From adf058f42a46a5314ea82e536c0517415bef0d09 Mon Sep 17 00:00:00 2001
From: adongare <ashok.dongare@semanticbits.com>
Date: Tue, 19 Dec 2023 13:40:23 -0500
Subject: [PATCH 1/6] MAT-6545 QDM Measure Export - HQMF - Create git repo
 madie-qdm-service - initial project structure - okta spring security - test
 endpoint with PackageController & couple of test cases

---
 .github/CODEOWNERS                            |   2 +
 .github/pull_request_template.md              |  26 ++
 .github/workflows/maven-ci.yml                |  42 +++
 .gitignore                                    |  34 ++
 Dockerfile                                    |  20 ++
 README.md                                     |  31 +-
 docker-compose.yml                            |  10 +
 madie-checkstyle.xml                          |  88 ++++++
 pom.xml                                       | 290 ++++++++++++++++++
 settings.xml                                  |  36 +++
 .../MadieQdmServiceApplication.java           |  45 +++
 .../config/LogInterceptor.java                |  25 ++
 .../config/SecurityConfig.java                |  31 ++
 .../resources/PackageController.java          |  20 ++
 src/main/resources/application-aws.yml        |   6 +
 src/main/resources/application.yml            |  26 ++
 .../PackageControllerMvcTest.java             |  41 +++
 .../PackageControllerTest.java                |  21 ++
 src/test/resources/deleteme.md                |   0
 suppressions.xml                              |  11 +
 20 files changed, 804 insertions(+), 1 deletion(-)
 create mode 100644 .github/CODEOWNERS
 create mode 100644 .github/pull_request_template.md
 create mode 100644 .github/workflows/maven-ci.yml
 create mode 100644 .gitignore
 create mode 100644 Dockerfile
 create mode 100644 docker-compose.yml
 create mode 100644 madie-checkstyle.xml
 create mode 100644 pom.xml
 create mode 100644 settings.xml
 create mode 100644 src/main/java/gov/cms/madie/madieqdmservice/MadieQdmServiceApplication.java
 create mode 100644 src/main/java/gov/cms/madie/madieqdmservice/config/LogInterceptor.java
 create mode 100644 src/main/java/gov/cms/madie/madieqdmservice/config/SecurityConfig.java
 create mode 100644 src/main/java/gov/cms/madie/madieqdmservice/resources/PackageController.java
 create mode 100644 src/main/resources/application-aws.yml
 create mode 100644 src/main/resources/application.yml
 create mode 100644 src/test/java/gov/cms/madie/madieqdmservice/PackageControllerMvcTest.java
 create mode 100644 src/test/java/gov/cms/madie/madieqdmservice/PackageControllerTest.java
 create mode 100644 src/test/resources/deleteme.md
 create mode 100644 suppressions.xml

