default server configuration details will be used instead!");
 			}
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/AdvancedParamParser.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/AdvancedParamParser.java
index f9051520..7edf9d73 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/AdvancedParamParser.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/AdvancedParamParser.java
@@ -8,7 +8,13 @@
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
 
 /**
  * Created on 8/25/17.
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/ParameterizedCommand.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/ParameterizedCommand.java
index 99470a6d..b5688ade 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/ParameterizedCommand.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/advanced/ParameterizedCommand.java
@@ -1,6 +1,10 @@
 package com.bbn.marti.takcl.cli.advanced;
 
-import java.lang.annotation.*;
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
 
 /**
  * Created on 8/18/17.
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/simple/Command.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/simple/Command.java
index a97d54b0..b00fca76 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/simple/Command.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/simple/Command.java
@@ -1,6 +1,10 @@
 package com.bbn.marti.takcl.cli.simple;
 
-import java.lang.annotation.*;
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
 
 /**
  * Created on 8/18/17.
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/simple/SimpleCommandParser.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/simple/SimpleCommandParser.java
index b94adc2d..8b810124 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/simple/SimpleCommandParser.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/takcl/cli/simple/SimpleCommandParser.java
@@ -1,14 +1,23 @@
 package com.bbn.marti.takcl.cli.simple;
 
 import com.bbn.marti.takcl.AppModules.generic.BaseAppModuleInterface;
-import com.bbn.marti.takcl.cli.*;
+import com.bbn.marti.takcl.cli.CommandCommon;
+import com.bbn.marti.takcl.cli.EndUserReadableException;
+import com.bbn.marti.takcl.cli.InvalidArgumentValueException;
+import com.bbn.marti.takcl.cli.NoSuchCommandArgumentException;
+import com.bbn.marti.takcl.cli.NoSuchCommandException;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Array;
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.SortedMap;
+import java.util.TreeMap;
 
 import static com.bbn.marti.takcl.cli.CommandCommon.output;
 
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/GenerationHelper.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/GenerationHelper.java
index 9dc096c6..4f7ef701 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/GenerationHelper.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/GenerationHelper.java
@@ -22,7 +22,13 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
 /**
  */
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/connections/MutableConnection.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/connections/MutableConnection.java
index 1818dc42..43e277d5 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/connections/MutableConnection.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/connections/MutableConnection.java
@@ -14,7 +14,10 @@
 import org.jetbrains.annotations.Nullable;
 
 import java.nio.file.Path;
-import java.util.*;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.ConcurrentSkipListSet;
 import java.util.concurrent.atomic.AtomicInteger;
 
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/generated/ImmutableConnections.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/generated/ImmutableConnections.java
index 1cf84fee..af7e4aa5 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/generated/ImmutableConnections.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/generated/ImmutableConnections.java
@@ -2,7 +2,9 @@
 
 import com.bbn.marti.config.AuthType;
 import com.bbn.marti.test.shared.data.GroupSetProfiles;
-import com.bbn.marti.test.shared.data.connections.*;
+import com.bbn.marti.test.shared.data.connections.AbstractConnection;
+import com.bbn.marti.test.shared.data.connections.BaseConnections;
+import com.bbn.marti.test.shared.data.connections.ConnectionFilter;
 import com.bbn.marti.test.shared.data.protocols.ProtocolProfiles;
 import com.bbn.marti.test.shared.data.servers.ImmutableServerProfiles;
 import com.bbn.marti.test.shared.data.servers.AbstractServerProfile;
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/servers/AbstractServerProfile.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/servers/AbstractServerProfile.java
index d6acca1b..705511ca 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/servers/AbstractServerProfile.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/servers/AbstractServerProfile.java
@@ -32,7 +32,7 @@ public abstract class AbstractServerProfile implements Comparable<Object>, Compa
 
 	private Integer igniteCommunicationPort;
 	private Integer igniteCommunicationPortCount;
-	
+
 	private final int certHttpsPort;
 	private final int fedHttpsPort;
 	private final int httpPlaintextPort;
@@ -40,8 +40,8 @@ public abstract class AbstractServerProfile implements Comparable<Object>, Compa
 	private final String dbHost;
 
 	public AbstractServerProfile(@NotNull String identifier, @NotNull String url, @Nullable Integer igniteDiscoveryPort, @Nullable Integer igniteDiscoveryPortCount,
-			Integer igniteCommunicationPort, Integer igniteCommunicationPortCount,
-	                             int federationPort, int federationV2Port, int certHttpsPort, int fedHttpsPort, int httpPlaintextPort, int httpsPort, @Nullable String dbHost) {
+								 Integer igniteCommunicationPort, Integer igniteCommunicationPortCount,
+								 int federationPort, int federationV2Port, int certHttpsPort, int fedHttpsPort, int httpPlaintextPort, int httpsPort, @Nullable String dbHost) {
 		this.consistentUniqueReadableIdentifier = identifier;
 		this.url = url;
 		this.igniteDiscoveryPort = igniteDiscoveryPort;
@@ -79,6 +79,10 @@ public String getConfigFilePath() {
 		return TAKCLConfigModule.getInstance().getServerConfigFilepath(this.consistentUniqueReadableIdentifier);
 	}
 
+	public String getTAKIgniteConfigFilePath() {
+		return TAKCLConfigModule.getInstance().getServerTAKIgniteConfigFilepath(this.consistentUniqueReadableIdentifier);
+	}
+
 	public String getUserAuthFilePath() {
 		return TAKCLConfigModule.getInstance().getServerUserFile(this.consistentUniqueReadableIdentifier);
 	}
@@ -118,7 +122,7 @@ public final Integer getIgniteDiscoveryPort() {
 	public final Integer getIgniteDiscoveryPortCount() {
 		return igniteDiscoveryPortCount;
 	}
-	
+
 	@Nullable
 	public final Integer getIgniteCommunicationPort() {
 		return igniteCommunicationPort;
diff --git a/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/servers/ImmutableServerProfiles.java b/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/servers/ImmutableServerProfiles.java
index 05f3cf31..701b064b 100644
--- a/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/servers/ImmutableServerProfiles.java
+++ b/src/takserver-takcl-core/src/core/java/com/bbn/marti/test/shared/data/servers/ImmutableServerProfiles.java
@@ -60,6 +60,8 @@ public String getUserAuthFilePath() {
 			public String getConfigFilePath() {
 				return Util.getCoreConfigPath().toString();
 			}
+
+			public String getTAKIgniteConfigFilePath() { return Util.getTAKIgniteConfigPath().toString(); }
 		};
 	}
 
diff --git a/src/takserver-takcl-core/src/cursedtak/java/com/bbn/marti/takcl/cursedtak/CursedTAKTerminal.java b/src/takserver-takcl-core/src/cursedtak/java/com/bbn/marti/takcl/cursedtak/CursedTAKTerminal.java
index 8da7947a..3d789ac3 100644
--- a/src/takserver-takcl-core/src/cursedtak/java/com/bbn/marti/takcl/cursedtak/CursedTAKTerminal.java
+++ b/src/takserver-takcl-core/src/cursedtak/java/com/bbn/marti/takcl/cursedtak/CursedTAKTerminal.java
@@ -9,21 +9,30 @@
 import com.bbn.marti.test.shared.data.protocols.ProtocolProfiles;
 import com.googlecode.lanterna.TerminalSize;
 import com.googlecode.lanterna.TextColor;
-import com.googlecode.lanterna.gui2.*;
+import com.googlecode.lanterna.gui2.BasicWindow;
+import com.googlecode.lanterna.gui2.Borders;
+import com.googlecode.lanterna.gui2.Button;
+import com.googlecode.lanterna.gui2.CheckBox;
+import com.googlecode.lanterna.gui2.Direction;
+import com.googlecode.lanterna.gui2.GridLayout;
+import com.googlecode.lanterna.gui2.Label;
+import com.googlecode.lanterna.gui2.LayoutData;
+import com.googlecode.lanterna.gui2.LinearLayout;
+import com.googlecode.lanterna.gui2.MultiWindowTextGUI;
+import com.googlecode.lanterna.gui2.Panel;
+import com.googlecode.lanterna.gui2.TextBox;
+import com.googlecode.lanterna.gui2.Window;
+import com.googlecode.lanterna.gui2.WindowBasedTextGUI;
 import com.googlecode.lanterna.input.KeyStroke;
 import com.googlecode.lanterna.screen.Screen;
 import com.googlecode.lanterna.screen.TerminalScreen;
 import com.googlecode.lanterna.terminal.DefaultTerminalFactory;
 import com.googlecode.lanterna.terminal.Terminal;
-import com.googlecode.lanterna.terminal.TerminalFactory;
 import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
 import java.io.PrintStream;
 import java.nio.charset.Charset;
 import java.util.ArrayList;
diff --git a/src/takserver-takcl-core/src/exe/java/com/bbn/marti/takcl/AppModules/TestRunnerModule.java b/src/takserver-takcl-core/src/exe/java/com/bbn/marti/takcl/AppModules/TestRunnerModule.java
index f0513050..8b232d9d 100644
--- a/src/takserver-takcl-core/src/exe/java/com/bbn/marti/takcl/AppModules/TestRunnerModule.java
+++ b/src/takserver-takcl-core/src/exe/java/com/bbn/marti/takcl/AppModules/TestRunnerModule.java
@@ -1,15 +1,37 @@
 package com.bbn.marti.takcl.AppModules;
 
 import com.bbn.marti.takcl.AppModules.generic.AppModuleInterface;
-import com.bbn.marti.takcl.*;
+import com.bbn.marti.takcl.TAKCLCore;
+import com.bbn.marti.takcl.TakclIgniteHelper;
+import com.bbn.marti.takcl.TestConfiguration;
+import com.bbn.marti.takcl.TestExceptions;
+import com.bbn.marti.takcl.TestLogger;
 import com.bbn.marti.takcl.cli.EndUserReadableException;
 import com.bbn.marti.takcl.cli.simple.Command;
 import com.bbn.marti.takcl.config.common.TakclRunMode;
 import com.bbn.marti.test.shared.AbstractSingleServerTestClass;
 import com.bbn.marti.test.shared.AbstractTestClass;
-import com.bbn.marti.tests.*;
+import com.bbn.marti.tests.FedHubTests;
+import com.bbn.marti.tests.FederationV1Tests;
+import com.bbn.marti.tests.FederationV2Tests;
+import com.bbn.marti.tests.GeneralTests;
+import com.bbn.marti.tests.GenerateOpenApiSpec;
+import com.bbn.marti.tests.InputTests;
+import com.bbn.marti.tests.PluginStartupTests;
+import com.bbn.marti.tests.PointToPointTests;
+import com.bbn.marti.tests.StartupTests;
+import com.bbn.marti.tests.StreamingDataFeedsTests;
+import com.bbn.marti.tests.SubscriptionTests;
+import com.bbn.marti.tests.UserManagementTests;
+import com.bbn.marti.tests.WebsocketsFederationTests;
+import com.bbn.marti.tests.WebsocketsTests;
 import com.bbn.marti.tests.federationmissions.FederationEnterpriseFileSync;
-import com.bbn.marti.tests.missions.*;
+import com.bbn.marti.tests.missions.EnterpriseFileSync;
+import com.bbn.marti.tests.missions.MissionAddRetrieveRemove;
+import com.bbn.marti.tests.missions.MissionDataFlowTests;
+import com.bbn.marti.tests.missions.MissionFileSync;
+import com.bbn.marti.tests.missions.MissionUserCustomRolesTests;
+import com.bbn.marti.tests.missions.MissionUserDefaultRolesTests;
 import com.cloudbees.junit.runner.App;
 import org.apache.commons.io.IOUtils;
 import org.apache.tools.ant.taskdefs.optional.junit.XMLJUnitResultFormatter;
@@ -35,11 +57,22 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Comparator;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.TreeMap;
+import java.util.TreeSet;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
-import static com.bbn.marti.takcl.config.common.TakclRunMode.*;
+import static com.bbn.marti.takcl.config.common.TakclRunMode.LOCAL_SERVER_INTERACTION;
+import static com.bbn.marti.takcl.config.common.TakclRunMode.REMOTE_SERVER_INTERACTION;
+import static com.bbn.marti.takcl.config.common.TakclRunMode.LOCAL_SOURCE_INTERACTION;
 
