From c7af52166922129b5c493b178b5a330f4ea9e876 Mon Sep 17 00:00:00 2001
From: Lee Surprenant <lmsurpre@us.ibm.com>
Date: Mon, 10 May 2021 11:57:22 -0400
Subject: [PATCH] enable liberty dev mode for fhir-server-webapp

Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
---
 .gitignore                                    |   3 +
 fhir-parent/pom.xml                           |   5 +
 fhir-server-webapp/pom.xml                    |  36 +++
 .../default/extension-search-parameters.json  |   9 +
 .../default/extension-search-parameters.md    |  52 +++++
 .../fhir-server-config-audit-cicd.json        | 146 ++++++++++++
 .../fhir-server-config-audit-config.json      | 137 ++++++++++++
 .../fhir-server-config-audit-environment.json | 124 +++++++++++
 .../default/fhir-server-config-db2.json       | 203 +++++++++++++++++
 ...fhir-server-config-notifications-cicd.json | 156 +++++++++++++
 .../fhir-server-config-postgresql.json        |  82 +++++++
 .../config/default/fhir-server-config.json    | 208 ++++++++++++++++++
 .../configDropins/defaults/bulkdata.xml       |  40 ++++
 .../configDropins/defaults/datasource.xml     |  15 ++
 .../configDropins/defaults/keystore.xml       |   4 +
 .../config/configDropins/defaults/openapi.xml |   9 +
 .../defaults/transaction-manager.xml          |   7 +
 .../configDropins/defaults/trustDefault.xml   |   4 +
 .../config/configDropins/disabled/README.md   |  13 ++
 .../config/configDropins/disabled/cors.xml    |   6 +
 .../configDropins/disabled/datasource-db2.xml |  18 ++
 .../disabled/datasource-derby.xml             |  28 +++
 .../disabled/datasource-postgresql.xml        |  17 ++
 .../disabled/db2-cloud/bulkdata.xml           |  55 +++++
 .../configDropins/disabled/db2/bulkdata.xml   |  58 +++++
 .../config/configDropins/disabled/jvm.options |   7 +
 .../config/configDropins/disabled/jwtRS.xml   |  31 +++
 .../disabled/postgres/bulkdata.xml            |  54 +++++
 .../config/configDropins/overrides/.empty     |   0
 .../resources/security/fhirKeyStore.p12       | Bin 0 -> 6868 bytes
 .../resources/security/fhirTrustStore.p12     | Bin 0 -> 8898 bytes
 .../security/kafka.client.keystore.p12        | Bin 0 -> 5514 bytes
 .../security/kafka.client.truststore.p12      | Bin 0 -> 2904 bytes
 .../src/main/liberty/config/server.env        |   1 +
 .../src/main/liberty/config/server.xml        | 119 ++++++++++
 35 files changed, 1647 insertions(+)
 create mode 100644 fhir-server-webapp/src/main/liberty/config/config/default/extension-search-parameters.json
 create mode 100644 fhir-server-webapp/src/main/liberty/config/config/default/extension-search-parameters.md
 create mode 100644 fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-cicd.json
 create mode 100644 fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-config.json
 create mode 100644 fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-environment.json
 create mode 100644 fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-db2.json
 create mode 100644 fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-notifications-cicd.json
 create mode 100644 fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-postgresql.json
 create mode 100644 fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config.json
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/defaults/bulkdata.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/defaults/datasource.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/defaults/keystore.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/defaults/openapi.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/defaults/transaction-manager.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/defaults/trustDefault.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/disabled/README.md
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/disabled/cors.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-db2.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-derby.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-postgresql.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/disabled/db2-cloud/bulkdata.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/disabled/db2/bulkdata.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/disabled/jvm.options
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/disabled/jwtRS.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/disabled/postgres/bulkdata.xml
 create mode 100644 fhir-server-webapp/src/main/liberty/config/configDropins/overrides/.empty
 create mode 100644 fhir-server-webapp/src/main/liberty/config/resources/security/fhirKeyStore.p12
 create mode 100644 fhir-server-webapp/src/main/liberty/config/resources/security/fhirTrustStore.p12
 create mode 100644 fhir-server-webapp/src/main/liberty/config/resources/security/kafka.client.keystore.p12
 create mode 100644 fhir-server-webapp/src/main/liberty/config/resources/security/kafka.client.truststore.p12
 create mode 100644 fhir-server-webapp/src/main/liberty/config/server.env
 create mode 100644 fhir-server-webapp/src/main/liberty/config/server.xml

diff --git a/.gitignore b/.gitignore
index 2c4dab1fde2..5644f0046d9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,9 @@
 *.iml
 .idea/
 
+# VS Code
+.vscode/
+
 # Mac OS X
 .DS_Store
 
diff --git a/fhir-parent/pom.xml b/fhir-parent/pom.xml
index 18f412a95bc..1fc749c2e0f 100644
--- a/fhir-parent/pom.xml
+++ b/fhir-parent/pom.xml
@@ -756,6 +756,11 @@
                         </execution>
                     </executions>
                 </plugin>
+                <plugin>
+                    <groupId>io.openliberty.tools</groupId>
+                    <artifactId>liberty-maven-plugin</artifactId>
+                    <version>3.4.0</version>
+                </plugin>
                 <plugin>
                     <groupId>com.spotify</groupId>
                     <artifactId>dockerfile-maven-plugin</artifactId>
diff --git a/fhir-server-webapp/pom.xml b/fhir-server-webapp/pom.xml
index d37e9d4c3ee..f0a2ced5ce6 100644
--- a/fhir-server-webapp/pom.xml
+++ b/fhir-server-webapp/pom.xml
@@ -87,9 +87,16 @@
             <artifactId>jakarta.servlet-api</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.derby</groupId>
+            <artifactId>derby</artifactId>
+            <version>${derby.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
+        <finalName>${fhir.server.war.name}</finalName>
         <plugins>
             <plugin>
                 <artifactId>maven-war-plugin</artifactId>
@@ -97,6 +104,35 @@
                     <warName>${fhir.server.war.name}</warName>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>io.openliberty.tools</groupId>
+                <artifactId>liberty-maven-plugin</artifactId>
+                <configuration>
+                    <!-- <verifyTimeout>120</verifyTimeout> -->
+                    <!-- <bootstrapProperties>
+                        <default.http.port>9080</default.http.port>
+                        <default.https.port>9443</default.https.port>
+                    </bootstrapProperties> -->
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <version>3.1.2</version>
+                <executions>
+                    <execution>
+                        <id>copy-derby-dependency</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>copy-dependencies</goal>
+                        </goals>
+                        <configuration>
+                            <includeArtifactIds>derby</includeArtifactIds>
+                            <outputDirectory>${project.build.directory}/liberty/wlp/usr/shared/lib/derby/</outputDirectory>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 
diff --git a/fhir-server-webapp/src/main/liberty/config/config/default/extension-search-parameters.json b/fhir-server-webapp/src/main/liberty/config/config/default/extension-search-parameters.json
new file mode 100644
index 00000000000..23e3adda7db
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/config/default/extension-search-parameters.json
@@ -0,0 +1,9 @@
+{
+	"resourceType": "Bundle",
+	"id": "searchParams",
+	"meta": {
+		"lastUpdated": "2018-12-27T22:37:54.724+11:00"
+	},
+	"type": "collection",
+	"entry": []
+}
diff --git a/fhir-server-webapp/src/main/liberty/config/config/default/extension-search-parameters.md b/fhir-server-webapp/src/main/liberty/config/config/default/extension-search-parameters.md
new file mode 100644
index 00000000000..5c06f076d93
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/config/default/extension-search-parameters.md
@@ -0,0 +1,52 @@
+Modify the Bundle to add your Search Parameter definitions.  
+
+An example as follows: 
+
+{
+	"resourceType": "Bundle",
+	"id": "searchParams",
+	"meta": {
+		"lastUpdated": "2019-07-12T22:37:54.724+11:00"
+	},
+	"type": "collection",
+	"entry": [{
+		"fullUrl": "http://ibm.com/fhir/SearchParameter/Patient-favorite-color",
+		"resource": {
+			"resourceType": "SearchParameter",
+			"id": "Patient-favorite-color",
+			"url": "http://ibm.com/fhir/SearchParameter/Patient-favorite-color",
+			"version": "4.0.0",
+			"name": "favorite-color",
+			"status": "draft",
+			"experimental": false,
+			"date": "2018-12-27T22:37:54+11:00",
+			"publisher": "IBM FHIR Server Test",
+			"contact": [{
+				"telecom": [{
+					"system": "url",
+					"value": "http://ibm.com/fhir"
+				}]
+			},
+			{
+				"telecom": [{
+					"system": "url",
+					"value": "http://ibm.com/fhir"
+				}]
+			}],
+			"description": "the patient's favorite color",
+			"code": "favorite-color",
+			"base": ["Patient"],
+			"type": "string",
+			"xpathUsage": "normal",
+			"xpath": "f:Patient/f:extension[@url='http://ibm.com/fhir/extension/Patient/favorite-color']/f:valueString",
+			"expression": "Patient.extension.where(url='http://ibm.com/fhir/extension/Patient/favorite-color').valueString",
+			"multipleOr": true,
+			"multipleAnd": true,
+			"modifier": []
+		}
+	}]
+}
+
+
+
+FHIR® is the registered trademark of HL7 and is used with the permission of HL7.