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..076ee47
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+# Code owners:
+* @MeasureAuthoringTool/madie-developers
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 0000000..f965e19
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,26 @@
+## MADiE PR
+
+Jira Ticket: [MAT-0000](https://jira.cms.gov/browse/MAT-0000)
+(Optional) Related Tickets:
+
+### Summary
+
+### All Submissions
+* [ ] This PR has the JIRA linked.
+* [ ] Required tests are included.
+* [ ] No extemporaneous files are included (i.e Complied files or testing results).
+* [ ] This PR is merging into the **correct branch**.
+* [ ] All Documentation needed for this PR is Complete (or noted in a TODO or other Ticket).
+* [ ] Any breaking changes or failing automations are noted by placing a comment on this PR.
+
+### DevSecOps
+If there is a question if this PR has a security or infrastructure impact, please contact the Security or DevOps engineer assigned to this project to discuss it further.
+
+* [ ] This PR has NO significant security impact (i.e Changing auth methods, Adding a new user type, Adding a required but vulnerable package).
+
+### Reviewers
+By Approving this PR you are attesting to the following:
+
+*  Code is maintainable and reusable, reuses existing code and infrastructure where appropriate, and accomplishes the task’s purpose.
+*  The tests appropriately test the new code, including edge cases.
+*  If you have any concerns they are brought up either to the developer assigned, security engineer, or leads.
diff --git a/.github/workflows/maven-ci.yml b/.github/workflows/maven-ci.yml
new file mode 100644
index 0000000..fc813ba
--- /dev/null
+++ b/.github/workflows/maven-ci.yml
@@ -0,0 +1,42 @@
+name: Java CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+
+      #      Github Authentication is required to download artifacts from github packages
+      #      A secret is created for this repo, so that github actions can fetch it, the secret is named after GH_PAT_FOR_ACTIONS_TOKEN
+      - name: maven-settings
+        uses: s4u/maven-settings-action@v2
+        with:
+          servers: '[{"id": "github", "username": "madieUser", "password": "${GITHUB_TOKEN_REF}"}]'
+          githubServer: false
+
+      - name: Build with Maven
+        run: mvn clean install --file pom.xml
+        env:
+          GITHUB_TOKEN_REF: ${{ secrets.GH_PAT_FOR_ACTIONS_TOKEN }}
+
+      - name: Cache local Maven repository
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..268c85b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,34 @@
+*~
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### OS Specific ###
+.DS_Store
+._.DS_Store
+**/.DS_Store
+**/._.DS_Store
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Ignore .bak files
+*.bak
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..8f73b5c
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,20 @@
+## Use AWS AL2 + Corretto base image
+FROM amazoncorretto:17-al2-jdk
+
+## Add compiled jar
+ARG JAR_FILE=target/*.jar
+COPY ${JAR_FILE} app.jar
+
+## Update packages
+RUN yum update -y --security
+
+## Add the wait script to the image
+ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.7.3/wait /wait
+RUN chmod +x /wait
+
+## Download new relic java agent
+RUN curl -O https://download.newrelic.com/newrelic/java-agent/newrelic-agent/current/newrelic.jar \
+    && curl -O https://download.newrelic.com/newrelic/java-agent/newrelic-agent/current/newrelic.yml
+
+## Launch the wait tool and then your application
+ENTRYPOINT ["java","-jar","-Dspring.profiles.active=it", "app.jar"]
diff --git a/README.md b/README.md
index f83b869..2e9b501 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,30 @@
-# madie-qdm-service
\ No newline at end of file
+# madie-qdm-service
+
+Quantity Data Model service for MADiE application.
+
+To build 
+```
+mvn clean verify 
+```
+
+To run:
+```
+mvn install spring-boot:run 
+```
+
+or
+```
+docker compose up 
+```
+
+
+To test actuator locally
+```
+http://localhost:8086/api/actuator/health 
+```
+
+To test app locally
+```
+http://localhost:8086/api
+```
+should give response unauthorized (HTTP ERROR 401)
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..a6188be
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,10 @@
+version: "3"
+services:
+  madie-qdm-service:
+    build:
+      context: .
+    volumes:
+      - ./:/app:cached
+      - ~/.m2:/root/.m2:consistent
+    ports:
+      - "8086:8086"
\ No newline at end of file
diff --git a/madie-checkstyle.xml b/madie-checkstyle.xml
new file mode 100644
index 0000000..3f4186b
--- /dev/null
+++ b/madie-checkstyle.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0"?>
+<!DOCTYPE module PUBLIC
+        "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
+        "https://checkstyle.org/dtds/configuration_1_3.dtd">
+
+<module name="Checker">
+    <property name="charset" value="UTF-8" />
+
+    <property name="severity" value="error" />
+
+    <property name="fileExtensions" value="java, properties, xml" />
+
+    <!-- https://checkstyle.sourceforge.io/config_sizes.html#FileLength -->
+    <module name="FileLength">
+        <property name="max" value="605" />