 /**
  * Created on 6/16/16.
@@ -56,6 +89,7 @@ public class TestRunnerModule implements AppModuleInterface {
 			FederationV1Tests.class,
 			FederationV2Tests.class,
 			GeneralTests.class,
+			GenerateOpenApiSpec.class,
 			InputTests.class,
 			StartupTests.class,
 			PluginStartupTests.class,
diff --git a/src/takserver-takcl-core/src/exe/java/com/bbn/marti/takcl/TAKCL.java b/src/takserver-takcl-core/src/exe/java/com/bbn/marti/takcl/TAKCL.java
index 10e31cb2..4c555164 100644
--- a/src/takserver-takcl-core/src/exe/java/com/bbn/marti/takcl/TAKCL.java
+++ b/src/takserver-takcl-core/src/exe/java/com/bbn/marti/takcl/TAKCL.java
@@ -1,6 +1,16 @@
 package com.bbn.marti.takcl;
 
-import com.bbn.marti.takcl.AppModules.*;
+import com.bbn.marti.takcl.AppModules.BashHelperModule;
+import com.bbn.marti.takcl.AppModules.CotGeneratorModule;
+import com.bbn.marti.takcl.AppModules.EnvironmentHelperModule;
+import com.bbn.marti.takcl.AppModules.OfflineConfigModule;
+import com.bbn.marti.takcl.AppModules.OfflineFileAuthModule;
+import com.bbn.marti.takcl.AppModules.OnlineFileAuthModule;
+import com.bbn.marti.takcl.AppModules.OnlineInputModule;
+import com.bbn.marti.takcl.AppModules.TAKCLConfigModule;
+import com.bbn.marti.takcl.AppModules.TAKClientModule;
+import com.bbn.marti.takcl.AppModules.TestEnumGeneratorModule;
+import com.bbn.marti.takcl.AppModules.TestRunnerModule;
 import com.bbn.marti.takcl.AppModules.generic.BaseAppModuleInterface;
 import com.bbn.marti.takcl.cli.simple.SimpleMain;
 
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OfflineConfigModule.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OfflineConfigModule.java
index 8892c321..7d9925f9 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OfflineConfigModule.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OfflineConfigModule.java
@@ -12,33 +12,21 @@
 import java.util.List;
 import java.util.Set;
 
-import javax.xml.bind.JAXBException;
+import jakarta.xml.bind.JAXBException;
 
-import com.bbn.marti.takcl.TAKCLCore;
-import org.apache.commons.io.FileUtils;
+import com.bbn.marti.config.*;
+import com.bbn.marti.takcl.config.common.TakclRunMode;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
-import com.bbn.marti.config.Auth;
-import com.bbn.marti.config.AuthType;
-import com.bbn.marti.config.Buffer;
-import com.bbn.marti.config.Configuration;
-import com.bbn.marti.config.DataFeed;
-import com.bbn.marti.config.Docs;
-import com.bbn.marti.config.Federation;
-import com.bbn.marti.config.Input;
-import com.bbn.marti.config.Network;
-import com.bbn.marti.config.Repository;
-import com.bbn.marti.config.Subscription;
-import com.bbn.marti.config.Tls;
+import com.bbn.marti.takcl.TAKCLCore;
 import com.bbn.marti.takcl.SSLHelper;
-import com.bbn.marti.takcl.Util;
 import com.bbn.marti.takcl.AppModules.generic.ServerAppModuleInterface;
 import com.bbn.marti.takcl.cli.simple.Command;
-import com.bbn.marti.takcl.config.common.TakclRunMode;
 import com.bbn.marti.test.shared.data.connections.AbstractConnection;
 import com.bbn.marti.test.shared.data.protocols.ProtocolProfiles;
 import com.bbn.marti.test.shared.data.servers.AbstractServerProfile;
+import tak.server.util.JAXBUtils;
 
 /**
  * Used to modify the server CoreConfig.xml file offline. If this is used while the server is running, the changes will not take effect, and may cause undesirable behavior.
@@ -51,6 +39,10 @@ public class OfflineConfigModule implements ServerAppModuleInterface {
 
 	private String fileLocation = null;
 
+	private TAKIgniteConfiguration takIgniteConfiguration;
+
+	private String takIgniteConfigFileLocation = null;
+
 	public OfflineConfigModule() {
 	}
 
@@ -85,7 +77,21 @@ public void init(@NotNull AbstractServerProfile serverIdentifier) {
 				Files.copy(Paths.get(TAKCLConfigModule.getInstance().getCleanConfigFilepath()), Paths.get(fileLocation), StandardCopyOption.REPLACE_EXISTING);
 			}
 
-			this.configuration = Util.loadJAXifiedXML(fileLocation, Configuration.class.getPackage().getName());
+			this.configuration = JAXBUtils.loadJAXifiedXML(fileLocation, Configuration.class.getPackage().getName());
+
+		} catch (IOException | JAXBException e) {
+			throw new RuntimeException(e);
+		}
+
+		try {
+			takIgniteConfigFileLocation = server.getTAKIgniteConfigFilePath();
+			Path takIgniteConfigPath = Paths.get(takIgniteConfigFileLocation);
+
+			if (!Files.exists(takIgniteConfigPath)) {
+				Files.copy(Paths.get(TAKCLConfigModule.getInstance().getCleanTAKIgniteConfigFilepath()), Paths.get(takIgniteConfigFileLocation), StandardCopyOption.REPLACE_EXISTING);
+			}
+
+			this.takIgniteConfiguration = JAXBUtils.loadJAXifiedXML(takIgniteConfigFileLocation, com.bbn.marti.config.TAKIgniteConfiguration.class.getPackage().getName());
 
 		} catch (IOException | JAXBException e) {
 			throw new RuntimeException(e);
@@ -112,10 +118,19 @@ public void resetConfig() {
 			}
 			Files.copy(Paths.get(conf.getCleanConfigFilepath()), Paths.get(fileLocation), StandardCopyOption.REPLACE_EXISTING);
 
+			configPath = Paths.get(takIgniteConfigFileLocation);
+
+			if (Files.exists(configPath)) {
+				Files.copy(Paths.get(takIgniteConfigFileLocation), Paths.get(takIgniteConfigFileLocation + ".bak"), StandardCopyOption.REPLACE_EXISTING);
+			}
+			Files.copy(Paths.get(conf.getCleanTAKIgniteConfigFilepath()), Paths.get(takIgniteConfigFileLocation), StandardCopyOption.REPLACE_EXISTING);
+
 			init(server);
 		} catch (IOException e) {
 			throw new RuntimeException(e);
 		}
+
+
 	}
 
 	public List<Input> getInputs() {
@@ -128,7 +143,12 @@ public List<DataFeed> getDataFeeds() {
 
 	public void saveChanges() {
 		try {
-			Util.saveJAXifiedObject(fileLocation, configuration, true);
+			JAXBUtils.saveJAXifiedObject(fileLocation, configuration, true);
+		} catch (IOException | JAXBException e) {
+			throw new RuntimeException(e);
+		}
+		try {
+			JAXBUtils.saveJAXifiedObject(takIgniteConfigFileLocation, takIgniteConfiguration, true);
 		} catch (IOException | JAXBException e) {
 			throw new RuntimeException(e);
 		}
@@ -335,22 +355,6 @@ public void setHttpsPort(@NotNull Integer port) {
 		setConnectorConfigurationAndSave("https", port, null, null, null);
 	}
 
-	@Command
-	public void setIgnitePortRange(@Nullable Integer discoveryPort, @Nullable Integer discoveryPortCount) {
-		Buffer buffer = configuration.getBuffer();
-		if (buffer == null) {
-			buffer = new Buffer();
-			configuration.setBuffer(buffer);
-		}
-		if (discoveryPort != null) {
-			buffer.setIgniteNonMulticastDiscoveryPort(discoveryPort);
-			if (discoveryPortCount != null) {
-				buffer.setIgniteNonMulticastDiscoveryPortCount(discoveryPortCount);
-			}
-		}
-		saveChanges();
-	}
-
 	@Command
 	public void setFedHttpsPort(@NotNull Integer port) {
 		setConnectorConfigurationAndSave("fed_https", port, true, null, null);
@@ -377,7 +381,7 @@ public void enableSwagger() {
 	}
 
 	private void setConnectorConfigurationAndSave(@NotNull String name, @NotNull Integer port, @Nullable Boolean useFedTrustStore,
-	                                              @Nullable String clientAuth, @Nullable Boolean tls) {
+												  @Nullable String clientAuth, @Nullable Boolean tls) {
 		Network.Connector connector = null;
 
 		Network n = configuration.getNetwork();
@@ -537,6 +541,7 @@ public void addFederate(@NotNull AbstractServerProfile federateServer) {
 		}
 
 		Federation.Federate newFederate = new Federation.Federate();
+		newFederate.setFallbackWhenNoGroupMappings(true);
 		federateList.add(newFederate);
 		newFederate.setName(federateServer.getConsistentUniqueReadableIdentifier());
 		newFederate.setId(SSLHelper.getInstance().getServerFingerprint(federateServer.getConsistentUniqueReadableIdentifier()));
@@ -659,4 +664,18 @@ public void addFederateInboundGroup(@NotNull AbstractServerProfile federate, @No
 
 		throw new RuntimeException("Cannot add inbound group for " + server.getConsistentUniqueReadableIdentifier() + "because the federate " + federate.getConsistentUniqueReadableIdentifier() + " has not been added!");
 	}
+
+	@Command
+	public void setIgnitePortRange(@Nullable Integer discoveryPort, @Nullable Integer discoveryPortCount) {
+
+		if (discoveryPort != null) {
+			takIgniteConfiguration.setIgniteNonMulticastDiscoveryPort(discoveryPort);
+			if (discoveryPortCount != null) {
+				takIgniteConfiguration.setIgniteNonMulticastDiscoveryPortCount(discoveryPortCount);
+			}
+		}
+
+		saveChanges();
+	}
+
 }
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OfflineFileAuthModule.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OfflineFileAuthModule.java
index 142eb85e..abb313d0 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OfflineFileAuthModule.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OfflineFileAuthModule.java
@@ -10,13 +10,14 @@
 import com.bbn.marti.xml.bindings.Role;
 import com.bbn.marti.xml.bindings.UserAuthenticationFile;
 