\ No newline at end of file
diff --git a/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-cicd.json b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-cicd.json
new file mode 100644
index 00000000000..45a2485bb3e
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-cicd.json
@@ -0,0 +1,146 @@
+{
+    "__comment": "FHIR Server configuration",
+    "fhirServer": {
+        "core": {
+            "tenantIdHeaderName": "X-FHIR-TENANT-ID",
+            "datastoreIdHeaderName": "X-FHIR-DSID",
+            "checkReferenceTypes": true,
+            "conditionalDeleteMaxNumber": 10,
+            "serverRegistryResourceProviderEnabled": true,
+            "disabledOperations": ""
+        },
+        "security": {
+            "cors": true,
+            "basic": {
+                "enabled": true
+            },
+            "certificates": {
+                "enabled": true
+            },
+            "oauth": {
+                "enabled": false,
+                "regUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/registration",
+                "authUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/authorize",
+                "tokenUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/token",
+                "smart": {
+                    "enabled": false,
+                    "scopes": ["openid",
+                    "profile",
+                    "fhirUser",
+                    "launch/patient",
+                    "patient/*.*",
+                    "offline_access"],
+                    "capabilities": ["sso-openid-connect",
+                    "launch-standalone",
+                    "client-public",
+                    "client-confidential-symmetric",
+                    "permission-offline",
+                    "context-standalone-patient",
+                    "permission-patient"]
+                }
+            }
+        },
+        "notifications": {
+            "common": {
+                "__comment_includeResourceTypes": ["QuestionnaireResponse",
+                "CarePlan",
+                "MedicationAdministration",
+                "Device",
+                "DeviceComponent",
+                "DeviceMetric",
+                "MedicationOrder",
+                "Observation"]
+            },
+            "websocket": {
+                "__comment": "only enable this for single-tenant, single-server deployments",
+                "enabled": false
+            },
+            "kafka": {
+                "enabled": false,
+                "topicName": "fhirNotifications",
+                "connectionProperties": {
+                    "group.id": "securing-kafka-group",
+                    "bootstrap.servers": "localhost:9093",
+                    "security.protocol": "SSL",
+                    "ssl.truststore.location": "resources/security/kafka.client.truststore.p12",
+                    "ssl.truststore.password": "change-password",
+                    "ssl.keystore.location": "resources/security/kafka.client.keystore.p12",
+                    "ssl.keystore.password": "change-password",
+                    "ssl.key.password": "change-password",
+                    "ssl.truststore.type": "PKCS12",
+                    "ssl.keystore.type": "PKCS12",
+                    "acks": "all",
+                    "retries": "60",
+                    "request.timeout.ms": "10000",
+                    "max.block.ms": "60000",
+                    "max.in.flight.requests.per.connection": "5"
+                }
+            },
+            "nats": {
+                "enabled": false,
+                "cluster": "nats-streaming",
+                "channel": "fhirNotifications",
+                "clientId": "fhir-server",
+                "servers": "nats://nats-node1:4222,nats://nats-node2:4222,nats://nats-node3:4222",
+                "useTLS": false,
+                "truststoreLocation": "resources/security/nats.client.truststore.jks",
+                "truststorePassword": "change-password",
+                "keystoreLocation": "resources/security/nats.client.keystore.jks",
+                "keystorePassword": "change-password"
+            }
+        },
+        "audit": {
+            "serviceClassName": "com.ibm.fhir.audit.impl.KafkaService",
+            "serviceProperties": {
+                "load": "config",
+                "mapper": "cadf",
+                "auditTopic": "FHIR_AUDIT",
+                "geoCity": "Hamil",
+                "geoState": "Texas",
+                "geoCounty": "USA",
+                "kafka": {
+                    "bootstrap.servers": "kafka-1:19092,kafka-2:29092",
+                    "security.protocol": "SSL",
+                    "ssl.protocol": "TLSv1.2",
+                    "ssl.enabled.protocols": "TLSv1.2",
+                    "ssl.endpoint.identification.algorithm": "",
+                    "ssl.keystore.filename": "/config/config/default/kafka.producer.keystore.jks",
+                    "ssl.key.credentials": "/config/config/default/producer_sslkey_creds",
+                    "ssl.keystore.location": "/config/config/default/kafka.producer.keystore.jks",
+                    "ssl.truststore.location": "/config/config/default/kafka.producer.truststore.jks",
+                    "ssl.client.auth": "requested",
+                    "ssl.keystore.credentials": "/config/config/default/producer_keystore_creds",
+                    "ssl.keystore.password": "change-password",
+                    "security.inter.broker.protocol": "SSL",
+                    "ssl.key.password": "change-password",
+                    "ssl.truststore.password": "change-password",
+                    "ssl.truststore.filename": "/config/config/default/kafka.producer.truststore.jks",
+                    "ssl.truststore.credentials": "/config/config/default/producer_truststore_creds"
+                }
+            }
+        },
+        "persistence": {
+            "factoryClassname": "com.ibm.fhir.persistence.jdbc.FHIRPersistenceJDBCFactory",
+            "common": {
+                "__comment": "Configuration properties common to all persistence layer implementations",
+                "updateCreateEnabled": true
+            },
+            "jdbc": {
+                "__comment": "Configuration properties for the JDBC persistence implementation",
+                "enableCodeSystemsCache": true,
+                "enableParameterNamesCache": true,
+                "enableResourceTypesCache": true
+            },
+            "datasources": {
+                "default": {
+                    "jndiName": "jdbc/bootstrap_default_default",
+                    "type": "derby",
+                    "currentSchema": "APP"
+                }
+            }
+        },
+        "bulkdata": {
+            "enabled": false
+        }
+    }
+}
diff --git a/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-config.json b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-config.json
new file mode 100644
index 00000000000..7957a084744
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-config.json
@@ -0,0 +1,137 @@
+{
+    "__comment": "FHIR Server configuration",
+    "fhirServer": {
+        "core": {
+            "tenantIdHeaderName": "X-FHIR-TENANT-ID",
+            "datastoreIdHeaderName": "X-FHIR-DSID",
+            "checkReferenceTypes": true,
+            "conditionalDeleteMaxNumber": 10,
+            "serverRegistryResourceProviderEnabled": true,
+            "disabledOperations": ""
+        },
+        "security": {
+            "cors": true,
+            "basic": {
+                "enabled": true
+            },
+            "certificates": {
+                "enabled": true
+            },
+            "oauth": {
+                "enabled": false,
+                "regUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/registration",
+                "authUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/authorize",
+                "tokenUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/token",
+                "smart": {
+                    "enabled": false,
+                    "scopes": ["openid", "profile", "fhirUser", "launch/patient", "patient/*.*", "offline_access"],
+                    "capabilities": [
+                        "sso-openid-connect",
+                        "launch-standalone",
+                        "client-public",
+                        "client-confidential-symmetric",
+                        "permission-offline",
+                        "context-standalone-patient",
+                        "permission-patient"
+                    ]
+                }
+            }
+        },
+        "notifications": {
+            "common": {
+                "__comment_includeResourceTypes": [
+                    "QuestionnaireResponse",
+                    "CarePlan",
+                    "MedicationAdministration",
+                    "Device",
+                    "DeviceComponent",
+                    "DeviceMetric",
+                    "MedicationOrder",
+                    "Observation"
+                ]
+            },
+            "websocket": {
+                "__comment": "only enable this for single-tenant, single-server deployments",
+                "enabled": false
+            },
+            "kafka": {
+                "enabled": false,
+                "topicName": "fhirNotifications",
+                "connectionProperties": {
+                    "group.id": "securing-kafka-group",
+                    "bootstrap.servers": "localhost:9093",
+                    "security.protocol": "SSL",
+                    "ssl.truststore.location": "resources/security/kafka.client.truststore.p12",
+                    "ssl.truststore.password": "change-password",
+                    "ssl.keystore.location": "resources/security/kafka.client.keystore.p12",
+                    "ssl.keystore.password": "change-password",
+                    "ssl.key.password": "change-password",
+                    "ssl.truststore.type": "PKCS12",
+                    "ssl.keystore.type": "PKCS12",
+                    "acks": "all",
+                    "retries": "60",
+                    "request.timeout.ms": "10000",
+                    "max.block.ms": "60000",
+                    "max.in.flight.requests.per.connection": "5"
+                }
+            },
+            "nats": {
+                "enabled": false,
+                "cluster": "nats-streaming",
+                "channel": "fhirNotifications",
+                "clientId": "fhir-server",
+                "servers": "nats://nats-node1:4222,nats://nats-node2:4222,nats://nats-node3:4222",
+                "useTLS": false,
+                "truststoreLocation": "resources/security/nats.client.truststore.jks",
+                "truststorePassword": "change-password",
+                "keystoreLocation": "resources/security/nats.client.keystore.jks",
+                "keystorePassword": "change-password"
+            }
+        },
+        "audit": {
+            "serviceClassName" : "com.ibm.fhir.audit.impl.KafkaService",
+            "serviceProperties": {
+                "load": "config",
+                "mapper": "cadf",
+                "auditTopic": "FHIR_AUDIT",
+                "geoCity": "Dallas",
+                "geoState": "TX",
+                "geoCounty": "US",
+                "kafka" : {
+                        "sasl.jaas.config": "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"token\" password=\"apiKeyCanGoHere\";",
+                        "bootstrap.servers": "broker-1:9093,broker-2:9093",
+                        "sasl.mechanism": "PLAIN",
+                        "security.protocol": "SASL_SSL",
+                        "ssl.protocol": "TLSv1.2",
+                        "ssl.enabled.protocols": "TLSv1.2",