+    </module>
+<module name="SuppressionFilter">
+  <property name="file" value="suppressions.xml"/>
+  <property name="optional" value="false"/>
+</module>
+    <!-- https://checkstyle.sourceforge.io/config_sizes.html#LineLength -->
+    <module name="LineLength">
+        <property name="fileExtensions" value="java"/>
+        <property name="max" value="100"/>
+        <property name="ignorePattern" value="^package.*|^import.*|a href|href|http://|https://|ftp://"/>
+    </module>
+    <module name="SuppressWarningsFilter" />
+    <module name="TreeWalker">
+        <module name="SuppressWarningsHolder" />
+        <!-- https://checkstyle.sourceforge.io/config_sizes.html#MethodLength -->
+        <module name="MethodLength">
+            <property name="tokens" value="METHOD_DEF" />
+            <property name="max" value="60" />
+        </module>
+
+        <!-- https://checkstyle.sourceforge.io/config_misc.html#OuterTypeFilename -->
+        <module name="OuterTypeFilename" />
+
+        <!-- https://checkstyle.sourceforge.io/config_coding.html#IllegalTokenText -->
+        <module name="IllegalTokenText">
+            <property name="tokens" value="STRING_LITERAL, CHAR_LITERAL" />
+            <property name="format"
+                      value="\\u00(09|0(a|A)|0(c|C)|0(d|D)|22|27|5(C|c))|\\(0(10|11|12|14|15|42|47)|134)" />
+            <property name="message"
+                      value="Consider using special escape sequence instead of octal value or Unicode escaped value." />
+        </module>
+
+        <!-- https://checkstyle.sourceforge.io/config_misc.html#AvoidEscapedUnicodeCharacters -->
+        <module name="AvoidEscapedUnicodeCharacters">
+            <property name="allowEscapesForControlCharacters"
+                      value="true" />
+            <property name="allowByTailComment" value="true" />
+            <property name="allowNonPrintableEscapes" value="true" />
+        </module>
+
+        <!-- https://checkstyle.sourceforge.io/config_design.html#OneTopLevelClass -->
+        <module name="OneTopLevelClass" />
+
+        <!-- https://checkstyle.sourceforge.io/config_blocks.html#EmptyBlock -->
+        <module name="EmptyBlock">
+            <property name="option" value="TEXT" />
+            <property name="tokens"
+                      value="LITERAL_TRY, LITERAL_FINALLY, LITERAL_IF, LITERAL_ELSE, LITERAL_SWITCH" />
+        </module>
+
+        <!-- https://checkstyle.sourceforge.io/config_blocks.html#NeedBraces -->
+        <module name="NeedBraces" />
+
+        <!-- https://checkstyle.sourceforge.io/config_coding.html#MultipleVariableDeclarations -->
+        <module name="MultipleVariableDeclarations" />
+
+        <!-- https://checkstyle.sourceforge.io/config_misc.html#ArrayTypeStyle -->
+        <module name="ArrayTypeStyle" />
+
+        <!-- https://checkstyle.sourceforge.io/config_coding.html#MissingSwitchDefault -->
+        <module name="MissingSwitchDefault" />
+
+        <!-- https://checkstyle.sourceforge.io/config_coding.html#FallThrough -->
+        <module name="FallThrough" />
+
+        <!-- https://checkstyle.sourceforge.io/config_misc.html#UpperEll -->
+        <module name="UpperEll" />
+
+        <!-- https://checkstyle.sourceforge.io/config_modifier.html#ModifierOrder -->
+        <module name="ModifierOrder"/>
+
+    </module>
+</module>
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..866cc18
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,290 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-parent</artifactId>
+    <version>3.2.0</version>
+    <relativePath></relativePath>
+  </parent>
+  <groupId>gov.cms.madie</groupId>
+  <artifactId>madie-qdm-service</artifactId>
+  <version>0.0.1-SNAPSHOT</version>
+  <name>MADiE QDM Service</name>
+  <description>QDM Service for MADiE</description>
+  <properties>
+    <java.version>17</java.version>
+    <maven.compiler.source>17</maven.compiler.source>
+    <maven.compiler.target>17</maven.compiler.target>
+
+    <maven.jakarta.xml.bind-api.version>4.0.1</maven.jakarta.xml.bind-api.version>
+
+    <maven.pmd.plugin.version>3.21.2</maven.pmd.plugin.version>
+    <maven.sortpom.plugin.version>3.0.1</maven.sortpom.plugin.version>
+    <mvn.checkstyle.file>madie-checkstyle.xml</mvn.checkstyle.file>
+    <mvn.checkstyle.version>3.1.2</mvn.checkstyle.version>
+    <mvnreports.version>3.2.2</mvnreports.version>
+    <mvnsite.version>3.11.0</mvnsite.version>
+    <okta.springboot.starter.version>3.0.5</okta.springboot.starter.version>
+    <puppycrawl.checkstyle.version>10.1</puppycrawl.checkstyle.version>
+    <theoryinpractise.googleformatter.version>1.7.5</theoryinpractise.googleformatter.version>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-web</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.logging.log4j</groupId>
+          <artifactId>log4j-to-slf4j</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.logging.log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-validation</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.okta.spring</groupId>
+      <artifactId>okta-spring-boot-starter</artifactId>
+      <version>${okta.springboot.starter.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-actuator</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.projectlombok</groupId>