+import tak.server.util.JAXBUtils;
 import tak.server.util.PasswordUtils;
 
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import org.springframework.security.crypto.bcrypt.BCrypt;
 
-import javax.xml.bind.JAXBException;
+import jakarta.xml.bind.JAXBException;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
@@ -25,7 +26,11 @@
 import java.nio.file.StandardCopyOption;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
 
 /**
  * Used to manage the user authentication file in offline mode. Using it in online mode will likely have no effect, but could cause other unforseen issues.
@@ -52,7 +57,7 @@ public synchronized void init(@NotNull AbstractServerProfile serverIdentifier) t
 			File f = new File(fileLocation);
 			if (f.exists()) {
 				try {
-					this.authenticationFile = Util.loadJAXifiedXML(fileLocation, UserAuthenticationFile.class.getPackage().getName());
+					this.authenticationFile = JAXBUtils.loadJAXifiedXML(fileLocation, UserAuthenticationFile.class.getPackage().getName());
 				} catch (JAXBException e) {
 					throw new EndUserReadableException("The existing user authentication file at '" +
 							f.getAbsolutePath() + "' appears to be improperly formatted!", e);
@@ -79,7 +84,7 @@ public void halt() { }
 
 	private synchronized void saveChanges() {
 		try {
-			Util.saveJAXifiedObject(fileLocation, authenticationFile, true);
+			JAXBUtils.saveJAXifiedObject(fileLocation, authenticationFile, true);
 		} catch (IOException | JAXBException e) {
 			throw new RuntimeException(e);
 		}
@@ -203,7 +208,7 @@ public synchronized void resetConfig() {
 	public static UserAuthenticationFile readCurrentConfigFromDisk(@NotNull AbstractServerProfile serverIdentifier) {
 		try {
 			String fileLocation = serverIdentifier.getUserAuthFilePath();
-			return Util.loadJAXifiedXML(fileLocation, UserAuthenticationFile.class.getPackage().getName());
+			return JAXBUtils.loadJAXifiedXML(fileLocation, UserAuthenticationFile.class.getPackage().getName());
 		} catch (FileNotFoundException | JAXBException e) {
 			throw new RuntimeException(e);
 		}
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OnlineFileAuthModule.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OnlineFileAuthModule.java
index f528a59b..0f797b9a 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OnlineFileAuthModule.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OnlineFileAuthModule.java
@@ -9,7 +9,7 @@
 import java.util.Random;
 import java.util.Set;
 
-import javax.xml.bind.JAXBException;
+import jakarta.xml.bind.JAXBException;
 
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OnlineInputModule.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OnlineInputModule.java
index 8cd68dbe..436f31e0 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OnlineInputModule.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/OnlineInputModule.java
@@ -25,169 +25,169 @@
  */
 public class OnlineInputModule implements ServerAppModuleInterface {
 