+                        "ssl.endpoint.identification.algorithm": "HTTPS"
+                },
+                "kafkaServers": "broker-1:9093,broker-2:9093",
+                "kafkaApiKey": "apiKeyCanGoHere"
+            }
+        },
+        "persistence": {
+            "factoryClassname": "com.ibm.fhir.persistence.jdbc.FHIRPersistenceJDBCFactory",
+            "common": {
+                "__comment": "Configuration properties common to all persistence layer implementations",
+                "updateCreateEnabled": true
+            },
+            "jdbc": {
+                "__comment": "Configuration properties for the JDBC persistence implementation",
+                "enableCodeSystemsCache": true,
+                "enableParameterNamesCache": true,
+                "enableResourceTypesCache": true
+            },
+            "datasources": {
+                "default": {
+                    "jndiName": "jdbc/bootstrap_default_default",
+                    "type": "derby",
+                    "currentSchema": "APP"
+                }
+            }
+        },
+        "bulkdata": {
+            "enabled": false
+        }
+    }
+}
diff --git a/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-environment.json b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-environment.json
new file mode 100644
index 00000000000..6422b1f997b
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-audit-environment.json
@@ -0,0 +1,124 @@
+{
+    "__comment": "FHIR Server configuration",
+    "fhirServer": {
+        "core": {
+            "tenantIdHeaderName": "X-FHIR-TENANT-ID",
+            "datastoreIdHeaderName": "X-FHIR-DSID",
+            "checkReferenceTypes": true,
+            "conditionalDeleteMaxNumber": 10,
+            "serverRegistryResourceProviderEnabled": true,
+            "disabledOperations": ""
+        },
+        "security": {
+            "cors": true,
+            "basic": {
+                "enabled": true
+            },
+            "certificates": {
+                "enabled": true
+            },
+            "oauth": {
+                "enabled": false,
+                "regUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/registration",
+                "authUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/authorize",
+                "tokenUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/token",
+                "smart": {
+                    "enabled": false,
+                    "scopes": ["openid", "profile", "fhirUser", "launch/patient", "patient/*.*", "offline_access"],
+                    "capabilities": [
+                        "sso-openid-connect",
+                        "launch-standalone",
+                        "client-public",
+                        "client-confidential-symmetric",
+                        "permission-offline",
+                        "context-standalone-patient",
+                        "permission-patient"
+                    ]
+                }
+            }
+        },
+        "notifications": {
+            "common": {
+                "__comment_includeResourceTypes": [
+                    "QuestionnaireResponse",
+                    "CarePlan",
+                    "MedicationAdministration",
+                    "Device",
+                    "DeviceComponent",
+                    "DeviceMetric",
+                    "MedicationOrder",
+                    "Observation"
+                ]
+            },
+            "websocket": {
+                "__comment": "only enable this for single-tenant, single-server deployments",
+                "enabled": false
+            },
+            "kafka": {
+                "enabled": false,
+                "topicName": "fhirNotifications",
+                "connectionProperties": {
+                    "group.id": "securing-kafka-group",
+                    "bootstrap.servers": "localhost:9093",
+                    "security.protocol": "SSL",
+                    "ssl.truststore.location": "resources/security/kafka.client.truststore.p12",
+                    "ssl.truststore.password": "change-password",
+                    "ssl.keystore.location": "resources/security/kafka.client.keystore.p12",
+                    "ssl.keystore.password": "change-password",
+                    "ssl.key.password": "change-password",
+                    "ssl.truststore.type": "PKCS12",
+                    "ssl.keystore.type": "PKCS12",
+                    "acks": "all",
+                    "retries": "60",
+                    "request.timeout.ms": "10000",
+                    "max.block.ms": "60000",
+                    "max.in.flight.requests.per.connection": "5"
+                }
+            },
+            "nats": {
+                "enabled": false,
+                "cluster": "nats-streaming",
+                "channel": "fhirNotifications",
+                "clientId": "fhir-server",
+                "servers": "nats://nats-node1:4222,nats://nats-node2:4222,nats://nats-node3:4222",
+                "useTLS": false,
+                "truststoreLocation": "resources/security/nats.client.truststore.jks",
+                "truststorePassword": "change-password",
+                "keystoreLocation": "resources/security/nats.client.keystore.jks",
+                "keystorePassword": "change-password"
+            }
+        },
+        "audit": {
+            "serviceClassName" : "com.ibm.fhir.audit.impl.KafkaService",
+            "serviceProperties" : {
+                "auditTopic": "FHIR_AUDIT",
+                "geoCity": "Dallas",
+                "geoState": "TX",
+                "geoCounty": "US"
+            }
+        },
+        "persistence": {
+            "factoryClassname": "com.ibm.fhir.persistence.jdbc.FHIRPersistenceJDBCFactory",
+            "common": {
+                "__comment": "Configuration properties common to all persistence layer implementations",
+                "updateCreateEnabled": true
+            },
+            "jdbc": {
+                "__comment": "Configuration properties for the JDBC persistence implementation",
+                "enableCodeSystemsCache": true,
+                "enableParameterNamesCache": true,
+                "enableResourceTypesCache": true
+            },
+            "datasources": {
+                "default": {
+                    "jndiName": "jdbc/bootstrap_default_default",
+                    "type": "derby",
+                    "currentSchema": "APP"
+                }
+            }
+        },
+        "bulkdata": {
+            "enabled": false
+        }
+    }
+}
diff --git a/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-db2.json b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-db2.json
new file mode 100644
index 00000000000..f2073c54cc0
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-db2.json
@@ -0,0 +1,203 @@
+{
+    "__comment": "FHIR Server configuration",
+    "fhirServer": {
+        "core": {
+            "tenantIdHeaderName": "X-FHIR-TENANT-ID",
+            "datastoreIdHeaderName": "X-FHIR-DSID",
+            "originalRequestUriHeaderName": "X-FHIR-FORWARDED-URL",
+            "checkReferenceTypes": true,
+            "conditionalDeleteMaxNumber": 10,
+            "capabilityStatementCacheTimeout": 60,
+            "serverRegistryResourceProviderEnabled": true,
+            "disabledOperations": ""
+        },
+        "security": {
+            "cors": true,
+            "basic": {
+                "enabled": true
+            },
+            "certificates": {
+                "enabled": true
+            },
+            "oauth": {
+                "enabled": false,
+                "regUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/registration",
+                "authUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/authorize",
+                "tokenUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/token",
+                "smart": {
+                    "enabled": false,
+                    "scopes": ["openid", "profile", "fhirUser", "launch/patient", "patient/*.*", "offline_access"],
+                    "capabilities": [
+                        "sso-openid-connect",
+                        "launch-standalone",
+                        "client-public",
+                        "client-confidential-symmetric",
+                        "permission-offline",
+                        "context-standalone-patient",
+                        "permission-patient"
+                    ]
+                }
+            }
+        },
+        "notifications": {
+            "common": {
+                "__comment_includeResourceTypes": [
+                    "QuestionnaireResponse",
+                    "CarePlan",
+                    "MedicationAdministration",
+                    "Device",
+                    "DeviceComponent",
+                    "DeviceMetric",
+                    "MedicationOrder",
+                    "Observation"
+                ]
+            },
+            "websocket": {
+                "enabled": true
+            },
+            "kafka": {
+                "enabled": false,
+                "topicName": "fhirNotifications",
+                "connectionProperties": {
+                    "group.id": "securing-kafka-group",
+                    "bootstrap.servers": "localhost:9093",
+                    "security.protocol": "SSL",
+                    "ssl.truststore.location": "resources/security/kafka.client.truststore.p12",
+                    "ssl.truststore.password": "change-password",
+                    "ssl.keystore.location": "resources/security/kafka.client.keystore.p12",
+                    "ssl.keystore.password": "change-password",
+                    "ssl.key.password": "change-password",
+                    "ssl.truststore.type": "PKCS12",
+                    "ssl.keystore.type": "PKCS12",
+                    "acks": "all",
+                    "retries": "60",
+                    "request.timeout.ms": "10000",
+                    "max.block.ms": "60000",
+                    "max.in.flight.requests.per.connection": "5"
+                }
+            },
+            "nats": {
+                "enabled": true,
+                "cluster": "nats-streaming",
+                "channel": "fhirNotifications",
+                "clientId": "fhir-server",
+                "servers": "nats://nats-node1:4222,nats://nats-node2:4222,nats://nats-node3:4222",
+                "useTLS": false,
+                "truststoreLocation": "resources/security/nats.client.truststore.jks",
+                "truststorePassword": "change-password",
+                "keystoreLocation": "resources/security/nats.client.keystore.jks",
+                "keystorePassword": "change-password"
+            }
+        },
+        "audit": {
+            "serviceClassName" : "com.ibm.fhir.audit.impl.NopService",
+            "serviceProperties" : {
+            }
+        },
+        "persistence": {
+            "factoryClassname": "com.ibm.fhir.persistence.jdbc.FHIRPersistenceJDBCFactory",
+            "common": {
+                "__comment": "Configuration properties common to all persistence layer implementations",
+                "updateCreateEnabled": true
+            },
+            "jdbc": {
+                "__comment": "Configuration properties for the JDBC persistence implementation",
+                "enableCodeSystemsCache": true,
+                "enableParameterNamesCache": true,
+                "enableResourceTypesCache": true
+            },
+            "datasources": {
+                "default": {
+                    "type": "db2",
+                    "currentSchema": "fhirdata",
+                    "tenantKey": "<the-tenant-key>",
+                    "hints" : {
+                      "search.reopt": "ONCE"
+                    }
+                }