+      <artifactId>lombok</artifactId>
+      <optional>true</optional>
+    </dependency>
+
+    <dependency>
+      <groupId>gov.cms.madie</groupId>
+      <artifactId>madie-java-models</artifactId>
+      <version>0.6.6</version>
+    </dependency>
+
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+
+  </dependencies>
+
+  <repositories>
+    <repository>
+      <releases>
+        <enabled>true</enabled>
+      </releases>
+      <id>github</id>
+      <name>MADiE java models</name>
+      <url>https://maven.pkg.github.com/measureauthoringtool/madie-java-models</url>
+    </repository>
+  </repositories>
+
+  <build>
+    <pluginManagement>
+      <plugins>
+        <plugin>
+          <!-- This will save you frustration if you change checkstyle versions -->
+          <groupId>org.apache.maven.plugins</groupId>
+          <artifactId>maven-checkstyle-plugin</artifactId>
+          <version>${mvn.checkstyle.version}</version>
+          <dependencies>
+            <dependency>
+              <groupId>com.puppycrawl.tools</groupId>
+              <artifactId>checkstyle</artifactId>
+              <version>${puppycrawl.checkstyle.version}</version>
+            </dependency>
+          </dependencies>
+        </plugin>
+        <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
+        <plugin>
+          <groupId>org.eclipse.m2e</groupId>
+          <artifactId>lifecycle-mapping</artifactId>
+          <version>1.0.0</version>
+          <configuration>
+            <lifecycleMappingMetadata>
+              <pluginExecutions>
+                <pluginExecution>
+                  <pluginExecutionFilter>
+                    <groupId>com.theoryinpractise</groupId>
+                    <artifactId>googleformatter-maven-plugin</artifactId>
+                    <versionRange>[1.7.3,)</versionRange>
+                    <goals>
+                      <goal>format</goal>
+                    </goals>
+                  </pluginExecutionFilter>
+                  <action>
+                    <ignore></ignore>
+                  </action>
+                </pluginExecution>
+              </pluginExecutions>
+            </lifecycleMappingMetadata>
+          </configuration>
+        </plugin>
+      </plugins>
+    </pluginManagement>
+    <plugins>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+        <configuration>
+          <excludes>
+            <exclude>
+              <groupId>org.projectlombok</groupId>
+              <artifactId>lombok</artifactId>
+            </exclude>
+          </excludes>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.jacoco</groupId>
+        <artifactId>jacoco-maven-plugin</artifactId>
+        <version>0.8.8</version>
+        <executions>
+          <execution>
+            <goals>
+              <goal>prepare-agent</goal>
+            </goals>
+          </execution>
+          <execution>
+            <id>report</id>
+            <goals>
+              <goal>report</goal>
+            </goals>
+            <phase>prepare-package</phase>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>com.theoryinpractise</groupId>
+        <artifactId>googleformatter-maven-plugin</artifactId>
+        <version>${theoryinpractise.googleformatter.version}</version>
+        <executions>
+          <execution>
+            <id>reformat-sources</id>
+            <goals>
+              <goal>format</goal>
+            </goals>
+            <phase>process-sources</phase>
+            <configuration>
+              <includeStale>false</includeStale>
+              <style>GOOGLE</style>
+              <formatMain>true</formatMain>
+              <formatTest>true</formatTest>
+              <filterModified>false</filterModified>
+              <skip>false</skip>
+              <fixImports>false</fixImports>
+              <maxLineLength>100</maxLineLength>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-checkstyle-plugin</artifactId>
+        <configuration>
+          <configLocation>${mvn.checkstyle.file}</configLocation>
+          <suppressionsLocation>suppressions.xml</suppressionsLocation>
+          <suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
+        </configuration>
+        <executions>
+          <execution>
+            <goals>
+              <goal>check</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-pmd-plugin</artifactId>
+        <version>${maven.pmd.plugin.version}</version>
+        <configuration>
+          <targetJdk>${java.version}</targetJdk>
+          <excludes>
+            <exclude>**/vsac/nlm/nih/gov/*.java</exclude>
+          </excludes>
+          <excludeRoots>
+            <excludeRoot>${project.basedir}/src/main/java/generated</excludeRoot>
+          </excludeRoots>
+        </configuration>
+        <executions>
+          <execution>
+            <goals>
+              <goal>check</goal>
+              <goal>cpd-check</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-site-plugin</artifactId>
+        <version>${mvnsite.version}</version>
+      </plugin>
+      <plugin>
+        <groupId>com.github.ekryd.sortpom</groupId>
+        <artifactId>sortpom-maven-plugin</artifactId>