-	InputManager inputManager = null;
-
-	private AbstractServerProfile server;
-
-	public OnlineInputModule() {
-	}
-
-	@NotNull
-	@Override
-	public TakclRunMode[] getRunModes() {
-		return new TakclRunMode[]{TakclRunMode.REMOTE_SERVER_INTERACTION};
-	}
-
-	@Override
-	public ServerState getRequiredServerState() {
-		return ServerState.RUNNING;
-	}
-
-	@Override
-	public String getCommandDescription() {
-		return "Manipulate network inputs.";
-	}
-
-	@Override
-	public synchronized void init(@NotNull AbstractServerProfile server) {
-		this.server = server;
-		if (inputManager == null) {
-			inputManager = TakclIgniteHelper.getInputManager(server);
-		}
-	}
-
-	@Override
-	public void halt() {
-		if (server != null) {
-			TakclIgniteHelper.closeAssociatedIgniteInstance(server);
-		}
-	}
-
-	/**
-	 * Adds a network interface to the server with the specified parameters
-	 *
-	 * @param protocol The protocol to add
-	 * @param port     The port to add
-	 * @param name     The getConsistentUniqueReadableIdentifier of the input
-	 * @return The result of the add attempt
-	 */
-	@Command(description = "Adds a network input with the specified getConsistentUniqueReadableIdentifier, protocol, and port to the server.")
-	public NetworkInputAddResult add(@NotNull ProtocolProfiles protocol, @NotNull String port, @NotNull String name) {
-		Input input = new Input();
-		input.setName(name);
-		input.setProtocol(protocol.getValue());
-		input.setPort(Integer.parseInt(port));
-		Integer protocolVersion = protocol.getCoreNetworkVersion();
-		if (protocolVersion != null) {
-			input.setCoreVersion(protocolVersion);
-		}
-
-		return inputManager.createInput(input);
-	}
-
-	public NetworkInputAddResult add(Input input) {
-		return inputManager.createInput(input);
-	}
-
-	/**
-	 * Adds a predefined input to the server. The following can be parsed from the predefined input names:
-	 * <p>
-	 * The format of the input names is "&lt;getConsistentUniqueReadableIdentifier&gt;&lt;groups&gt;&lt;anonEnabled&gt;"
-	 * <p>
-	 * The getConsistentUniqueReadableIdentifier is a general identifier for input and specifies the protocol in use.
-	 * The groups indicate the group identifiers it belongs to. Each number represents a group it belongs to with the format "group#".
-	 * The anonEnabled indicates if anon is specifically enabled or disabled. If it is not there, the default behavior is applied.
-	 * <p>
-	 * For example, streamtcp_67t would be a streaming tcp connection belonging to the groups "group6" and "group7" with anon enabled
-	 *
-	 * @param input The predefined input to add
-	 */
-	@Command(description = "Adds a predefined input to the server. The getConsistentUniqueReadableIdentifier formatting is as follows: " +
-			"\n\t<getConsistentUniqueReadableIdentifier><groups><anonEnabled>" +
-			"\n\t\tgetConsistentUniqueReadableIdentifier: The getConsistentUniqueReadableIdentifier of the input. It also specifies the protocol in use." +
-			"\n\t\tgroups: The group identifiers in use. each digit is a group with the format \"group#\"" +
-			"\n\t\tanonEnabled: Indicates if anon group access is enabled.  If missing, the default behavior is applied.")
-	public void add(BaseConnections input) {
-		ImmutableConnectionsTemplate_471E9257 connection = new ImmutableConnectionsTemplate_471E9257(input.name(), ImmutableServerProfiles.SERVER_CLI, input, input.getPort());
-		add(connection);
-	}
-
-	public void add(AbstractConnection networkInput) {
-		inputManager.createInput(networkInput.getConfigInput());
-	}
-
-	public void addDataFeed(AbstractConnection networkInput) {
-		inputManager.createDataFeed(networkInput.getConfigDataFeed());
-	}
-
-	/**
-	 * Removes a predefined input from the server
-	 *
-	 * @param input The input to remove
-	 */
-	@Command
-	public void remove(BaseConnections input) {
-		inputManager.deleteInput(input.name());
-	}
-
-	/**
-	 * Prints out the predefined inputs that can be added using the {@link #add(BaseConnections)} command.
-	 */
-	@Command(description = "Prints out the predefined inputs that can be added through this tool.")
-	public void listPredefinedInputs() {
-		for (BaseConnections input : BaseConnections.values()) {
-			System.out.println(input.displayString());
-		}
-	}
-
-	/**
-	 * Removes the input with the specified getConsistentUniqueReadableIdentifier
-	 *
-	 * @param name The getConsistentUniqueReadableIdentifier of the input to remove
-	 */
-	@Command(description = "Removes the input with the specified getConsistentUniqueReadableIdentifier.")
-	public void remove(String name) {
-		inputManager.deleteInput(name);
-	}
-
-	/**
-	 * Removes the dataFeed with the specified getConsistentUniqueReadableIdentifier
-	 *
-	 * @param name The getConsistentUniqueReadableIdentifier of the data feed to remove
-	 */
-	@Command(description = "Removes the data feed with the specified getConsistentUniqueReadableIdentifier.")
-	public void removeDataFeed(String name) {
-		inputManager.deleteDataFeed(name);
-	}
-
-	public Collection<InputMetric> getInputMetricList() {
-		return inputManager.getInputMetrics(false);
-	}
-
-	/**
-	 * Gets the list of currently enabled inputs
-	 *
-	 * @return The list of inputs
-	 */
-	@Command(description = "Gets a list of the currently enabled inputs.")
-	public String getList() {
-		Collection<InputMetric> inputMetrics = getInputMetricList();
-		String printString = "";
-
-		for (InputMetric inputMetric : inputMetrics) {
-			Input input = inputMetric.getInput();
-			String groupString = null;
-
-			for (String group : input.getFiltergroup()) {
-				groupString = (groupString == null ? ("groups=" + group) : (groupString + "," + group));
-			}
-
-			printString += ("getConsistentUniqueReadableIdentifier=" + input.getName() + ", protocol=" + input.getProtocol() + ", port=" + input.getPort() + (groupString == null ? "" : groupString) + "received: " + inputMetric.getMessagesReceived() + "\n");
-		}
-		return printString;
-	}
-
-	//    /**
+    InputManager inputManager = null;
+
+    private AbstractServerProfile server;
+
+    public OnlineInputModule() {
+    }
+
+    @NotNull
+    @Override
+    public TakclRunMode[] getRunModes() {
+        return new TakclRunMode[]{TakclRunMode.REMOTE_SERVER_INTERACTION};
+    }
+
+    @Override
+    public ServerState getRequiredServerState() {
+        return ServerState.RUNNING;
+    }
+
+    @Override
+    public String getCommandDescription() {
+        return "Manipulate network inputs.";
+    }
+
+    @Override
+    public synchronized void init(@NotNull AbstractServerProfile server) {
+        this.server = server;
+        if (inputManager == null) {
+            inputManager = TakclIgniteHelper.getInputManager(server);
+        }
+    }
+
+    @Override
+    public void halt() {
+        if (server != null) {
+            TakclIgniteHelper.closeAssociatedIgniteInstance(server);
+        }
+    }
+
+    /**
+     * Adds a network interface to the server with the specified parameters
+     *
+     * @param protocol The protocol to add
+     * @param port     The port to add
+     * @param name     The getConsistentUniqueReadableIdentifier of the input
+     * @return The result of the add attempt
+     */
+    @Command(description = "Adds a network input with the specified getConsistentUniqueReadableIdentifier, protocol, and port to the server.")
+    public NetworkInputAddResult add(@NotNull ProtocolProfiles protocol, @NotNull String port, @NotNull String name) {
+        Input input = new Input();
+        input.setName(name);
+        input.setProtocol(protocol.getValue());
+        input.setPort(Integer.parseInt(port));
+        Integer protocolVersion = protocol.getCoreNetworkVersion();
+        if (protocolVersion != null) {
+            input.setCoreVersion(protocolVersion);
+        }
+
+        return inputManager.createInput(input, true);
+    }
+
+    public NetworkInputAddResult add(Input input) {
+        return inputManager.createInput(input, true);
+    }
+
+    /**
+     * Adds a predefined input to the server. The following can be parsed from the predefined input names:
+     * <p>
+     * The format of the input names is "&lt;getConsistentUniqueReadableIdentifier&gt;&lt;groups&gt;&lt;anonEnabled&gt;"
+     * <p>
+     * The getConsistentUniqueReadableIdentifier is a general identifier for input and specifies the protocol in use.
+     * The groups indicate the group identifiers it belongs to. Each number represents a group it belongs to with the format "group#".
+     * The anonEnabled indicates if anon is specifically enabled or disabled. If it is not there, the default behavior is applied.
+     * <p>
+     * For example, streamtcp_67t would be a streaming tcp connection belonging to the groups "group6" and "group7" with anon enabled
+     *
+     * @param input The predefined input to add
+     */
+    @Command(description = "Adds a predefined input to the server. The getConsistentUniqueReadableIdentifier formatting is as follows: " +
+        "\n\t<getConsistentUniqueReadableIdentifier><groups><anonEnabled>" +
+        "\n\t\tgetConsistentUniqueReadableIdentifier: The getConsistentUniqueReadableIdentifier of the input. It also specifies the protocol in use." +
+        "\n\t\tgroups: The group identifiers in use. each digit is a group with the format \"group#\"" +
+        "\n\t\tanonEnabled: Indicates if anon group access is enabled.  If missing, the default behavior is applied.")
+    public void add(BaseConnections input) {
+        ImmutableConnectionsTemplate_471E9257 connection = new ImmutableConnectionsTemplate_471E9257(input.name(), ImmutableServerProfiles.SERVER_CLI, input, input.getPort());
+        add(connection);
+    }
+
+    public void add(AbstractConnection networkInput) {
+        inputManager.createInput(networkInput.getConfigInput(), true);
+    }
+
+    public void addDataFeed(AbstractConnection networkInput) {
+        inputManager.createDataFeed(networkInput.getConfigDataFeed(), true);
+    }
+
+    /**
+     * Removes a predefined input from the server
+     *
+     * @param input The input to remove
+     */
+    @Command
+    public void remove(BaseConnections input) {
+        inputManager.deleteInput(input.name(), true);
+    }
+
+    /**
+     * Prints out the predefined inputs that can be added using the {@link #add(BaseConnections)} command.
+     */
+    @Command(description = "Prints out the predefined inputs that can be added through this tool.")
+    public void listPredefinedInputs() {
+        for (BaseConnections input : BaseConnections.values()) {
+            System.out.println(input.displayString());
+        }
+    }
+
+    /**
+     * Removes the input with the specified getConsistentUniqueReadableIdentifier
+     *
+     * @param name The getConsistentUniqueReadableIdentifier of the input to remove
+     */
+    @Command(description = "Removes the input with the specified getConsistentUniqueReadableIdentifier.")
+    public void remove(String name) {
+        inputManager.deleteInput(name, true);
+    }
+
+    /**
+     * Removes the dataFeed with the specified getConsistentUniqueReadableIdentifier
+     *
+     * @param name The getConsistentUniqueReadableIdentifier of the data feed to remove
+     */
+    @Command(description = "Removes the data feed with the specified getConsistentUniqueReadableIdentifier.")
+    public void removeDataFeed(String name) {
+        inputManager.deleteDataFeed(name, true);
+    }
+
+    public Collection<InputMetric> getInputMetricList() {
+        return inputManager.getInputMetrics(false);
+    }
+
+    /**
+     * Gets the list of currently enabled inputs
+     *
+     * @return The list of inputs
+     */
+    @Command(description = "Gets a list of the currently enabled inputs.")
+    public String getList() {
+        Collection<InputMetric> inputMetrics = getInputMetricList();
+        String printString = "";
+
+        for (InputMetric inputMetric : inputMetrics) {
+            Input input = inputMetric.getInput();
+            String groupString = null;
+
+            for (String group : input.getFiltergroup()) {
+                groupString = (groupString == null ? ("groups=" + group) : (groupString + "," + group));
+            }
+
+            printString += ("getConsistentUniqueReadableIdentifier=" + input.getName() + ", protocol=" + input.getProtocol() + ", port=" + input.getPort() + (groupString == null ? "" : groupString) + "received: " + inputMetric.getMessagesReceived() + "\n");
+        }
+        return printString;
+    }
+
+    //    /**
 //     * Changes the archive flag for the provided input, if not already set to the requested value
 //     * @param inputName The input identifier to modify the archive flag of
 //     * @param archiveFlag The desired setting of the archive flag
@@ -201,41 +201,43 @@ public String getList() {
 //        }
 //    }
 //
-	public ConnectionModifyResult addInputToGroup(@NotNull String inputIdentifier, @NotNull String groupName) {
-		Collection<InputMetric> inputMetrics = inputManager.getInputMetrics(false);
-		Input modInput = null;
-
-		for (InputMetric im : inputMetrics) {
-			if (im.getInput().getName().equals(inputIdentifier)) {
-				modInput = im.getInput();
-			}
-		}
-
-		if (modInput == null) {
-			return ConnectionModifyResult.FAIL_NONEXISTENT;
-		}
-
-		modInput.getFiltergroup().add(groupName);
-		return inputManager.modifyInput(inputIdentifier, modInput);
-	}
-
-	public ConnectionModifyResult removeInputFromGroup(@NotNull String inputIdentifier, @NotNull String groupName) {
-		Collection<InputMetric> inputMetrics = inputManager.getInputMetrics(false);
-		Input modInput = null;
-
-		for (InputMetric im : inputMetrics) {
-			if (im.getInput().getName().equals(inputIdentifier)) {
-				modInput = im.getInput();
-			}
-		}
-
-		if (modInput == null) {
-			return ConnectionModifyResult.FAIL_NONEXISTENT;
-		}
-
-		if (modInput.getFiltergroup().contains(groupName)) {
-			modInput.getFiltergroup().remove(groupName);
-		}
-		return inputManager.modifyInput(inputIdentifier, modInput);
-	}
+    public ConnectionModifyResult addInputToGroup(@NotNull String inputIdentifier, @NotNull String groupName) {
+        Collection<InputMetric> inputMetrics = inputManager.getInputMetrics(false);
+        Input modInput = null;
+
+        for (InputMetric im : inputMetrics) {
+            if (im.getInput().getName().equals(inputIdentifier)) {
+                modInput = im.getInput();
+            }
+        }
+
+        if (modInput == null) {
+            return ConnectionModifyResult.FAIL_NONEXISTENT;
+        }
+
+        modInput.getFiltergroup().add(groupName);
+        return inputManager.modifyInput(inputIdentifier, modInput, true);
+    }
+
+    public ConnectionModifyResult removeInputFromGroup(@NotNull String inputIdentifier, @NotNull String groupName) {
+        Collection<InputMetric> inputMetrics = inputManager.getInputMetrics(false);
+        Input modInput = null;
+
+        for (InputMetric im : inputMetrics) {
+            if (im.getInput().getName().equals(inputIdentifier)) {
+                modInput = im.getInput();
+            }
+        }
+
+        if (modInput == null) {
+            return ConnectionModifyResult.FAIL_NONEXISTENT;
+        }
+
+        if (modInput.getFiltergroup().contains(groupName)) {
+            modInput.getFiltergroup().remove(groupName);
+        }
+
+
+        return inputManager.modifyInput(inputIdentifier, modInput, true);
+    }
 }
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/TAKClientModule.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/TAKClientModule.java
index 141717eb..8b220da9 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/TAKClientModule.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/AppModules/TAKClientModule.java
@@ -23,7 +23,12 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
-import java.io.*;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
 import java.util.UUID;
 
 /**
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/BashCompletionHelper.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/BashCompletionHelper.java
index f359df2d..cbe35836 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/BashCompletionHelper.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/BashCompletionHelper.java
@@ -10,7 +10,11 @@
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
 
 /**
  * Used to autogenerate a bash completion script
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/SSLHelper.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/SSLHelper.java
index 55a734f1..79f0b257 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/SSLHelper.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/SSLHelper.java
@@ -5,6 +5,9 @@
 import com.bbn.marti.takcl.cli.EndUserReadableException;
 import com.bbn.marti.test.shared.data.users.AbstractUser;
 import com.bbn.marti.test.shared.data.users.BaseUsers;
+
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+
 import org.apache.commons.io.FileUtils;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
@@ -14,9 +17,20 @@
 import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
-import javax.net.ssl.*;
-import javax.xml.bind.DatatypeConverter;
-import java.io.*;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedTrustManager;
+import javax.net.ssl.X509TrustManager;
+import jakarta.xml.bind.DatatypeConverter;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.nio.file.Files;
@@ -114,7 +128,38 @@ private static X509TrustManager initTrustManager(String storeType, String passwo
 		tmks.load(new FileInputStream(trustSoreFile), password.toCharArray());
 		TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
 		trustManagerFactory.init(tmks);
-		return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
+		X509TrustManager manager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
+		TrustManager[] trustAllCerts = new TrustManager[] {(TrustManager) new X509ExtendedTrustManager() {
+            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                return manager.getAcceptedIssuers();
+            }
+            @Override
+            public void checkClientTrusted (X509Certificate [] chain, String authType, Socket socket) {
+
+            }
+
+            @Override
+            public void checkServerTrusted (X509Certificate [] chain, String authType, Socket socket) {
+
+            }
+
+            @Override
+            public void checkClientTrusted (X509Certificate [] chain, String authType, SSLEngine engine) {
+
+            }
+
+            @Override
+            public void checkServerTrusted (X509Certificate [] chain, String authType, SSLEngine engine) {
+
+            }
+
+            public void checkClientTrusted (X509Certificate [] c, String a) {
+            }
+
+            public void checkServerTrusted (X509Certificate [] c, String a) {
+            }
+        }};
+		return (X509TrustManager) trustAllCerts[0];
 	}
 
 	private static SSLContext initSslContext(String storeType, String password, File keyStoreFile, TrustManager trustManager) throws GeneralSecurityException, IOException {
@@ -122,7 +167,7 @@ private static SSLContext initSslContext(String storeType, String password, File
 		kmks.load(new FileInputStream(keyStoreFile), password.toCharArray());
 		KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
 		keyManagerFactory.init(kmks, password.toCharArray());
-
+		
 		SSLContext theSslContext = SSLContext.getInstance("TLSv1.2");
 		theSslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{trustManager}, null);
 