+            }
+        },
+        "bulkdata": {
+            "enabled": true,
+            "core": {
+                "api": {
+                    "url": "https://localhost:9443/ibm/api/batch",
+                    "user": "fhiradmin",
+                    "password": "change-password",
+                    "truststore": "resources/security/fhirTrustStore.p12",
+                    "truststorePassword": "change-password", 
+                    "trustAll": true
+                },
+                "cos" : { 
+                    "partUploadTriggerSizeMB": 10,
+                    "objectSizeThresholdMB": 200,
+                    "objectResourceCountThreshold": 200000,
+                    "useServerTruststore": true
+                },
+                "file" : { 
+                    "writeTriggerSizeMB": 1,
+                    "sizeThresholdMB": 200,
+                    "resourceCountThreshold": 200000
+                },
+                "pageSize": 100,
+                "batchIdEncryptionKey": "change-password",
+                "maxPartitions": 3, 
+                "maxInputs": 5
+            },
+            "storageProviders": {
+                "default" : {
+                    "type": "file",
+                    "_type": "ibm-cos|aws-s3|file|https|azure-blob",
+                    "validBaseUrls": [],
+                    "fileBase": "/output/bulkdata",
+                    "enableParquet": false,
+                    "disableBaseUrlValidation": true,
+                    "disableOperationOutcomes": true,
+                    "duplicationCheck": false, 
+                    "validateResources": false
+                },
+                "minio" : {
+                    "type": "aws-s3",
+                    "bucketName": "fhirbulkdata",
+                    "location": "us",
+                    "endpointInternal": "https://minio:9000",
+                    "endpointExternal": "https://localhost:9000",
+                    "auth" : {
+                        "type": "hmac",
+                        "accessKeyId": "minio",
+                        "secretAccessKey": "change-password"
+                    },
+                    "enableParquet": false,
+                    "disableBaseUrlValidation": true,
+                    "disableOperationOutcomes": true,
+                    "duplicationCheck": false, 
+                    "validateResources": false, 
+                    "create": false,
+                    "presigned": true
+                },
+                "azure" : {
+                    "type": "azure-blob",
+                    "_type": "ibm-cos|aws-s3|file|https|azure-blob",
+                    "bucketName": "fhirbulkdata",
+                    "auth" : {
+                        "type": "connection",
+                        "connection": "DefaultEndpointsProtocol=https;AccountName=XYZ;AccountKey=XYZKEY;EndpointSuffix=core.windows.net"
+                    },
+                    "disableOperationOutcomes": true,
+                    "duplicationCheck": false, 
+                    "validateResources": false, 
+                    "create": false
+                }
+            }
+        },
+        "operations": {
+            "erase": {
+                "enabled": true,
+                "allowedRoles": [
+                    "FHIROperationAdmin",
+                    "FHIRUsers"
+                ]
+            }
+        }
+    }
+}
diff --git a/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-notifications-cicd.json b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-notifications-cicd.json
new file mode 100644
index 00000000000..6fa67308d4e
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-notifications-cicd.json
@@ -0,0 +1,156 @@
+{
+    "__comment": "FHIR Server configuration",
+    "fhirServer": {
+        "core": {
+            "tenantIdHeaderName": "X-FHIR-TENANT-ID",
+            "datastoreIdHeaderName": "X-FHIR-DSID",
+            "checkReferenceTypes": true,
+            "conditionalDeleteMaxNumber": 10,
+            "serverRegistryResourceProviderEnabled": true,
+            "disabledOperations": ""
+        },
+        "security": {
+            "cors": true,
+            "basic": {
+                "enabled": true
+            },
+            "certificates": {
+                "enabled": true
+            },
+            "oauth": {
+                "enabled": false,
+                "regUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/registration",
+                "authUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/authorize",
+                "tokenUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/token",
+                "smart": {
+                    "enabled": false,
+                    "scopes": ["openid",
+                    "profile",
+                    "fhirUser",
+                    "launch/patient",
+                    "patient/*.*",
+                    "offline_access"],
+                    "capabilities": ["sso-openid-connect",
+                    "launch-standalone",
+                    "client-public",
+                    "client-confidential-symmetric",
+                    "permission-offline",
+                    "context-standalone-patient",
+                    "permission-patient"]
+                }
+            }
+        },
+        "notifications": {
+            "common": {
+                "includeResourceTypes": [
+                    "Patiennt",
+                    "QuestionnaireResponse",
+                    "CarePlan",
+                    "MedicationAdministration",
+                    "Device",
+                    "DeviceComponent",
+                    "DeviceMetric",
+                    "MedicationOrder",
+                    "Observation"]
+            },
+            "websocket": {
+                "__comment": "only enable this for single-tenant, single-server deployments",
+                "enabled": false
+            },
+            "kafka": {
+                "enabled": true,
+                "topicName": "FHIR_NOTIFICATIONS",
+                "connectionProperties": {
+                    "group.id": "securing-kafka-group",
+                    "bootstrap.servers": "kafka-1:19092,kafka-2:29092",
+                    "security.protocol": "SSL",
+                    "ssl.protocol": "TLSv1.2",
+                    "ssl.enabled.protocols": "TLSv1.2",
+                    "ssl.endpoint.identification.algorithm": "",
+                    "ssl.keystore.filename": "/config/config/default/kafka.producer.keystore.jks",
+                    "ssl.key.credentials": "/config/config/default/producer_sslkey_creds",
+                    "ssl.keystore.location": "/config/config/default/kafka.producer.keystore.jks",
+                    "ssl.truststore.location": "/config/config/default/kafka.producer.truststore.jks",
+                    "ssl.client.auth": "requested",
+                    "ssl.keystore.credentials": "/config/config/default/producer_keystore_creds",
+                    "ssl.keystore.password": "change-password",
+                    "security.inter.broker.protocol": "SSL",
+                    "ssl.key.password": "change-password",
+                    "ssl.truststore.password": "change-password",
+                    "ssl.truststore.filename": "/config/config/default/kafka.producer.truststore.jks",
+                    "ssl.truststore.credentials": "/config/config/default/producer_truststore_creds",
+                    "acks": "all",
+                    "retries": "60",
+                    "request.timeout.ms": "10000",
+                    "max.block.ms": "60000",
+                    "max.in.flight.requests.per.connection": "5"
+                }
+            },
+            "nats": {
+                "enabled": false,
+                "cluster": "nats-streaming",
+                "channel": "fhirNotifications",
+                "clientId": "fhir-server",
+                "servers": "nats://nats-node1:4222,nats://nats-node2:4222,nats://nats-node3:4222",
+                "useTLS": false,
+                "truststoreLocation": "resources/security/nats.client.truststore.jks",
+                "truststorePassword": "change-password",
+                "keystoreLocation": "resources/security/nats.client.keystore.jks",
+                "keystorePassword": "change-password"
+            }
+        },
+        "audit": {
+            "serviceClassName": "com.ibm.fhir.audit.impl.NopService",
+            "serviceProperties": {
+                "load": "config",
+                "mapper": "cadf",
+                "auditTopic": "FHIR_AUDIT",
+                "geoCity": "Hamil",
+                "geoState": "Texas",
+                "geoCounty": "USA",
+                "kafka": {
+                    "bootstrap.servers": "kafka-1:19092,kafka-2:29092",
+                    "security.protocol": "SSL",
+                    "ssl.protocol": "TLSv1.2",
+                    "ssl.enabled.protocols": "TLSv1.2",
+                    "ssl.endpoint.identification.algorithm": "",
+                    "ssl.keystore.filename": "/config/config/default/kafka.producer.keystore.jks",
+                    "ssl.key.credentials": "/config/config/default/producer_sslkey_creds",
+                    "ssl.keystore.location": "/config/config/default/kafka.producer.keystore.jks",
+                    "ssl.truststore.location": "/config/config/default/kafka.producer.truststore.jks",
+                    "ssl.client.auth": "requested",
+                    "ssl.keystore.credentials": "/config/config/default/producer_keystore_creds",
+                    "ssl.keystore.password": "change-password",
+                    "security.inter.broker.protocol": "SSL",
+                    "ssl.key.password": "change-password",
+                    "ssl.truststore.password": "change-password",
+                    "ssl.truststore.filename": "/config/config/default/kafka.producer.truststore.jks",
+                    "ssl.truststore.credentials": "/config/config/default/producer_truststore_creds"
+                }
+            }
+        },
+        "persistence": {
+            "factoryClassname": "com.ibm.fhir.persistence.jdbc.FHIRPersistenceJDBCFactory",
+            "common": {
+                "__comment": "Configuration properties common to all persistence layer implementations",
+                "updateCreateEnabled": true
+            },
+            "jdbc": {
+                "__comment": "Configuration properties for the JDBC persistence implementation",
+                "enableCodeSystemsCache": true,
+                "enableParameterNamesCache": true,
+                "enableResourceTypesCache": true
+            },
+            "datasources": {
+                "default": {
+                    "jndiName": "jdbc/bootstrap_default_default",
+                    "type": "derby",
+                    "currentSchema": "APP"
+                }
+            }
+        },
+        "bulkdata": {
+            "enabled": false
+        }
+    }
+}
diff --git a/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-postgresql.json b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-postgresql.json
new file mode 100644
index 00000000000..a60f91cd9d8
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config-postgresql.json
@@ -0,0 +1,82 @@
+{
+    "__comment": "FHIR Server configuration",
+    "fhirServer": {
+        "core": {
+            "tenantIdHeaderName": "X-FHIR-TENANT-ID",
+            "datastoreIdHeaderName": "X-FHIR-DSID",
+            "originalRequestUriHeaderName": "X-FHIR-FORWARDED-URL",
+            "checkReferenceTypes": true,
+            "conditionalDeleteMaxNumber": 10,
+            "serverRegistryResourceProviderEnabled": true,
+            "disabledOperations": ""
+        },
+        "security": {
+            "cors": true,