+        <version>${maven.sortpom.plugin.version}</version>
+        <configuration>
+          <sortProperties>true</sortProperties>
+          <keepBlankLines>true</keepBlankLines>
+          <sortDependencies>scope</sortDependencies>
+        </configuration>
+        <executions>
+          <execution>
+            <goals>
+              <goal>sort</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <configuration>
+          <source>${maven.compiler.source}</source>
+          <target>${maven.compiler.target}</target>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+  <reporting>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-project-info-reports-plugin</artifactId>
+        <version>${mvnreports.version}</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-pmd-plugin</artifactId>
+        <version>${maven.pmd.plugin.version}</version>
+        <configuration>
+          <language>java</language>
+          <targetJdk>${java.version}</targetJdk>
+          <excludes>
+            <exclude>${project.basedir}/src/main/java/generated</exclude>
+          </excludes>
+        </configuration>
+      </plugin>
+    </plugins>
+  </reporting>
+</project>
diff --git a/settings.xml b/settings.xml
new file mode 100644
index 0000000..898239b
--- /dev/null
+++ b/settings.xml
@@ -0,0 +1,36 @@
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
+                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
+
+  <activeProfiles>
+    <activeProfile>github</activeProfile>
+  </activeProfiles>
+
+  <profiles>
+    <profile>
+      <id>github</id>
+      <repositories>
+        <repository>
+          <id>central</id>
+          <url>https://repo1.maven.org/maven2</url>
+        </repository>
+        <repository>
+          <id>github</id>
+          <url>https://maven.pkg.github.com/measureauthoringtool/madie-java-models</url>
+          <snapshots>
+            <enabled>true</enabled>
+          </snapshots>
+        </repository>
+      </repositories>
+    </profile>
+  </profiles>
+
+  <servers>
+    <server>
+      <id>github</id>
+        <username>${env.GITHUB_USER}</username>
+        <password>${env.GITHUB_TOKEN}</password>
+    </server>
+  </servers>
+</settings>
diff --git a/src/main/java/gov/cms/madie/madieqdmservice/MadieQdmServiceApplication.java b/src/main/java/gov/cms/madie/madieqdmservice/MadieQdmServiceApplication.java
new file mode 100644
index 0000000..d286ecf
--- /dev/null
+++ b/src/main/java/gov/cms/madie/madieqdmservice/MadieQdmServiceApplication.java
@@ -0,0 +1,45 @@
+package gov.cms.madie.madieqdmservice;
+
+import gov.cms.madie.madieqdmservice.config.LogInterceptor;
+import jakarta.validation.constraints.NotNull;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration;
+import org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@SpringBootApplication(exclude = {MongoAutoConfiguration.class, MongoDataAutoConfiguration.class})
+public class MadieQdmServiceApplication {
+
+  public static void main(String[] args) {
+    SpringApplication.run(MadieQdmServiceApplication.class, args);
+  }
+
+  @Bean
+  public WebMvcConfigurer corsConfigurer(@Autowired LogInterceptor logInterceptor) {
+    return new WebMvcConfigurer() {
+
+      @Override
+      public void addInterceptors(@NotNull InterceptorRegistry registry) {
+        WebMvcConfigurer.super.addInterceptors(registry);
+        registry.addInterceptor(logInterceptor);
+      }
+
+      @Override
+      public void addCorsMappings(@NotNull CorsRegistry registry) {
+        registry
+            .addMapping("/**")
+            .allowedMethods("PUT", "POST", "GET")
+            .allowedOrigins(
+                "http://localhost:9000",
+                "https://dev-madie.hcqis.org",
+                "https://test-madie.hcqis.org",
+                "https://impl-madie.hcqis.org");
+      }
+    };
+  }
+}
diff --git a/src/main/java/gov/cms/madie/madieqdmservice/config/LogInterceptor.java b/src/main/java/gov/cms/madie/madieqdmservice/config/LogInterceptor.java
new file mode 100644
index 0000000..43ae18e
--- /dev/null
+++ b/src/main/java/gov/cms/madie/madieqdmservice/config/LogInterceptor.java
@@ -0,0 +1,25 @@
+package gov.cms.madie.madieqdmservice.config;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+@Slf4j(topic = "action_audit")
+@Component
+public class LogInterceptor implements HandlerInterceptor {
+
+  @Override
+  public void afterCompletion(
+      HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
+    final String username =
+        request.getUserPrincipal() == null ? "" : request.getUserPrincipal().getName();
+    log.info(
+        "User [{}] called [{}] on path [{}] and got response code [{}]",
+        username,
+        request.getMethod(),
+        request.getRequestURI(),
+        response.getStatus());
+  }
+}
diff --git a/src/main/java/gov/cms/madie/madieqdmservice/config/SecurityConfig.java b/src/main/java/gov/cms/madie/madieqdmservice/config/SecurityConfig.java
new file mode 100644
index 0000000..7577249
--- /dev/null
+++ b/src/main/java/gov/cms/madie/madieqdmservice/config/SecurityConfig.java
@@ -0,0 +1,31 @@
+package gov.cms.madie.madieqdmservice.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue;