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/TestLogger.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/TestLogger.java
index 6f3a3253..b87dab4e 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/TestLogger.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/TestLogger.java
@@ -14,7 +14,12 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.*;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.TreeSet;
 
 
 /**
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/ConnectibleClient.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/ConnectibleClient.java
index 01fc1e55..af62ad32 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/ConnectibleClient.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/ConnectibleClient.java
@@ -16,7 +16,11 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.*;
+import java.io.BufferedReader;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
 import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.nio.file.Files;
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/ReceivingClient.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/ReceivingClient.java
index f9385938..d08e7c7a 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/ReceivingClient.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/ReceivingClient.java
@@ -12,7 +12,13 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.net.*;
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+import java.net.Inet4Address;
+import java.net.MulticastSocket;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/SendingClient.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/SendingClient.java
index 11029d08..c97f48de 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/SendingClient.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/SendingClient.java
@@ -15,7 +15,14 @@
 import java.io.DataOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
-import java.net.*;
+import java.net.BindException;
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+import java.net.Inet4Address;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.MulticastSocket;
+import java.net.Socket;
 
 import static com.bbn.marti.takcl.TAKCLProfilingLogging.DurationLogger;
 import static com.bbn.marti.takcl.TAKCLProfilingLogging.LogActivity;
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/UnifiedClient.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/UnifiedClient.java
index 34d55420..d5d64f98 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/UnifiedClient.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/implementations/UnifiedClient.java
@@ -5,6 +5,7 @@
 import com.bbn.marti.takcl.connectivity.interfaces.ReceivingInterface;
 import com.bbn.marti.takcl.connectivity.interfaces.SendingInterface;
 import com.bbn.marti.takcl.connectivity.missions.MissionDataSyncClient;
+import com.bbn.marti.takcl.connectivity.oas.OpenApiSpecClient;
 import com.bbn.marti.test.shared.TestConnectivityState;
 import com.bbn.marti.test.shared.data.protocols.ProtocolProfilesInterface;
 import com.bbn.marti.test.shared.data.users.AbstractUser;
@@ -72,6 +73,7 @@ public void onConnectivityStateChange(TestConnectivityState state) {
 	private final ConnectingInterface connector;
 
 	public final MissionDataSyncClient mission;
+	public final OpenApiSpecClient oas;
 
 	private final HashSet<ClientResponseListener> listeners = new HashSet<>();
 
@@ -84,9 +86,11 @@ public UnifiedClient(@NotNull AbstractUser user) {
 			if (user.getCertPrivateJksPath() != null) {
 				connector = new ConnectibleTakprotoClient(user, innerActivityListener);
 				mission = new MissionDataSyncClient(user);
+				oas = new OpenApiSpecClient(user);
 			} else {
 				connector = new ConnectibleClient(user, innerActivityListener);
 				mission = null;
+				oas = null;
 			}
 			sender = connector;
 			receiver = connector;
@@ -96,12 +100,13 @@ public UnifiedClient(@NotNull AbstractUser user) {
 			connector = null;
 			receiver = null;
 			mission = null;
-
+			oas = null;
 		} else if (protocol.canListen()) {
 			receiver = new ReceivingClient(user, innerActivityListener);
 			connector = null;
 			sender = null;
 			mission = null;
+			oas = null;
 		} else {
 			throw new RuntimeException("Provided user '" + user.getConsistentUniqueReadableIdentifier() + "' with protocol '" +
 					user.getConnection().getProtocol() + "' cannot be set up as a sender, receiver, or connector!");
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/EnterpriseSyncInterface.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/EnterpriseSyncInterface.java
index 85cda4f1..63afdcdb 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/EnterpriseSyncInterface.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/EnterpriseSyncInterface.java
@@ -4,8 +4,12 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import retrofit2.Call;
-import retrofit2.http.*;
 import com.bbn.marti.takcl.connectivity.missions.MissionModels.EnterpriseSyncUploadResponse;
+import retrofit2.http.Body;
+import retrofit2.http.GET;
+import retrofit2.http.Header;
+import retrofit2.http.POST;
+import retrofit2.http.Query;
 
 public interface EnterpriseSyncInterface {
 	@POST("Marti/sync/upload")
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionDataSyncClient.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionDataSyncClient.java
index bbc9f2d2..9e6cf554 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionDataSyncClient.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionDataSyncClient.java
@@ -19,7 +19,17 @@
 import java.util.concurrent.TimeUnit;
 
 
-import static com.bbn.marti.takcl.connectivity.missions.MissionModels.*;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ApiListResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ApiSetResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ApiSingleResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.EnterpriseSyncUploadResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.Mission;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionChange;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionUserRole;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.PutMissionContents;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ResponseWrapper;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.SubscriptionData;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.gson;
 
 public class MissionDataSyncClient {
 
@@ -37,7 +47,7 @@ public MissionDataSyncClient(@NotNull AbstractUser user) {
 		this.baseUrl = user.getServer().getMissionBaseUrl();
 	}
 
-	private synchronized <T> T createApi(Class<T> interfaceClass) {
+	protected synchronized <T> T createApi(Class<T> interfaceClass) {
 		try {
 			if (_retrofit == null) {
 				SSLHelper.TakClientSslContext tcsc = new SSLHelper.TakClientSslContext(user);
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionDataSyncInterface.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionDataSyncInterface.java
index ff5b10a2..bbd9970a 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionDataSyncInterface.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionDataSyncInterface.java
@@ -4,12 +4,28 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import retrofit2.Call;
-import retrofit2.http.*;
+import retrofit2.http.Body;
+import retrofit2.http.DELETE;
+import retrofit2.http.GET;
+import retrofit2.http.Header;
+import retrofit2.http.Headers;
+import retrofit2.http.POST;
+import retrofit2.http.PUT;
+import retrofit2.http.Path;
+import retrofit2.http.Query;
 
 import java.util.Date;
 import java.util.List;
 
-import static com.bbn.marti.takcl.connectivity.missions.MissionModels.*;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ApiListResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ApiSetResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ApiSingleResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.LogEntry;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.Mission;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionChange;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionUserRole;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.PutMissionContents;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.SubscriptionData;
 
 public interface MissionDataSyncInterface {
 
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionModels.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionModels.java
index 311d6ced..c9829dd2 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionModels.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/missions/MissionModels.java
@@ -2,7 +2,14 @@
 
 import com.bbn.marti.takcl.TestExceptions;
 import com.bbn.marti.tests.Assert;
-import com.google.gson.*;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonDeserializationContext;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParseException;
+import com.google.gson.JsonPrimitive;
 import org.dom4j.Document;
 import org.dom4j.Element;
 import org.jetbrains.annotations.NotNull;
@@ -15,7 +22,16 @@
 import java.lang.reflect.Field;
 import java.lang.reflect.ParameterizedType;
 import java.lang.reflect.Type;
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.TreeSet;
 import java.util.regex.Pattern;
 
 public class MissionModels {
@@ -412,7 +428,7 @@ private boolean assertMatchesExpectation(@NotNull T desiredObject, @Nullable Rec
 					}
 
 					if (EXCEPTION_NOT_NULL.equals(expectedFieldObject)) {
-						if(actualFieldObject == null) {
+						if (actualFieldObject == null) {
 							Assert.assertRecursiveFailure(fieldMetadata, "The expected value cannot be null!");
 						}
 						continue;
@@ -452,7 +468,7 @@ private boolean assertMatchesExpectation(@NotNull T desiredObject, @Nullable Rec
 									throw new RuntimeException("Generic type " + typeArgument + " not currently supported for comparison!");
 								}
 
-							} else if(rawType instanceof Class && ((Class<?>)rawType).isAssignableFrom(List.class)) {
+							} else if (rawType instanceof Class && ((Class<?>)rawType).isAssignableFrom(List.class)) {
 								if (typeArgument == String.class) {
 									result = result && assertListsEqual(fieldMetadata, (List) expectedFieldObject,
 											(List) actualFieldObject, expectationOverrides);
@@ -490,7 +506,7 @@ private boolean assertMatchesExpectation(@NotNull T desiredObject, @Nullable Rec
 											(AssertableObject) expectedFieldObject, fieldMetadata, expectationOverrides);
 								}
 
-							} else if(fieldType instanceof Class && ((Class<?>)fieldType).isEnum()) {
+							} else if (fieldType instanceof Class && ((Class<?>)fieldType).isEnum()) {
 								assertEnumsEqual(fieldMetadata, expectedFieldObject, actualFieldObject);
 
 							} else {
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/oas/OpenApiSpecClient.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/oas/OpenApiSpecClient.java
new file mode 100644
index 00000000..dd098d4b
--- /dev/null
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/oas/OpenApiSpecClient.java
@@ -0,0 +1,59 @@
+package com.bbn.marti.takcl.connectivity.oas;
+
+import com.bbn.marti.takcl.TestLogger;
+import com.bbn.marti.takcl.connectivity.missions.MissionDataSyncClient;
+import com.bbn.marti.test.shared.data.users.AbstractUser;
+import com.google.gson.JsonObject;
+import org.apache.commons.io.FileUtils;
+import org.jetbrains.annotations.NotNull;
+import retrofit2.Call;
+import retrofit2.Response;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+
+public class OpenApiSpecClient extends MissionDataSyncClient {
+
+    private OpenApiSpecInterface _oasApi;
+    private final String filePath = "/opt/tak/TEST_RESULTS/TEST_ARTIFACTS/openapispec.json";
+
+    public OpenApiSpecClient(@NotNull AbstractUser user) {
+        super(user);
+    }
+
+    private synchronized OpenApiSpecInterface oasApi() {
+        if (_oasApi == null) {
+            _oasApi = createApi(OpenApiSpecInterface.class);
+        }
+        return _oasApi;
+    }
+
+    private <T> Response<T> getResponse(Call<T> call) {
+        try {
+            return call.execute();
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public synchronized Response<JsonObject> getOpenApiSpec() {
+        Response<JsonObject> oas = getResponse(oasApi().getOpenApiSpec());
+        if (oas.body() != null) {
+            saveOpenApiSpec(oas.body());
+        }
+        return oas;
+    }
+
+    private void saveOpenApiSpec(JsonObject oas) {
+        try {
+            File file = new File(filePath);
+            FileWriter fr = new FileWriter(file);
+            fr.write(oas.toString());
+            fr.close();
+            System.out.println("Saved OAS to file " + filePath);
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+}
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/oas/OpenApiSpecInterface.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/oas/OpenApiSpecInterface.java
new file mode 100644
index 00000000..0d7db61a
--- /dev/null
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/oas/OpenApiSpecInterface.java
@@ -0,0 +1,14 @@
+package com.bbn.marti.takcl.connectivity.oas;
+
+import com.google.gson.JsonObject;
+import retrofit2.Call;
+import retrofit2.http.GET;
+import retrofit2.http.Headers;
+
+public interface OpenApiSpecInterface {
+
+    @GET("v3/api-docs")
+    @Headers({"Content-Type: application/json;charset=UTF-8"})
+    Call<JsonObject> getOpenApiSpec();
+
+}
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/AbstractRunnableServer.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/AbstractRunnableServer.java
index ab1d769c..2ac8fe83 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/AbstractRunnableServer.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/AbstractRunnableServer.java
@@ -21,7 +21,15 @@
 import java.io.File;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Timer;
+import java.util.TimerTask;
+import java.util.TreeMap;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.stream.Collectors;
 