+            "basic": {
+                "enabled": true
+            },
+            "certificates": {
+                "enabled": true
+            },
+            "oauth": {
+                "enabled": false,
+                "regUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/registration",
+                "authUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/authorize",
+                "tokenUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/token",
+                "smart": {
+                    "enabled": false,
+                    "scopes": ["openid", "profile", "fhirUser", "launch/patient", "patient/*.*", "offline_access"],
+                    "capabilities": [
+                        "sso-openid-connect",
+                        "launch-standalone",
+                        "client-public",
+                        "client-confidential-symmetric",
+                        "permission-offline",
+                        "context-standalone-patient",
+                        "permission-patient"
+                    ]
+                }
+            }
+        },
+        "audit": {
+            "serviceClassName" : "com.ibm.fhir.audit.impl.NopService",
+            "serviceProperties" : {
+            }
+        },
+        "persistence": {
+            "factoryClassname": "com.ibm.fhir.persistence.jdbc.FHIRPersistenceJDBCFactory",
+            "common": {
+                "__comment": "Configuration properties common to all persistence layer implementations",
+                "updateCreateEnabled": true
+            },
+            "jdbc": {
+                "__comment": "Configuration properties for the JDBC persistence implementation",
+                "enableCodeSystemsCache": true,
+                "enableParameterNamesCache": true,
+                "enableResourceTypesCache": true
+            },
+            "datasources": {
+                "default": {
+                    "type": "postgresql",
+                    "currentSchema": "fhirdata",
+                    "searchOptimizerOptions": {
+                        "from_collapse_limit": 12,
+                        "join_collapse_limit": 12
+                    }
+                }
+            }
+        },
+        "bulkdata": {
+            "enabled": false
+        },
+        "operations": {
+            "erase": {
+                "enabled": true,
+                "allowedRoles": [
+                    "FHIROperationAdmin",
+                    "FHIRUsers"
+                ]
+            }
+        }
+    }
+}
diff --git a/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config.json b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config.json
new file mode 100644
index 00000000000..e08fe80beeb
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/config/default/fhir-server-config.json
@@ -0,0 +1,208 @@
+{
+    "__comment": "FHIR Server configuration",
+    "fhirServer": {
+        "core": {
+            "tenantIdHeaderName": "X-FHIR-TENANT-ID",
+            "datastoreIdHeaderName": "X-FHIR-DSID",
+            "originalRequestUriHeaderName": "X-FHIR-FORWARDED-URL",
+            "checkReferenceTypes": true,
+            "conditionalDeleteMaxNumber": 10,
+            "serverRegistryResourceProviderEnabled": true,
+            "disabledOperations": ""
+        },
+        "search": {
+            "useStoredCompartmentParam": true
+        },
+        "security": {
+            "cors": true,
+            "basic": {
+                "enabled": true
+            },
+            "certificates": {
+                "enabled": true
+            },
+            "oauth": {
+                "enabled": false,
+                "regUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/registration",
+                "authUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/authorize",
+                "tokenUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/token",
+                "smart": {
+                    "enabled": false,
+                    "scopes": ["openid", "profile", "fhirUser", "launch/patient", "patient/*.*", "offline_access"],
+                    "capabilities": [
+                        "sso-openid-connect",
+                        "launch-standalone",
+                        "client-public",
+                        "client-confidential-symmetric",
+                        "permission-offline",
+                        "context-standalone-patient",
+                        "permission-patient"
+                    ]
+                }
+            }
+        },
+        "notifications": {
+            "common": {
+                "__comment_includeResourceTypes": [
+                    "QuestionnaireResponse",
+                    "CarePlan",
+                    "MedicationAdministration",
+                    "Device",
+                    "DeviceComponent",
+                    "DeviceMetric",
+                    "MedicationOrder",
+                    "Observation"
+                ]
+            },
+            "websocket": {
+                "__comment": "only enable this for single-tenant, single-server deployments",
+                "enabled": false
+            },
+            "kafka": {
+                "enabled": false,
+                "topicName": "fhirNotifications",
+                "connectionProperties": {
+                    "group.id": "securing-kafka-group",
+                    "bootstrap.servers": "localhost:9093",
+                    "security.protocol": "SSL",
+                    "ssl.truststore.location": "resources/security/kafka.client.truststore.p12",
+                    "ssl.truststore.password": "change-password",
+                    "ssl.keystore.location": "resources/security/kafka.client.keystore.p12",
+                    "ssl.keystore.password": "change-password",
+                    "ssl.key.password": "change-password",
+                    "ssl.truststore.type": "PKCS12",
+                    "ssl.keystore.type": "PKCS12",
+                    "acks": "all",
+                    "retries": "60",
+                    "request.timeout.ms": "10000",
+                    "max.block.ms": "60000",
+                    "max.in.flight.requests.per.connection": "5"
+                }
+            },
+            "nats": {
+                "enabled": false,
+                "cluster": "nats-streaming",
+                "channel": "fhirNotifications",
+                "clientId": "fhir-server",
+                "servers": "nats://nats-node1:4222,nats://nats-node2:4222,nats://nats-node3:4222",
+                "useTLS": false,
+                "truststoreLocation": "resources/security/nats.client.truststore.jks",
+                "truststorePassword": "change-password",
+                "keystoreLocation": "resources/security/nats.client.keystore.jks",
+                "keystorePassword": "change-password"
+            }
+        },
+        "audit": {
+            "serviceClassName" : "com.ibm.fhir.audit.impl.NopService",
+            "serviceProperties" : {
+            }
+        },
+        "persistence": {
+            "factoryClassname": "com.ibm.fhir.persistence.jdbc.FHIRPersistenceJDBCFactory",
+            "common": {
+                "__comment": "Configuration properties common to all persistence layer implementations",
+                "updateCreateEnabled": true
+            },
+            "jdbc": {
+                "__comment": "Configuration properties for the JDBC persistence implementation",
+                "enableCodeSystemsCache": true,
+                "enableParameterNamesCache": true,
+                "enableResourceTypesCache": true
+            },
+            "datasources": {
+                "default": {
+                    "jndiName": "jdbc/bootstrap_default_default",
+                    "type": "derby",
+                    "currentSchema": "APP"
+                },
+                "_db2sample": {
+                    "type": "db2",
+                    "tenantKey": "<the-tenant-key>",
+                    "currentSchema": "fhirdata",
+                    "hints" : {
+                      "search.reopt": "ONCE"
+                    }
+                },
+                "_pgsample": {
+                    "type": "postgresql",
+                    "currentSchema": "fhirdata",
+                    "searchOptimizerOptions": {
+                        "from_collapse_limit": 12,
+                        "join_collapse_limit": 12
+                    }
+                }
+            }
+        },
+        "bulkdata": {
+            "enabled": true,
+            "core": {
+                "api": {
+                    "url": "https://localhost:9443/ibm/api/batch",
+                    "user": "fhiradmin",
+                    "password": "change-password",
+                    "truststore": "resources/security/fhirTrustStore.p12",
+                    "truststorePassword": "change-password", 
+                    "trustAll": true
+                },
+                "cos" : { 
+                    "partUploadTriggerSizeMB": 10,
+                    "objectSizeThresholdMB": 200,
+                    "objectResourceCountThreshold": 200000,
+                    "useServerTruststore": true,
+                    "presignedExpiry": 86400
+                },
+                "file" : { 
+                    "writeTriggerSizeMB": 1,
+                    "sizeThresholdMB": 200,
+                    "resourceCountThreshold": 200000
+                },
+                "pageSize": 100,
+                "batchIdEncryptionKey": "change-password",
+                "maxPartitions": 3, 
+                "maxInputs": 5,
+                "maxChunkReadTime": "90000",
+                "systemExportImpl": "fast",
+                "defaultExportProvider": "default",
+                "defaultImportProvider": "default"
+            },
+            "storageProviders": {
+                "default" : {
+                    "type": "file",
+                    "_type": "ibm-cos|aws-s3|file|https|azure-blob",
+                    "validBaseUrls": [],
+                    "fileBase": "/output/bulkdata",
+                    "bucketName": "fhir-performance",
+                    "location": "us",
+                    "endpointInternal": "https://s3.us-east.cloud-object-storage.appdomain.cloud",
+                    "endpointExternal": "https://s3.us-east.cloud-object-storage.appdomain.cloud",
+                    "auth" : {
+                        "type": "hmac",
+                        "accessKeyId": "key",
+                        "secretAccessKey": "secret"
+                    },
+                    "_iam_auth" : {
+                        "type": "iam",
+                        "iamApiKey": "apiKey",
+                        "iamResourceInstanceId": "resourceId"
+                    },
+                    "enableParquet": false,
+                    "disableBaseUrlValidation": true,
+                    "disableOperationOutcomes": true,
+                    "duplicationCheck": false, 
+                    "validateResources": false, 
+                    "create": false,
+                    "presigned": true
+                }
+            }
+        },
+        "operations": {
+            "erase": {
+                "enabled": true,
+                "allowedRoles": [
+                    "FHIROperationAdmin",
+                    "FHIRUsers"
+                ]
+            }
+        }
+    }
+}
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/bulkdata.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/bulkdata.xml
new file mode 100644
index 00000000000..2fa1e548062
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/bulkdata.xml
@@ -0,0 +1,40 @@
+<server description="fhir-server">
+    <!-- 
+        By default, in-memory derby is used for job repository, no configuration is needed.