+
+@Configuration
+public class SecurityConfig {
+
+  @Bean
+  protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+    http.cors(Customizer.withDefaults())
+        .authorizeHttpRequests(
+            request ->
+                request.requestMatchers("/actuator/**").permitAll().anyRequest().authenticated())
+        .sessionManagement(
+            sessionMgt -> sessionMgt.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+        .oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults()))
+        .headers(
+            headers ->
+                headers
+                    .xssProtection(xss -> xss.headerValue(HeaderValue.ENABLED_MODE_BLOCK))
+                    .contentSecurityPolicy(csp -> csp.policyDirectives("script-src 'self' .....")));
+
+    return http.build();
+  }
+}
diff --git a/src/main/java/gov/cms/madie/madieqdmservice/resources/PackageController.java b/src/main/java/gov/cms/madie/madieqdmservice/resources/PackageController.java
new file mode 100644
index 0000000..a2affc8
--- /dev/null
+++ b/src/main/java/gov/cms/madie/madieqdmservice/resources/PackageController.java
@@ -0,0 +1,20 @@
+package gov.cms.madie.madieqdmservice.resources;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Slf4j
+@RestController
+@RequestMapping(path = "/qdm/measures")
+@RequiredArgsConstructor
+public class PackageController {
+
+  @GetMapping("/package")
+  public String getMeasurePackage() {
+    // TODO: implementation coming up soon
+    return "raw package contents";
+  }
+}
diff --git a/src/main/resources/application-aws.yml b/src/main/resources/application-aws.yml
new file mode 100644
index 0000000..e07c947
--- /dev/null
+++ b/src/main/resources/application-aws.yml
@@ -0,0 +1,6 @@
+spring:
+   data:
+      database: ${MONGO_DATABASE}
+      mongodb:
+         uri: mongodb+srv://${MONGO_DBUSER}:${MONGO_DBPASS}@${MONGO_HOST}/${MONGO_DATABASE}${MONGO_OPTIONS}
+
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
new file mode 100644
index 0000000..98664c5
--- /dev/null
+++ b/src/main/resources/application.yml
@@ -0,0 +1,26 @@
+server:
+  port: 8086
+  servlet:
+    context-path: /api
+
+madie:
+  allowedApi: http://localhost:9000
+
+management:
+  endpoints:
+    enabled-by-default: false
+  endpoint:
+    health:
+      enabled: true
+
+logging:
+  level:
+    root: ${LOG_LEVEL:INFO}
+    org:
+      springframework:
+        security: DEBUG
+
+okta:
+  oauth2:
+    issuer: ${OKTA_ISSUER:https://dev-18092578.okta.com/oauth2/default}
+    audience: ${OKTA_AUDIENCE:api://default}
\ No newline at end of file
diff --git a/src/test/java/gov/cms/madie/madieqdmservice/PackageControllerMvcTest.java b/src/test/java/gov/cms/madie/madieqdmservice/PackageControllerMvcTest.java
new file mode 100644
index 0000000..f4c2a18
--- /dev/null
+++ b/src/test/java/gov/cms/madie/madieqdmservice/PackageControllerMvcTest.java
@@ -0,0 +1,41 @@
+package gov.cms.madie.madieqdmservice;
+
+import gov.cms.madie.madieqdmservice.resources.PackageController;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@WebMvcTest({PackageController.class})
+public class PackageControllerMvcTest {
+
+  @Autowired private MockMvc mockMvc;
+
+  private static final String TEST_USER_ID = "john_doe";
+
+  @Test
+  public void testGetPackage() throws Exception {
+    MvcResult result =
+        mockMvc
+            .perform(
+                MockMvcRequestBuilders.get("/qdm/measures/package")
+                    .with(user(TEST_USER_ID))
+                    .with(csrf())
+                    .header(HttpHeaders.AUTHORIZATION, "test-okta")
+                    .contentType(MediaType.APPLICATION_JSON_VALUE))
+            .andExpect(status().isOk())
+            .andReturn();
+    assertThat(result.getResponse().getContentAsString(), is(equalTo("raw package contents")));
+  }
+}
diff --git a/src/test/java/gov/cms/madie/madieqdmservice/PackageControllerTest.java b/src/test/java/gov/cms/madie/madieqdmservice/PackageControllerTest.java
new file mode 100644
index 0000000..1fe6300
--- /dev/null
+++ b/src/test/java/gov/cms/madie/madieqdmservice/PackageControllerTest.java
@@ -0,0 +1,21 @@
+package gov.cms.madie.madieqdmservice;
+
+import gov.cms.madie.madieqdmservice.resources.PackageController;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.junit.jupiter.MockitoExtension;
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+@ExtendWith(MockitoExtension.class)
+public class PackageControllerTest {
+
+  @InjectMocks private PackageController packageController;
+
+  @Test
+  public void testGetPackage() {
+    assertThat(packageController.getMeasurePackage(), is(equalTo("raw package contents")));
+  }
+}
diff --git a/src/test/resources/deleteme.md b/src/test/resources/deleteme.md
new file mode 100644
index 0000000..e69de29
diff --git a/suppressions.xml b/suppressions.xml
new file mode 100644
index 0000000..7d102f5
--- /dev/null
+++ b/suppressions.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE suppressions PUBLIC
+  "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
+  "https://checkstyle.org/dtds/suppressions_1_2.dtd">
+
+<suppressions>
+  <suppress checks="FileLength"
+    files="ParameterHandler.java"
+  />
+</suppressions>
\ No newline at end of file