@@ -154,6 +162,8 @@ public final synchronized void stopServer(long serverKillDelayMS) {
 
 		logger.info("Stopping server " + serverIdentifier + "...");
 
+		updateEnabledProcessStates();
+
 		try {
 			// Since stopping the process will kill the container logs must be collected before shutdown
 			if (TAKCLCore.k8sMode) {
@@ -195,6 +205,7 @@ public void run() {
 			offlineFileAuthtModule.halt();
 
 			serverState = ServerState.STOPPED;
+			updateEnabledProcessStates();
 
 			if (igniteException != null) {
 				throw new RuntimeException(igniteException);
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/KubernetesHelper.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/KubernetesHelper.java
index 3e3d2624..9020f2c8 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/KubernetesHelper.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/KubernetesHelper.java
@@ -11,7 +11,12 @@
 import io.kubernetes.client.openapi.Configuration;
 import io.kubernetes.client.openapi.apis.AppsV1Api;
 import io.kubernetes.client.openapi.apis.CoreV1Api;
-import io.kubernetes.client.openapi.models.*;
+import io.kubernetes.client.openapi.models.V1ConfigMap;
+import io.kubernetes.client.openapi.models.V1Deployment;
+import io.kubernetes.client.openapi.models.V1ObjectMeta;
+import io.kubernetes.client.openapi.models.V1Pod;
+import io.kubernetes.client.openapi.models.V1PodList;
+import io.kubernetes.client.openapi.models.V1StatefulSet;
 import io.kubernetes.client.util.ClientBuilder;
 import io.kubernetes.client.util.PatchUtils;
 import io.kubernetes.client.util.Streams;
@@ -25,7 +30,12 @@
 import java.nio.file.Path;
 import java.time.Duration;
 import java.time.LocalDateTime;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 public class KubernetesHelper {
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/KubernetesRunnableCluster.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/KubernetesRunnableCluster.java
index fe141b46..e79cb49c 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/KubernetesRunnableCluster.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/KubernetesRunnableCluster.java
@@ -136,6 +136,7 @@ protected void innerDeployServer(@NotNull String sessionIdentifier, boolean enab
 			FileUtils.copyFile(certPath.resolve("truststore-root.jks").toFile(), certPath.resolve("truststore.jks").toFile());
 
 			kh.updateConfigmap("core-config", Paths.get(serverIdentifier.getConfigFilePath()));
+			kh.updateConfigmap("tak-ignite-config", Paths.get(serverIdentifier.getTAKIgniteConfigFilePath()));
 			kh.updateConfigmap("cert-migration", TAKCLConfigModule.getInstance().getCertificateDir());
 			kh.updateConfigmap("readiness-config", Paths.get("/clustertestrunner.py"));
 
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/LocalRunnableServer.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/LocalRunnableServer.java
index cc1424a9..85a25ac0 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/LocalRunnableServer.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/LocalRunnableServer.java
@@ -9,7 +9,13 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
 import java.util.stream.Collectors;
 
 import org.jetbrains.annotations.NotNull;
@@ -190,6 +196,12 @@ protected void innerDeployServer(@NotNull String sessionIdentifier, boolean enab
 			if (!Files.exists(coreConfigTargetPath)) {
 				Files.copy(Paths.get(serverIdentifier.getConfigFilePath()), coreConfigTargetPath);
 			}
+
+			Path coreTAKIgniteConfigTargetPath = logPath.resolve(serverName + "-TAKIgniteConfig.xml");
+			if (!Files.exists(coreTAKIgniteConfigTargetPath)) {
+				Files.copy(Paths.get(serverIdentifier.getTAKIgniteConfigFilePath()), coreTAKIgniteConfigTargetPath);
+			}
+
 		} catch (IOException e) {
 			throw new RuntimeException(e);
 		}
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/RunnableServerManager.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/RunnableServerManager.java
index 0c6fd8af..e59bff86 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/RunnableServerManager.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/RunnableServerManager.java
@@ -23,161 +23,185 @@
 