+        If you need an alternative, check the disabled folder for your persistence datastore/provider.
+    -->
+    <featureManager>
+        <feature>batch-1.0</feature>
+        <feature>batchManagement-1.0</feature>
+        <feature>jdbc-4.1</feature>
+        <feature>servlet-4.0</feature>
+        <feature>transportSecurity-1.0</feature>
+    </featureManager>
+
+    <authorization-roles id="com.ibm.ws.batch">
+        <security-role id="batchAdmin" name="batchAdmin">
+            <user id="batchAdminUser" name="fhiradmin"/>
+        </security-role>
+        <security-role id="batchSubmitter" name="batchSubmitter">
+            <user id="batchSubmitterUser" name="fhiruser"/>
+        </security-role>
+        <security-role id="batchMonitor" name="batchMonitor">
+            <user id="batchMonitorUser1" name="fhiradmin"/>
+            <user id="batchMonitorUser2" name="fhiruser"/>
+        </security-role>
+    </authorization-roles>
+
+    <webApplication id="fhir-bulkdata-webapp" location="fhir-bulkdata-webapp.war" name="fhir-bulkdata-webapp">
+        <classloader privateLibraryRef="fhirUserLib"/>
+        <application-bnd>
+            <security-role id="users" name="FHIRUsers">
+                <group id="bulkUsersGroup" name="FHIRUsers"/>
+            </security-role>
+        </application-bnd>
+    </webApplication>
+
+    <batchPersistence jobStoreRef="BatchDatabaseStore"/>
+    
+    <variable name="BATCH_DB_SCHEMA" defaultValue="FHIR_JBATCH"/>
+    <databaseStore dataSourceRef="fhirbatchDS" id="BatchDatabaseStore" schema="${BATCH_DB_SCHEMA}" tablePrefix="" createTables="false"/>
+</server>
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/datasource.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/datasource.xml
new file mode 100644
index 00000000000..3571c4c7aff
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/datasource.xml
@@ -0,0 +1,15 @@
+<server>
+    <!-- ============================================================== -->
+    <!-- This datasource aligns with the Apache Derby database that is  -->
+    <!-- created by the ibmcom/ibm-fhir-server BOOTSTRAP_DB process.    -->
+    <!-- ============================================================== -->
+
+    <!-- ============================================================== -->
+    <!-- TENANT: default; DSID: default; TYPE: read-write               -->
+    <!-- ============================================================== -->
+    <dataSource id="bootstrapDefaultDefault" jndiName="jdbc/bootstrap_default_default" type="javax.sql.XADataSource" statementCacheSize="200" syncQueryTimeoutWithTransactionTimeout="true" validationTimeout="30s" isolationLevel="TRANSACTION_READ_COMMITTED">
+        <jdbcDriver javax.sql.XADataSource="org.apache.derby.jdbc.EmbeddedXADataSource" libraryRef="sharedLibDerby"/>
+        <properties.derby.embedded databaseName="derby/fhirDB"/>
+        <connectionManager maxPoolSize="50" minPoolSize="10"/>
+    </dataSource>
+</server>
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/keystore.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/keystore.xml
new file mode 100644
index 00000000000..e3f265ce8df
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/keystore.xml
@@ -0,0 +1,4 @@
+<server description="fhir-server">
+    <!-- This empty config file is here to prevent the openliberty docker.ci from generating a new keystore. -->
+    <!-- The ssl config, along with the keystore and truststore config, are defined in the main server.xml -->
+</server>
\ No newline at end of file
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/openapi.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/openapi.xml
new file mode 100644
index 00000000000..0ed602121de
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/openapi.xml
@@ -0,0 +1,9 @@
+<server>
+    <featureManager>
+        <feature>mpOpenAPI-2.0</feature>
+    </featureManager>
+    
+    <!-- This is the openapi definition for the IBM FHIR Server -->
+    <webApplication id="fhir-openapi" location="fhir-openapi.war" name="fhir-openapi">
+    </webApplication>
+</server>
\ No newline at end of file
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/transaction-manager.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/transaction-manager.xml
new file mode 100644
index 00000000000..310e0889d41
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/transaction-manager.xml
@@ -0,0 +1,7 @@
+<server description="fhir-server">
+    <featureManager>
+        <feature>jdbc-4.1</feature>
+    </featureManager>
+    <variable name="FHIR_TRANSACTION_MANAGER_TIMEOUT" defaultValue="120s"/>
+    <transaction totalTranLifetimeTimeout="${FHIR_TRANSACTION_MANAGER_TIMEOUT}"/>
+</server>
\ No newline at end of file
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/trustDefault.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/trustDefault.xml
new file mode 100644
index 00000000000..40d2eeef69c
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/defaults/trustDefault.xml
@@ -0,0 +1,4 @@
+<server description="fhir-server">
+    <ssl id="defaultSSLConfig" trustDefaultCerts="${SEC_TLS_TRUSTDEFAULTCERTS}"/>
+    <variable name="SEC_TLS_TRUSTDEFAULTCERTS" defaultValue="true"/>
+</server>
\ No newline at end of file
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/README.md b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/README.md
new file mode 100644
index 00000000000..b3cff423560
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/README.md
@@ -0,0 +1,13 @@
+This readme applies to all files in this folder:
+
+# Datasources used for server integration tests
+
+```
+datasource-db2.xml
+datasource-derby.xml
+datasource-postgresql.xml
+```
+
+These files are copied to the overrides folder and renamed to datasource.xml.
+
+Only one of these datasource definition files should be copied into the target Liberty configDropins/overrides folder. If more than one of these is present at the same time it will break the Liberty configuration because the datasource ids and JNDI location are common among the files.
\ No newline at end of file
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/cors.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/cors.xml
new file mode 100644
index 00000000000..078dd720ad4
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/cors.xml
@@ -0,0 +1,6 @@
+<server description="fhir-server">
+    <!-- Enable CORS (Cross Origin Resource Sharing) -->
+    <cors allowCredentials="true" allowedMethods="GET, PUT, POST"
+        allowedHeaders="Content-Type, Authorization, Accept, Origin"
+        allowedOrigins="*" domain="/fhir-server/api/v4" maxAge="3600"/>
+</server>
\ No newline at end of file
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-db2.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-db2.xml
new file mode 100644
index 00000000000..fa317fb413e
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-db2.xml
@@ -0,0 +1,18 @@
+<server>
+    <!-- ============================================================== -->
+    <!-- TENANT: default; DSID: default; TYPE: read-write               -->
+    <!-- ============================================================== -->
+    <dataSource id="fhirDefaultDefault" jndiName="jdbc/fhir_default_default" type="javax.sql.XADataSource" statementCacheSize="200" syncQueryTimeoutWithTransactionTimeout="true" validationTimeout="30s" isolationLevel="TRANSACTION_READ_COMMITTED">
+        <jdbcDriver javax.sql.XADataSource="com.ibm.db2.jcc.DB2XADataSource" libraryRef="sharedLibDb2"/>
+        <properties.db2.jcc
+             serverName="db2"
+             portNumber="50000"
+             user="fhirserver"
+             password="change-password"
+             databaseName="FHIRDB"
+             currentSchema="FHIRDATA"
+             driverType="4"
+         />
+        <connectionManager maxPoolSize="200" minPoolSize="40"/>
+    </dataSource>
+</server>
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-derby.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-derby.xml
new file mode 100644
index 00000000000..a365dc543d0
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-derby.xml
@@ -0,0 +1,28 @@
+<server>
+    <!-- ============================================================== -->
+    <!-- TENANT: tenant1; DSID: profile; TYPE: read-write               -->
+    <!-- ============================================================== -->