From f4ebd8981f002223d2082159c056444c4a224871 Mon Sep 17 00:00:00 2001
From: adongare <ashok.dongare@semanticbits.com>
Date: Tue, 19 Dec 2023 13:47:42 -0500
Subject: [PATCH 2/6] MAT-6545 remove unused maven variables

---
 pom.xml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 866cc18..1e21237 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,9 +16,6 @@
     <java.version>17</java.version>
     <maven.compiler.source>17</maven.compiler.source>
     <maven.compiler.target>17</maven.compiler.target>
-
-    <maven.jakarta.xml.bind-api.version>4.0.1</maven.jakarta.xml.bind-api.version>
-
     <maven.pmd.plugin.version>3.21.2</maven.pmd.plugin.version>
     <maven.sortpom.plugin.version>3.0.1</maven.sortpom.plugin.version>
     <mvn.checkstyle.file>madie-checkstyle.xml</mvn.checkstyle.file>

From 23f902994368c25b266b2feab4439128c58908f4 Mon Sep 17 00:00:00 2001
From: adongare <ashok.dongare@semanticbits.com>
Date: Tue, 19 Dec 2023 13:50:21 -0500
Subject: [PATCH 3/6] MAT-6545 update madie java models

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1e21237..4d8081f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -64,7 +64,7 @@
     <dependency>
       <groupId>gov.cms.madie</groupId>
       <artifactId>madie-java-models</artifactId>
-      <version>0.6.6</version>
+      <version>0.6.13-SNAPSHOT</version>
     </dependency>
 