 public class RunnableServerManager {
 
-	private static RunnableServerManager instance;
-
-	private final Map<String, AbstractRunnableServer> serverMap = new HashMap<>();
-
-	private final Timer watchdog;
-
-	private RunnableServerManager() {
-		Runtime.getRuntime().addShutdownHook(new Thread(() -> {
-			for (AbstractRunnableServer server : serverMap.values()) {
-				try {
-					server.killServer();
-				} catch (Exception e) {
-					// Pass, let's try and kill the others too
-				}
-			}
-		}));
-
-		TimerTask tt = new TimerTask() {
-			@Override
-			public void run() {
-				for (AbstractRunnableServer server : serverMap.values()) {
-					try {
-						server.watchdogPoll();
-					} catch (Exception e) {
-						String msg = "The server " + server.serverIdentifier + " Appears to have stoppped running!";
-						System.err.println(msg);
-						destroyAllServers(30000);
-						System.exit(1);
-						Assert.fail(msg);
-					}
-				}
-			}
-		};
-
-		watchdog = new Timer(true);
-		watchdog.scheduleAtFixedRate(tt, 0, 30000);
-	}
-
-	public synchronized static RunnableServerManager getInstance() {
-		if (instance == null) {
-			instance = new RunnableServerManager();
-		}
-		return instance;
-	}
-
-
-	public synchronized AbstractRunnableServer getServerInstance(AbstractServerProfile serverIdentifier) {
-		AbstractRunnableServer server = serverMap.get(serverIdentifier.getConsistentUniqueReadableIdentifier());
-
-		if (server == null) {
-			throw new RuntimeException("The server '" + serverIdentifier.getConsistentUniqueReadableIdentifier() + "' has not been initialized!");
-		} else {
-			return server;
-		}
-	}
-
-	public synchronized boolean serverInstanceExists(AbstractServerProfile serverIdentifier) {
-		return (serverMap.get(serverIdentifier.getConsistentUniqueReadableIdentifier()) != null);
-	}
-
-	/**
-	 * Builds a new instance of the server by copying the predefined server directory files to a temporary directory while this session is running
-	 *
-	 * @return A server instance
-	 */
-	public synchronized AbstractRunnableServer buildServerInstance(AbstractServerProfile serverIdentifier) {
-		if (serverMap.containsKey(serverIdentifier.getConsistentUniqueReadableIdentifier())) {
-			throw new RuntimeException("Server identifier '" + serverIdentifier.getConsistentUniqueReadableIdentifier() + "' is already in use!");
-		}
-
-		cloneFromModelServer(serverIdentifier);
-
-		AbstractRunnableServer newServer;
-
-		if (TAKCLCore.k8sMode) {
-			if (serverIdentifier != ImmutableServerProfiles.SERVER_0 &&
-					((serverIdentifier instanceof MutableServerProfile &&
-							((MutableServerProfile) serverIdentifier).baseProfile != ImmutableServerProfiles.SERVER_0))) {
-				throw new RuntimeException("Currently only single-server deployments are supported in cluster mode!");
-			}
-			newServer = new KubernetesRunnableCluster(serverIdentifier);
-
-		} else {
-			newServer = new LocalRunnableServer(serverIdentifier);
-		}
-
-		serverMap.put(serverIdentifier.getConsistentUniqueReadableIdentifier(), newServer);
-
-		return newServer;
-	}
-
-	public void destroyAllServers(long serverKillDelayMS) {
-		for (AbstractRunnableServer server : serverMap.values()) {
-			if (server.isRunning()) {
-				server.stopServer(serverKillDelayMS);
-			}
-			server.offlineFactoryResetServer();
-			server.killServer();
-		}
-		serverMap.clear();
-
-		if (!TestExceptions.DO_NOT_CLOSE_IGNITE_INSTANCES) {
-			Ignition.stopAll(true);
-		}
-	}
-
-	public static void cloneFromModelServer(AbstractServerProfile newServerIdentifier) {
-		try {
-			TAKCLConfigModule conf = TAKCLConfigModule.getInstance();
-
-			Path modelPath = Paths.get(conf.getTakServerPath()).toAbsolutePath();
-
-			Path farmPath = Paths.get(conf.getServerFarmDir()).toAbsolutePath();
-
-			if (!Files.exists(farmPath)) {
-				Files.createDirectory(farmPath);
-			}
-
-			String serverRootDir = newServerIdentifier.getServerPath();
-
-			if (Files.exists(Paths.get(serverRootDir))) {
-				FileUtils.cleanDirectory(new File(serverRootDir));
-			}
-
-			Path targetPath = Paths.get(serverRootDir);
-
-			FileUtils.copyDirectory(modelPath.toFile(), targetPath.toFile());
-
-			String[] conflictingFiles = new String[]{"CoreConfig.xml", "certs/files", "TEST_RESULTS"};
-
-			for (String file : conflictingFiles) {
-				Path targetFile = targetPath.resolve(file);
-				if (Files.exists(targetFile)) {
-					if (Files.isDirectory(targetFile)) {
-						FileUtils.deleteDirectory(targetFile.toFile());
-					} else {
-						Files.delete(targetFile);
-					}
-				}
-			}
-
-			File certTargetDir = new File(serverRootDir + "/certs/files");
-			FileUtils.forceMkdir(certTargetDir);
-			Files.copy(conf.getCoreConfigExamplePath(), Paths.get(serverRootDir, "CoreConfig.xml"));
-			Files.copy(Paths.get(TAKCLConfigModule.getInstance().getCertificateFilepath(newServerIdentifier.getConsistentUniqueReadableIdentifier(), "jks")), Paths.get(serverRootDir, "certs/files/takserver.jks"));
-			Files.copy(Paths.get(TAKCLConfigModule.getInstance().getTruststoreJKSFilepath()), Paths.get(serverRootDir, "certs/files/truststore-root.jks"));
-			Files.copy(Paths.get(TAKCLConfigModule.getInstance().getTruststoreJKSFilepath()), Paths.get(serverRootDir, "certs/files/fed-truststore.jks"));
-
-		} catch (FileAlreadyExistsException e) {
-			System.err.println("A file expected to not exist already exists! Did you forget to remove an existing TEST_RESULTS directory prior to test execution?");
-			throw new RuntimeException(e);
-
-		} catch (IOException e) {
-			throw new RuntimeException(e);
-		}
-	}
-
+    private static RunnableServerManager instance;
+
+    private final Map<String, AbstractRunnableServer> serverMap = new HashMap<>();
+
+    private final Timer watchdog;
+
+    private RunnableServerManager() {
+        Runtime.getRuntime().addShutdownHook(new Thread(() -> {
+            for (AbstractRunnableServer server : serverMap.values()) {
+                try {
+                    server.killServer();
+                } catch (Exception e) {
+                    // Pass, let's try and kill the others too
+                }
+            }
+        }));
+
+        TimerTask tt = new TimerTask() {
+            @Override
+            public void run() {
+                for (AbstractRunnableServer server : serverMap.values()) {
+                    try {
+                        server.watchdogPoll();
+                    } catch (Exception e) {
+                        String msg = "The server " + server.serverIdentifier + " Appears to have stoppped running!";
+                        System.err.println(msg);
+                        destroyAllServers(30000);
+                        System.exit(1);
+                        Assert.fail(msg);
+                    }
+                }
+            }
+        };
+
+        watchdog = new Timer(true);
+        watchdog.scheduleAtFixedRate(tt, 0, 30000);
+    }
+
+    public synchronized static RunnableServerManager getInstance() {
+        if (instance == null) {
+            instance = new RunnableServerManager();
+        }
+        return instance;
+    }
+
+
+    public synchronized AbstractRunnableServer getServerInstance(AbstractServerProfile serverIdentifier) {
+        AbstractRunnableServer server = serverMap.get(serverIdentifier.getConsistentUniqueReadableIdentifier());
+
+        if (server == null) {
+            throw new RuntimeException("The server '" + serverIdentifier.getConsistentUniqueReadableIdentifier() + "' has not been initialized!");
+        } else {
+            return server;
+        }
+    }
+
+    public synchronized boolean serverInstanceExists(AbstractServerProfile serverIdentifier) {
+        return (serverMap.get(serverIdentifier.getConsistentUniqueReadableIdentifier()) != null);
+    }
+
+    /**
+     * Builds a new instance of the server by copying the predefined server directory files to a temporary directory while this session is running
+     *
+     * @return A server instance
+     */
+    public synchronized AbstractRunnableServer buildServerInstance(AbstractServerProfile serverIdentifier) {
+        if (serverMap.containsKey(serverIdentifier.getConsistentUniqueReadableIdentifier())) {
+            throw new RuntimeException("Server identifier '" + serverIdentifier.getConsistentUniqueReadableIdentifier() + "' is already in use!");
+        }
+
+        cloneFromModelServer(serverIdentifier);
+
+        AbstractRunnableServer newServer;
+
+        if (TAKCLCore.k8sMode) {
+            if (serverIdentifier != ImmutableServerProfiles.SERVER_0 &&
+                    ((serverIdentifier instanceof MutableServerProfile &&
+                            ((MutableServerProfile) serverIdentifier).baseProfile != ImmutableServerProfiles.SERVER_0))) {
+                throw new RuntimeException("Currently only single-server deployments are supported in cluster mode!");
+            }
+            newServer = new KubernetesRunnableCluster(serverIdentifier);
+
+        } else {
+            newServer = new LocalRunnableServer(serverIdentifier);
+        }
+
+        serverMap.put(serverIdentifier.getConsistentUniqueReadableIdentifier(), newServer);
+
+        return newServer;
+    }
+
+    public void destroyAllServers(long serverKillDelayMS) {
+        for (AbstractRunnableServer server : serverMap.values()) {
+            if (server.isRunning()) {
+                server.stopServer(serverKillDelayMS);
+            }
+            server.offlineFactoryResetServer();
+            server.killServer();
+        }
+        serverMap.clear();
+
+        if (!TestExceptions.DO_NOT_CLOSE_IGNITE_INSTANCES) {
+            Ignition.stopAll(true);
+        }
+    }
+
+    public static void cloneFromModelServer(AbstractServerProfile newServerIdentifier) {
+        try {
+            TAKCLConfigModule conf = TAKCLConfigModule.getInstance();
+
+            Path modelPath = Paths.get(conf.getTakServerPath()).toAbsolutePath();
+
+            Path farmPath = Paths.get(conf.getServerFarmDir()).toAbsolutePath();
+
+            if (!Files.exists(farmPath)) {
+                Files.createDirectory(farmPath);
+            }
+
+            String serverRootDir = newServerIdentifier.getServerPath();
+
+            if (Files.exists(Paths.get(serverRootDir))) {
+                FileUtils.cleanDirectory(new File(serverRootDir));
+            }
+
+            Path targetPath = Paths.get(serverRootDir);
+
+            FileUtils.copyDirectory(modelPath.toFile(), targetPath.toFile());
+
+            String[] conflictingFiles = new String[]{"CoreConfig.xml", "certs/files", "TEST_RESULTS"};
+
+            for (String file : conflictingFiles) {
+                Path targetFile = targetPath.resolve(file);
+                if (Files.exists(targetFile)) {
+                    if (Files.isDirectory(targetFile)) {
+                        FileUtils.deleteDirectory(targetFile.toFile());
+                    } else {
+                        Files.delete(targetFile);
+                    }
+                }
+            }
+
+            File certTargetDir = new File(serverRootDir + "/certs/files");
+            FileUtils.forceMkdir(certTargetDir);
+            Files.copy(conf.getCoreConfigExamplePath(), Paths.get(serverRootDir, "CoreConfig.xml"));
+            Files.copy(Paths.get(TAKCLConfigModule.getInstance().getCertificateFilepath(newServerIdentifier.getConsistentUniqueReadableIdentifier(), "jks")), Paths.get(serverRootDir, "certs/files/takserver.jks"));
+            Files.copy(Paths.get(TAKCLConfigModule.getInstance().getTruststoreJKSFilepath()), Paths.get(serverRootDir, "certs/files/truststore-root.jks"));
+            Files.copy(Paths.get(TAKCLConfigModule.getInstance().getTruststoreJKSFilepath()), Paths.get(serverRootDir, "certs/files/fed-truststore.jks"));
+
+        } catch (FileAlreadyExistsException e) {
+            System.err.println("A file expected to not exist already exists! Did you forget to remove an existing TEST_RESULTS directory prior to test execution?");
+            throw new RuntimeException(e);
+
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public void awaitServerShutdowns(int shutdownTimeout) {
+        int duration = 0;
+        boolean serversRunning = true;
+        while (duration < shutdownTimeout && serversRunning) {
+            serversRunning = false;
+            for (AbstractServerProfile server : ImmutableServerProfiles.valueSet()) {
+                if (serverInstanceExists(server)) {
+                    serversRunning = serversRunning || getServerInstance(server).isRunning();
+                }
+                if (serversRunning) {
+                    try {
+                        Thread.sleep(1000);
+                    } catch (InterruptedException e) {
+                        throw new RuntimeException(e);
+                    }
+                }
+            }
+        }
+        if (serversRunning) {
+            System.out.println("The servers were not fully shut down after " + shutdownTimeout + " ms!");
+        } else {
+            System.out.println("The servers have all shut down successfully after " + duration + " ms.");
+        }
+    }
 }
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/ServerProcessDefinition.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/ServerProcessDefinition.java
index e09202f9..1faec9a9 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/ServerProcessDefinition.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/takcl/connectivity/server/ServerProcessDefinition.java
@@ -38,10 +38,17 @@ public enum ServerProcessDefinition {
 					"t.s.retention.RetentionApplication - Started RetentionApplication"
 			)), null),
 
+	ConfigService("config", !TAKCLCore.disableConfigProcess, "takserver.war", "logs/takserver-config.log",
+			Collections.unmodifiableList(Arrays.asList(
+					"t.s.c.ConfigServiceConfiguration - Setting up local and ignite configuration",
+					"t.s.c.ConfigServiceConfiguration - Setting up distributed configuration",
+					"c.b.m.r.c.DistributedConfiguration - execute method DistributedConfiguration"
+			)),
+			Arrays.asList("-Dspring.profiles.active=config")),
+
 	MessagingService("messaging", !TAKCLCore.disableMessagingProcess, "takserver.war", "logs/takserver-messaging.log",
 			Collections.unmodifiableList(Arrays.asList(
 					"c.b.m.s.DistributedSubscriptionManager - DistributedSubscriptionManager execute",
-					" c.b.m.s.DistributedConfiguration - execute method DistributedConfiguration",
 					"t.s.f.DistributedFederationManager - execute method DistributedFederationManager",
 					"c.b.m.g.DistributedPersistentGroupManager - execute method DistributedPersistentGroupManager",
 					"t.s.profile.DistributedServerInfo - execute method DistributedServerInfo",
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/AbstractSingleServerTestClass.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/AbstractSingleServerTestClass.java
index 1422b430..9ecdf3e1 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/AbstractSingleServerTestClass.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/AbstractSingleServerTestClass.java
@@ -1,8 +1,12 @@
 package com.bbn.marti.test.shared;
 
 import ch.qos.logback.classic.Level;
-import com.bbn.marti.takcl.*;
 import com.bbn.marti.takcl.AppModules.TAKCLConfigModule;
+import com.bbn.marti.takcl.SSLHelper;
+import com.bbn.marti.takcl.TAKCLCore;
+import com.bbn.marti.takcl.TAKCLogging;
+import com.bbn.marti.takcl.TestConfiguration;
+import com.bbn.marti.takcl.TestLogger;
 import com.bbn.marti.takcl.connectivity.server.AbstractRunnableServer;
 import com.bbn.marti.test.shared.data.servers.AbstractServerProfile;
 import com.bbn.marti.test.shared.data.servers.ImmutableServerProfiles;
@@ -10,7 +14,11 @@
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.LoggerFactory;
 
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Random;
 
 /**
  * Created on 10/26/15.
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/AbstractTestClass.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/AbstractTestClass.java
index d441afe7..7516df56 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/AbstractTestClass.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/AbstractTestClass.java
@@ -2,7 +2,11 @@
 
 import ch.qos.logback.classic.Level;
 import com.bbn.marti.takcl.AppModules.TAKCLConfigModule;
-import com.bbn.marti.takcl.*;
+import com.bbn.marti.takcl.SSLHelper;
+import com.bbn.marti.takcl.TAKCLCore;
+import com.bbn.marti.takcl.TAKCLogging;
+import com.bbn.marti.takcl.TestConfiguration;
+import com.bbn.marti.takcl.TestLogger;
 import com.bbn.marti.takcl.connectivity.server.AbstractRunnableServer;
 import com.bbn.marti.test.shared.data.servers.AbstractServerProfile;
 import com.bbn.marti.test.shared.data.servers.ImmutableServerProfiles;
@@ -11,7 +15,11 @@
 import org.slf4j.LoggerFactory;
 
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Random;
 