+    <dataSource id="fhirTenant1Profile" jndiName="jdbc/fhir_tenant1_profile" type="javax.sql.XADataSource" statementCacheSize="200" syncQueryTimeoutWithTransactionTimeout="true" validationTimeout="30s" isolationLevel="TRANSACTION_READ_COMMITTED">
+        <jdbcDriver javax.sql.XADataSource="org.apache.derby.jdbc.EmbeddedXADataSource" libraryRef="sharedLibDerby"/>
+        <properties.derby.embedded databaseName="derby/profile"/>
+        <connectionManager maxPoolSize="50" minPoolSize="10"/>
+    </dataSource>
+
+    <!-- ============================================================== -->
+    <!-- TENANT: tenant1; DSID: reference; TYPE: read-write             -->
+    <!-- ============================================================== -->
+    <dataSource id="fhirTenant1Reference" jndiName="jdbc/fhir_tenant1_reference" type="javax.sql.XADataSource" statementCacheSize="200" syncQueryTimeoutWithTransactionTimeout="true" validationTimeout="30s" isolationLevel="TRANSACTION_READ_COMMITTED">
+        <jdbcDriver javax.sql.XADataSource="org.apache.derby.jdbc.EmbeddedXADataSource" libraryRef="sharedLibDerby"/>
+        <properties.derby.embedded databaseName="derby/reference"/>
+        <connectionManager maxPoolSize="50" minPoolSize="10"/>
+    </dataSource>
+
+    <!-- ============================================================== -->
+    <!-- TENANT: tenant1; DSID: study1; TYPE: read-write                -->
+    <!-- ============================================================== -->
+    <dataSource id="fhirTenant1Study1" jndiName="jdbc/fhir_tenant1_study1" type="javax.sql.XADataSource" statementCacheSize="200" syncQueryTimeoutWithTransactionTimeout="true" validationTimeout="30s" isolationLevel="TRANSACTION_READ_COMMITTED">
+        <jdbcDriver javax.sql.XADataSource="org.apache.derby.jdbc.EmbeddedXADataSource" libraryRef="sharedLibDerby"/>
+        <properties.derby.embedded databaseName="derby/study1"/>
+        <connectionManager maxPoolSize="50" minPoolSize="10"/>
+    </dataSource>
+</server>
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-postgresql.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-postgresql.xml
new file mode 100644
index 00000000000..55e4e0c1aed
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/datasource-postgresql.xml
@@ -0,0 +1,17 @@
+<server>
+    <!-- ============================================================== -->
+    <!-- TENANT: default; DSID: default; TYPE: read-write               -->
+    <!-- ============================================================== -->
+    <dataSource id="fhirDefaultDefault" jndiName="jdbc/fhir_default_default" type="javax.sql.XADataSource" statementCacheSize="200" syncQueryTimeoutWithTransactionTimeout="true" validationTimeout="30s">
+        <jdbcDriver javax.sql.XADataSource="org.postgresql.xa.PGXADataSource" libraryRef="sharedLibPostgres"/>
+        <properties.postgresql
+             serverName="postgres_postgres_1"
+             portNumber="5432"
+             databaseName="fhirdb"
+             user="fhirserver"
+             password="change-password"
+             currentSchema="fhirdata"
+         />
+        <connectionManager maxPoolSize="200" minPoolSize="40"/>
+    </dataSource>
+</server>
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/db2-cloud/bulkdata.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/db2-cloud/bulkdata.xml
new file mode 100644
index 00000000000..501254d9612
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/db2-cloud/bulkdata.xml
@@ -0,0 +1,55 @@
+<server description="fhir-server">
+    <!-- 
+        This configDropin work with the IBM Cloud hosted Db2 and securityMechanism 15 (apiKey)
+    -->
+    <featureManager>
+        <feature>batch-1.0</feature>
+        <feature>batchManagement-1.0</feature>
+        <feature>jdbc-4.1</feature>
+        <feature>servlet-4.0</feature>
+        <feature>transportSecurity-1.0</feature>
+    </featureManager>
+
+    <authorization-roles id="com.ibm.ws.batch">
+        <security-role id="batchAdmin" name="batchAdmin">
+            <user id="batchAdminUser" name="fhiradmin"/>
+        </security-role>
+        <security-role id="batchSubmitter" name="batchSubmitter">
+            <user id="batchSubmitterUser" name="fhiruser"/>
+        </security-role>
+        <security-role id="batchMonitor" name="batchMonitor">
+            <user id="batchMonitorUser1" name="fhiradmin"/>
+            <user id="batchMonitorUser2" name="fhiruser"/>
+        </security-role>
+    </authorization-roles>
+
+    <webApplication id="fhir-bulkdata-webapp" location="fhir-bulkdata-webapp.war" name="fhir-bulkdata-webapp">
+        <classloader privateLibraryRef="configResources,fhirUserLib"/>
+        <application-bnd>
+            <security-role id="users" name="FHIRUsers">
+                <group id="bulkUsersGroup" name="FHIRUsers"/>
+            </security-role>
+        </application-bnd>
+    </webApplication>
+
+    <variable name="BATCH_DB_NAME" defaultValue="BLUDB"/>
+    <variable name="BATCH_DB_SCHEMA" defaultValue="FHIR_JBATCH"/>
+    <variable name="BATCH_DB_PORT" defaultValue="50001"/>
+
+    <dataSource id="fhirbatchDS" jndiName="jdbc/fhirbatchDB"  type="javax.sql.XADataSource" statementCacheSize="200" syncQueryTimeoutWithTransactionTimeout="true">
+        <jdbcDriver javax.sql.XADataSource="com.ibm.db2.jcc.DB2XADataSource" libraryRef="sharedLibDb2"/>
+        <properties.db2.jcc
+            apiKey="${BATCH_DB_APIKEY}"
+            serverName="${BATCH_DB_HOSTNAME}"
+            currentSchema="${BATCH_DB_SCHEMA}"
+            databaseName="${BATCH_DB_NAME}"
+            driverType="4"
+            pluginName="IBMIAMauth"
+            portNumber="${BATCH_DB_PORT}"
+            securityMechanism="15"
+            sslConnection="true" />
+    </dataSource>
+
+    <batchPersistence jobStoreRef="BatchDatabaseStore"/>
+    <databaseStore dataSourceRef="fhirbatchDS" id="BatchDatabaseStore" schema="${BATCH_DB_SCHEMA}" tablePrefix="" createTables="false"/>
+</server>
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/db2/bulkdata.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/db2/bulkdata.xml
new file mode 100644
index 00000000000..cb7ecf7bddc
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/db2/bulkdata.xml
@@ -0,0 +1,58 @@
+<server description="fhir-server">
+    <!-- 
+        This configDropin work with Db2 and user-password
+    -->
+    <featureManager>
+        <feature>batch-1.0</feature>
+        <feature>batchManagement-1.0</feature>
+        <feature>jdbc-4.1</feature>
+        <feature>servlet-4.0</feature>
+        <feature>transportSecurity-1.0</feature>
+    </featureManager>
+
+    <authorization-roles id="com.ibm.ws.batch">
+        <security-role id="batchAdmin" name="batchAdmin">
+            <user id="batchAdminUser" name="fhiradmin"/>
+        </security-role>
+        <security-role id="batchSubmitter" name="batchSubmitter">
+            <user id="batchSubmitterUser" name="fhiruser"/>
+        </security-role>
+        <security-role id="batchMonitor" name="batchMonitor">
+            <user id="batchMonitorUser1" name="fhiradmin"/>
+            <user id="batchMonitorUser2" name="fhiruser"/>
+        </security-role>
+    </authorization-roles>
+
+    <webApplication id="fhir-bulkdata-webapp" location="fhir-bulkdata-webapp.war" name="fhir-bulkdata-webapp">
+        <classloader privateLibraryRef="configResources,fhirUserLib"/>
+        <application-bnd>
+            <security-role id="users" name="FHIRUsers">
+                <group id="bulkUsersGroup" name="FHIRUsers"/>
+            </security-role>
+        </application-bnd>
+    </webApplication>
+
+    <variable name="BATCH_DB_HOSTNAME" defaultValue="localhost"/>
+    <variable name="BATCH_DB_PORT" defaultValue="50000"/>
+    <variable name="BATCH_DB_NAME" defaultValue="FHIRDB"/>
+    <variable name="BATCH_DB_SCHEMA" defaultValue="FHIR_JBATCH"/>
+    <variable name="BATCH_DB_USER" defaultValue="db2inst1"/>
+    <variable name="BATCH_DB_PASS" defaultValue=""/>
+    <variable name="BATCH_DB_SSL" defaultValue="true"/>
+
+    <dataSource id="fhirbatchDS" jndiName="jdbc/fhirbatchDB" type="javax.sql.XADataSource" statementCacheSize="200" syncQueryTimeoutWithTransactionTimeout="true">
+        <jdbcDriver javax.sql.XADataSource="com.ibm.db2.jcc.DB2XADataSource" libraryRef="sharedLibDb2"/>