     <dependency>

From 71a913849f93761a2109962b10ae79b0185704b9 Mon Sep 17 00:00:00 2001
From: adongare <ashok.dongare@semanticbits.com>
Date: Tue, 19 Dec 2023 14:41:19 -0500
Subject: [PATCH 4/6] MAT-6545 remove unwanted logging and mongo config

---
 src/main/resources/application-aws.yml | 6 ------
 src/main/resources/application.yml     | 3 ---
 2 files changed, 9 deletions(-)
 delete mode 100644 src/main/resources/application-aws.yml

diff --git a/src/main/resources/application-aws.yml b/src/main/resources/application-aws.yml
deleted file mode 100644
index e07c947..0000000
--- a/src/main/resources/application-aws.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-spring:
-   data:
-      database: ${MONGO_DATABASE}
-      mongodb:
-         uri: mongodb+srv://${MONGO_DBUSER}:${MONGO_DBPASS}@${MONGO_HOST}/${MONGO_DATABASE}${MONGO_OPTIONS}
-
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 98664c5..3ba2de6 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -16,9 +16,6 @@ management:
 logging:
   level:
     root: ${LOG_LEVEL:INFO}
-    org:
-      springframework:
-        security: DEBUG
 
 okta:
   oauth2:

From 7a1035e5debbe55bbe85cdc8602d6a04500ed8b9 Mon Sep 17 00:00:00 2001
From: adongare <ashok.dongare@semanticbits.com>
Date: Tue, 19 Dec 2023 15:28:14 -0500
Subject: [PATCH 5/6] MAT-6545 update formatter plugin to fmt

---
 pom.xml | 57 ++++++++++++++++++++-------------------------------------
 1 file changed, 20 insertions(+), 37 deletions(-)

diff --git a/pom.xml b/pom.xml
index 4d8081f..d7dba1e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
     <mvnsite.version>3.11.0</mvnsite.version>
     <okta.springboot.starter.version>3.0.5</okta.springboot.starter.version>
     <puppycrawl.checkstyle.version>10.1</puppycrawl.checkstyle.version>
-    <theoryinpractise.googleformatter.version>1.7.5</theoryinpractise.googleformatter.version>
+    <spotify.fmt.version>2.21.1</spotify.fmt.version>
   </properties>
 
   <dependencies>
@@ -108,30 +108,21 @@
             </dependency>
           </dependencies>
         </plugin>
-        <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
         <plugin>
-          <groupId>org.eclipse.m2e</groupId>
-          <artifactId>lifecycle-mapping</artifactId>
-          <version>1.0.0</version>
+          <groupId>com.spotify.fmt</groupId>
+          <artifactId>fmt-maven-plugin</artifactId>
+          <version>${spotify.fmt.version}</version>
           <configuration>
-            <lifecycleMappingMetadata>
-              <pluginExecutions>
-                <pluginExecution>
-                  <pluginExecutionFilter>
-                    <groupId>com.theoryinpractise</groupId>
-                    <artifactId>googleformatter-maven-plugin</artifactId>
-                    <versionRange>[1.7.3,)</versionRange>
-                    <goals>
-                      <goal>format</goal>
-                    </goals>
-                  </pluginExecutionFilter>
-                  <action>
-                    <ignore></ignore>
-                  </action>
-                </pluginExecution>
-              </pluginExecutions>
-            </lifecycleMappingMetadata>
+            <skipSortingImports>true</skipSortingImports>
+            <style>google</style>
           </configuration>
+          <executions>
+            <execution>
+              <goals>
+                <goal>format</goal>
+              </goals>
+            </execution>
+          </executions>
         </plugin>
       </plugins>
     </pluginManagement>
@@ -168,26 +159,18 @@
         </executions>
       </plugin>
       <plugin>
-        <groupId>com.theoryinpractise</groupId>
-        <artifactId>googleformatter-maven-plugin</artifactId>
-        <version>${theoryinpractise.googleformatter.version}</version>
+        <groupId>com.spotify.fmt</groupId>
+        <artifactId>fmt-maven-plugin</artifactId>
+        <version>${spotify.fmt.version}</version>
+        <configuration>
+          <skipSortingImports>true</skipSortingImports>
+          <style>google</style>
+        </configuration>
         <executions>
           <execution>
-            <id>reformat-sources</id>
             <goals>
               <goal>format</goal>
             </goals>
-            <phase>process-sources</phase>
-            <configuration>
-              <includeStale>false</includeStale>
-              <style>GOOGLE</style>
-              <formatMain>true</formatMain>
-              <formatTest>true</formatTest>
-              <filterModified>false</filterModified>
-              <skip>false</skip>
-              <fixImports>false</fixImports>
-              <maxLineLength>100</maxLineLength>
-            </configuration>
           </execution>
         </executions>
       </plugin>

From 9567e1f7aceb0b4f78310bc46b00f6c4101becfb Mon Sep 17 00:00:00 2001
From: adongare <ashok.dongare@semanticbits.com>
Date: Tue, 19 Dec 2023 15:32:39 -0500
Subject: [PATCH 6/6] MAT-6545 remove unwanted version

---
 pom.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d7dba1e..7a26eb5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -161,7 +161,6 @@
       <plugin>
         <groupId>com.spotify.fmt</groupId>
         <artifactId>fmt-maven-plugin</artifactId>
-        <version>${spotify.fmt.version}</version>
         <configuration>
           <skipSortingImports>true</skipSortingImports>
           <style>google</style>