 /**
  * Created on 10/26/15.
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/ActionEngine.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/ActionEngine.java
index 8dc87889..accc4b88 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/ActionEngine.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/ActionEngine.java
@@ -6,6 +6,7 @@
 import com.bbn.marti.takcl.SSLHelper;
 import com.bbn.marti.takcl.TAKCLCore;
 import com.bbn.marti.takcl.TestExceptions;
+import com.bbn.marti.takcl.TestLogger;
 import com.bbn.marti.takcl.connectivity.server.AbstractRunnableServer;
 import com.bbn.marti.takcl.connectivity.server.KubernetesHelper;
 import com.bbn.marti.takcl.connectivity.server.RunnableServerManager;
@@ -25,6 +26,7 @@
 import com.bbn.marti.test.shared.data.users.MutableUser;
 import com.bbn.marti.test.shared.engines.state.StateEngine;
 import com.bbn.marti.test.shared.engines.state.UserState;
+import com.google.gson.JsonObject;
 import io.kubernetes.client.openapi.ApiException;
 
 import org.dom4j.Document;
@@ -38,14 +40,24 @@
 import java.io.FileNotFoundException;
 import java.nio.file.Path;
 import java.security.cert.CertificateException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+import java.util.TreeMap;
+import java.util.TreeSet;
 import java.util.concurrent.ConcurrentSkipListSet;
 import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.stream.Collectors;
 
-import static com.bbn.marti.takcl.connectivity.missions.MissionModels.*;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.EnterpriseSyncUploadResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionUserRole;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.PutMissionContents;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ResponseWrapper;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.SubscriptionData;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.gson;
 
-import atakmap.commoncommo.protobuf.v1.MessageOuterClass.Message;
+import retrofit2.Response;
 
 /**
  * Used to synchronize actions performed in relation to the server (both online and offline)
@@ -255,7 +267,7 @@ synchronized void clear() {
 	private static final double SLEEP_TIME_SEND_MESSAGE_BASE = 1600; // 1400; // 1000; // 400; // 200;
 	private static final double SLEEP_TIME_DISCONNECT_BASE = 1600; // 800; // 400;
 	private static final double SLEEP_TIME_SERVER_START_BASE = 120000;
-	private static final double SLEEP_TIME_SERVER_STOP_BASE = 20000; // 8000; // 4000;
+	private static final double SLEEP_TIME_SERVER_STOP_BASE = 60000; // 30000; // 8000; // 4000;
 	private static final double SLEEP_TIME_GROUP_MANIPULATION_BASE = 2400; // 1200; // 600;
 
 	private static double SLEEP_MULTIPLIER = TAKCLCore.sleepMultiplier;
@@ -594,15 +606,16 @@ public void stopServers(@NotNull AbstractServerProfile... servers) {
 		for (AbstractServerProfile server : servers) {
 			if (serverManager.serverInstanceExists(server)) {
 				serverManager.getServerInstance(server).stopServer(SERVER_KILL_DELAY_MS);
-				sleep(SLEEP_TIME_SERVER_STOP);
+//				sleep(SLEEP_TIME_SERVER_STOP);
 			}
 		}
+		serverManager.awaitServerShutdowns(SLEEP_TIME_SERVER_STOP);
 	}
 
 	@Override
 	public void engineFactoryReset() {
 		serverManager.destroyAllServers(SERVER_KILL_DELAY_MS);
-		sleep(SLEEP_TIME_SERVER_STOP);
+		serverManager.awaitServerShutdowns(SLEEP_TIME_SERVER_STOP);
 
 		// Just in case stray instances are running...
 		if (TAKCLCore.k8sMode) {
@@ -884,6 +897,11 @@ public void fileDownload(@NotNull AbstractUser user, @NotNull String hash) {
 		client.callResponse = client.mission.fileDownload(hash);
 	}
 
+	public void openApiSpecGet(@NotNull AbstractUser user) {
+		data.engineIterationDataClear();
+		ActionClient client = data.getClient(user);
+		Response<JsonObject> response = client.oas.getOpenApiSpec();
+	}
 
 	@Override
 	public void missionDetailsGet(@NotNull AbstractUser user) {
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/EngineHelper.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/EngineHelper.java
index abcecf52..19c852ec 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/EngineHelper.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/EngineHelper.java
@@ -8,11 +8,20 @@
 import com.bbn.marti.test.shared.data.servers.AbstractServerProfile;
 import com.bbn.marti.test.shared.data.servers.ImmutableServerProfiles;
 import com.bbn.marti.test.shared.data.users.AbstractUser;
-import com.bbn.marti.test.shared.engines.state.*;
+import com.bbn.marti.test.shared.engines.state.ConnectionState;
+import com.bbn.marti.test.shared.engines.state.MissionState;
+import com.bbn.marti.test.shared.engines.state.ServerState;
+import com.bbn.marti.test.shared.engines.state.StateEngine;
+import com.bbn.marti.test.shared.engines.state.UserState;
 import com.bbn.marti.tests.Assert;
 import org.jetbrains.annotations.NotNull;
 
-import java.util.*;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.TreeSet;
 import java.util.stream.Collectors;
 
 /**
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/TestEngine.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/TestEngine.java
index df343be2..da4363f2 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/TestEngine.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/TestEngine.java
@@ -406,6 +406,11 @@ public void engineFactoryReset() {
 		stateEngine.engineFactoryReset();
 	}
 
+	public void openApiSpecGet(@NotNull AbstractUser user) {
+		TestLogger.executeEngineCommand("openApiSpecGet");
+		actionEngine.openApiSpecGet(user);
+	}
+
 	@Override
 	public void missionDetailsGetByName(@Nullable String missionName, @NotNull AbstractUser user) {
 		TestLogger.executeEngineCommand("missionDetailsGetByName");
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/EnvironmentState.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/EnvironmentState.java
index 82204a30..fd9b1e6c 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/EnvironmentState.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/EnvironmentState.java
@@ -8,9 +8,16 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
-import java.util.*;
-
-import static com.bbn.marti.takcl.connectivity.missions.MissionModels.*;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.TreeMap;
+import java.util.TreeSet;
+
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.Mission;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionUserPermission;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionUserRole;
 
 /**
  * Created on 1/19/18.
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/MissionState.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/MissionState.java
index 36e38842..f3538bd1 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/MissionState.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/MissionState.java
@@ -8,10 +8,20 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
-import java.util.*;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.TreeMap;
 import java.util.regex.Pattern;
 
-import static com.bbn.marti.takcl.connectivity.missions.MissionModels.*;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.DEFAULT_MISSION_USER_ROLE;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.Mission;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionChange;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionChangeType;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionContentDataContainer;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionUserRole;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.SubscriptionData;
 
 public class MissionState implements Comparable<MissionState> {
 	private final AbstractUser missionOwner;
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/StateEngine.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/StateEngine.java
index cfb28408..f1cc4433 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/StateEngine.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/state/StateEngine.java
@@ -21,7 +21,10 @@
 import java.util.HashSet;
 import java.util.TreeSet;
 
-import static com.bbn.marti.takcl.connectivity.missions.MissionModels.*;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.Mission;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionContentDataContainer;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionUserRole;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.SubscriptionData;
 
 /**
  * Created on 9/7/16.
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/verification/VerificationEngine.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/verification/VerificationEngine.java
index b49299b0..c0d9b7c3 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/verification/VerificationEngine.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/test/shared/engines/verification/VerificationEngine.java
@@ -24,12 +24,32 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
-import java.util.*;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.TreeSet;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
-import static com.bbn.marti.takcl.connectivity.missions.MissionModels.*;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.EXCEPTION_NOT_NULL;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.EnterpriseSyncUploadResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MISSIONCHANGE_SERVERTIME_PATTERN;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MISSIONCHANGE_TIMESTAMP_PATTERN;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MISSION_GROUPS_PATTERN;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MISSION_UIDS_PATTERN;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MISSION_UID_TIMESTAMPS_PATTERN;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.Mission;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionChange;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionContentDataContainer;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionUserPermission;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionUserRole;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ResponseWrapper;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.SubscriptionData;
 import static com.bbn.marti.tests.Assert.SampleObjects;
 
 /**
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/tests/Assert.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/tests/Assert.java
index 6505ba8f..e2463736 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/tests/Assert.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/tests/Assert.java
@@ -9,7 +9,15 @@
 import java.util.List;
 import java.util.Set;
 
-import static com.bbn.marti.takcl.connectivity.missions.MissionModels.*;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ApiListResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ApiSetResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ApiSingleResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.EnterpriseSyncUploadResponse;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.Mission;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.MissionChange;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.RecursiveMetadata;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.ResponseWrapper;
+import static com.bbn.marti.takcl.connectivity.missions.MissionModels.SubscriptionData;
 
 public class Assert {
 
diff --git a/src/takserver-takcl-core/src/main/java/com/bbn/marti/tests/TestScenario.java b/src/takserver-takcl-core/src/main/java/com/bbn/marti/tests/TestScenario.java
index d54efbaa..b45d5921 100644
--- a/src/takserver-takcl-core/src/main/java/com/bbn/marti/tests/TestScenario.java
+++ b/src/takserver-takcl-core/src/main/java/com/bbn/marti/tests/TestScenario.java
@@ -11,7 +11,11 @@
 import com.bbn.marti.test.shared.data.users.MutableUser;
 import org.junit.Test;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Random;
 
 /**
  * Created on 10/26/15.
diff --git a/src/takserver-tool-ui/package-lock.json b/src/takserver-tool-ui/package-lock.json
index b7ed89bd..d986ec42 100644
--- a/src/takserver-tool-ui/package-lock.json
+++ b/src/takserver-tool-ui/package-lock.json
@@ -18,6 +18,7 @@
         "@testing-library/react": "^13.4.0",
         "@testing-library/user-event": "^13.5.0",
         "dayjs": "^1.11.7",
+        "http-proxy-middleware": "^2.0.6",
         "moment": "^2.29.4",
         "react": "^18.2.0",
         "react-dom": "^18.2.0",
diff --git a/src/takserver-tool-ui/package.json b/src/takserver-tool-ui/package.json
index 6bbd7fcc..9064385c 100644
--- a/src/takserver-tool-ui/package.json
+++ b/src/takserver-tool-ui/package.json
@@ -13,6 +13,7 @@
     "@testing-library/react": "^13.4.0",
     "@testing-library/user-event": "^13.5.0",
     "dayjs": "^1.11.7",
+    "http-proxy-middleware": "^2.0.6",
     "moment": "^2.29.4",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
diff --git a/src/testing/takserver-datafeed-load-test/gradle.properties b/src/testing/takserver-datafeed-load-test/gradle.properties
index 786abb0f..79859a8b 100644
--- a/src/testing/takserver-datafeed-load-test/gradle.properties
+++ b/src/testing/takserver-datafeed-load-test/gradle.properties
@@ -14,8 +14,6 @@ postgres_version = 42.3.3
 
 spring_version = 5.3.21
 spring_security_version = 5.7.5
-spring_security_oauth_version = 2.5.2.RELEASE
-spring_security_oauth2_autoconfigure_version = 2.6.8
 spring_security_jwt_version = 1.1.1.RELEASE
 spring_boot_version = 2.7.1
 spring_cloud_starter_version = 2.4.1