+        <properties.db2.jcc
+            serverName="${BATCH_DB_HOSTNAME}"
+            currentSchema="${BATCH_DB_SCHEMA}"
+            databaseName="${BATCH_DB_NAME}"
+            driverType="4"
+            portNumber="${BATCH_DB_PORT}"
+            sslConnection="${BATCH_DB_SSL}"
+            user="${BATCH_DB_USER}"
+            password="${BATCH_DB_PASS}"/>
+    </dataSource>
+
+    <batchPersistence jobStoreRef="BatchDatabaseStore"/>
+    <databaseStore dataSourceRef="fhirbatchDS" id="BatchDatabaseStore" schema="${BATCH_DB_SCHEMA}" tablePrefix="" createTables="false"/>
+</server>
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/jvm.options b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/jvm.options
new file mode 100644
index 00000000000..53cd8148142
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/jvm.options
@@ -0,0 +1,7 @@
+# Reduced heap size for constrained environments
+
+# Initial heap size (same as max so no reallocations will occur)
+-Xms3072M
+
+# Maximum heap size
+-Xmx3072M
\ No newline at end of file
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/jwtRS.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/jwtRS.xml
new file mode 100644
index 00000000000..ab521345842
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/jwtRS.xml
@@ -0,0 +1,31 @@
+<server description="fhir-server">
+    <featureManager>
+        <!-- mpJwt-1.1 is already enabled in the default server.xml, but it doesn't hurt to repeat it here -->
+        <feature>mpJwt-1.1</feature>
+    </featureManager>
+
+    <!-- Override the application-bnd binding of the main webapp -->
+    <webApplication contextRoot="fhir-server/api/v4" id="fhir-server-webapp" location="fhir-server.war" name="fhir-server-webapp">
+        <application-bnd id="bind">
+            <security-role id="users" name="FHIRUsers">
+                <group id="usersGroup" access-id="group:https://localhost:8443/auth/realms/test/fhirUser"/>
+            </security-role>
+        </application-bnd>
+    </webApplication>
+
+    <!-- The MP JWT configuration that injects the caller's JWT into a
+         ResourceScoped bean for inspection. -->
+    <mpJwt id="jwtConsumer"
+           jwksUri="http://keycloak:8080/auth/realms/test/protocol/openid-connect/certs"
+           issuer="https://localhost:8443/auth/realms/test"
+           audiences="http://fhir-server:9080/fhir-server/api/v4"
+           userNameAttribute="sub"
+           groupNameAttribute="group"
+           authFilterRef="filter"/>
+
+    <authFilter id="filter">
+        <requestUrl urlPattern="/fhir-server" />
+        <requestUrl matchType="notContain" urlPattern="/fhir-server/api/v4/metadata" />
+        <requestUrl matchType="notContain" urlPattern="/fhir-server/api/v4/.well-known/smart-configuration" />
+    </authFilter>
+</server>
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/postgres/bulkdata.xml b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/postgres/bulkdata.xml
new file mode 100644
index 00000000000..60a74d2e59e
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/configDropins/disabled/postgres/bulkdata.xml
@@ -0,0 +1,54 @@
+<server description="fhir-server">
+    <!-- 
+        This configDropin work with PostgreSQL and user-password
+    -->
+    <featureManager>
+        <feature>batch-1.0</feature>
+        <feature>batchManagement-1.0</feature>
+    </featureManager>
+    
+    <batchPersistence jobStoreRef="BatchDatabaseStore"/>
+    <databaseStore id="BatchDatabaseStore" dataSourceRef="fhirbatchDS" schema="FHIR_JBATCH" tablePrefix="" createTables="false"/>
+
+    <authorization-roles id="com.ibm.ws.batch">
+        <security-role id="batchAdmin" name="batchAdmin">
+            <user id="batchAdminUser" name="fhiradmin"/>
+        </security-role>
+        <security-role id="batchSubmitter" name="batchSubmitter">
+            <user id="batchSubmitterUser" name="fhiruser"/>
+        </security-role>
+        <security-role id="batchMonitor" name="batchMonitor">
+            <user id="batchMonitorUser1" name="fhiradmin"/>
+            <user id="batchMonitorUser2" name="fhiruser"/>
+        </security-role>
+    </authorization-roles>
+
+    <webApplication id="fhir-bulkdata-webapp" location="fhir-bulkdata-webapp.war" name="fhir-bulkdata-webapp">
+        <classloader privateLibraryRef="configResources,fhirUserLib"/>
+        <application-bnd>
+            <security-role id="users" name="FHIRUsers">
+                <group id="bulkUsersGroup" name="FHIRUsers"/>
+            </security-role>
+        </application-bnd>
+    </webApplication>
+
+    <variable name="BATCH_DB_NAME" defaultValue="FHIRDB"/>
+    <variable name="BATCH_DB_SCHEMA" defaultValue="FHIR_JBATCH"/>
+    <variable name="BATCH_DB_PORT" defaultValue="5432"/>
+    <variable name="BATCH_DB_USER" defaultValue="fhirserver"/>
+    <variable name="BATCH_DB_PASS" defaultValue=""/>
+    <variable name="BATCH_DB_SSL" defaultValue="true"/>
+    <variable name="BATCH_DB_SSL_CERT_PATH" defaultValue=""/>
+
+    <dataSource id="fhirbatchDS" jndiName="jdbc/fhirbatchDB" type="javax.sql.XADataSource" statementCacheSize="200" syncQueryTimeoutWithTransactionTimeout="true">
+        <jdbcDriver javax.sql.XADataSource="org.postgresql.xa.PGXADataSource" libraryRef="sharedLibPostgres"/>
+        <properties.postgresql
+            databaseName="${BATCH_DB_NAME}"
+            portNumber="${BATCH_DB_PORT}"
+            serverName="${BATCH_DB_HOSTNAME}"
+            user="${BATCH_DB_USER}"
+            password="${BATCH_DB_PASS}" 
+            ssl="${BATCH_DB_SSL}"
+            sslCert="${BATCH_DB_SSL_CERT_PATH}"/>
+    </dataSource>
+</server>
diff --git a/fhir-server-webapp/src/main/liberty/config/configDropins/overrides/.empty b/fhir-server-webapp/src/main/liberty/config/configDropins/overrides/.empty
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/fhir-server-webapp/src/main/liberty/config/resources/security/fhirKeyStore.p12 b/fhir-server-webapp/src/main/liberty/config/resources/security/fhirKeyStore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..718148f9444d1ef3e5f00fbea6f4174ce4abe5d8
GIT binary patch
literal 6868
zcmY+IRZtv&(xq{Cx50zU0Kp0F?hNiBxNC5CGPt|DyE8!o1WEA0-3e}i&8^zq`~MGJ
zU3E@%KlIb-4;V@|3kM4i3?)lPLS>1Rk9@#{MTRX5C5u7`B@6o}2LVHIGX85J6^7zO
z|C7SuU}65Xfd4wMKnf(Z|GNPL772)jfZ~+ZWULM%#)X4Jfe8-9QCFMKc?J9Cy??hT
z$U=KhU}xWRB%4ko+Y3UOeCdwf_+cua38OK8uF!)Z8d6_DPbQQ8Zp>6h{L4$i`Rv+%
z2b`>i9#il8>BavmPV%!H^>ttKN`vHZZTft4Ryak3;fA^@IasQF!&2YZ#ygBBy#!`_
z*nLb^#WKbrd;)0qCd%{IM~8X7GFnKjZE9;|w^WE}>{gcc*V0h9*Ee2;-h8G>x!p=3
zJH4`l!EXwi(PC!bh4FO7ksO36F`3XRSSNrV6WX)5acv;))DTkg&)j^t#k<>{eN!~l
zd%8K9K^H2=D6?<+81QDF3XBZx1%eZ9<S2oNE!yl4x68khR{|H<wN7W#1O?T}RYRz3
zZNquq_cTXOTR5;3ci5T+cl5~~2|IsaOpYEE=?M&y{tz}rN*#!&HZFHTii8^?PAQGs
zk}Z%vW$>TREYbRtgt1kxPZFmOHJehE=TER8XhkihhU?fq%!{*EEYs|(OjzuRP>za1
zK1>9<7vs+N_X&)fJKn8gRbd+&v%*FDqJ>=Ra5l*;EscseID0A<UyAB-rfa!qD+;RA
zxEg;nDwei-OJp>{@DuCv(yVG26>(|44+DrqSYum9<P6a&&+TwFik}Qr7%_k1ATV;y
z#+jG&k)PF1tp9{TK24pj?N?paLkoKJ`S4XXo}2#=Pyhj-qM`pT_9$7o40#f{Cy!Jn
zS#!7r6i@s_O;geoJ0}tI5%Wmg$qYBPBEh{4CN=MgEQ(Ifsct0+)<Tt>^ylSY+S4-l
zGEX2U?K<Je{j~J~M8MPzHMN{OM=&0t7bu0n@rrfbqYOFPquJ3kZD{hRveeCJ4vik-
zv3Ks<<4z7#K>34;BlIb_;GppsysPbUFDBX=-6WAKe?JQ~dXoa`*M4g@qos6eHK)ba
zN_c5M#sn_e-qunz5e+qdBofoA#6j{m+i<z(Rnlh-fCGhZVNSwmAROGWp0|-iq{PS#
zaY#H8mFFgB^ITCBYS)(3wBnRHI!Rxn`t(b@j*qj<h^{9k{0+Tq)Ck#2?Jmtpt-$7p
z2LL%W+9t_rsZ$@!PGb|?v#`}L%&>)NbNn$y4N_A_2%iT0M-m?aAGhsoYN{)R(Pu}y
z#o-Rg44U40+W>BmvQxs-^hMRPm*S6U_Y6XEN0dTH@#jCb2Z<CA8u19h%*&H{Vbfs1
zICU&(n1?*5zjW0pr|}S#YhJoBd`*6_$<TDCO;f}8Gv3XF%veTktZ7+;goGd0V{WfM
zv2sCarAwYu)%U9A3fW3n>TqT~1r>YC&JbN@QrGsNC(5lP5)>>O(by(0J)TX>jBHa|
z)|}`!s8!XhG}k^RBs$t6%e4@q6mlQnTdTZ-*yv+MX=*4mn(d&wBfkEP5bz=P?3)6O
z%x5$1M2aCHBracluN3+L$%qBA--0+(zsw2OST=<6HqMFY&pyezdPcrNyeX7Wf~5Q9
zIN>P7Y-Rmi2*W?zb1ykJsM3r<w=kEMZ548b^6x6YDTh6by#^k>SiKFQ*6RhssY&|#
z`kb58>wVEx9&(QwW~j%%FGFK)uryiQ0F-9HCMtbqp0c-mV$z>8L27;6L9>^I(*(T^
zTn?}tHz`Pw>P2$Uu-o-1vb4#-)>GipBte%^5lT$82PUZ2i~*V9k{yH<gIo-g*)ifs
zX1~BkT2;7D12+Sk?Jj`GtLv$K=WCQ77n`)Y4k=zLM7^Qxn3EHokIn7ttu(#*3OVdw
zqz$rv!?UlzA4UBtRKR(rxx`vHkVogSQveh8Y>Hb%Wawg(#BSDzhv|T}fu*~w{P3q#
zV+q!ntL%i@-X-3&c*5t35We%S81}sssK1M?S;6DkXmK~vmnIeq50{DyLKl`Ab*<lZ
z9VcDB0oIPYcOS|G)H+7k@zVS2R(s90NF0ibPZ4gkz<d)f$6n~luR|V4H(2WU!CZjK
z7@)!N{LaMBmNWvrAvk)`;B<^Y6)Ep}7L2Y=#{4$I$f6a6;x7->YRG^9fGoNKFY(QZ
z!azlW_LCsaXMC~f`}E{bX=0JYDqp0>3cAgx^KW9zdq8H&E_p~RtXEksV=gtZBee;0
zT(_g!WArT=%RNmY2O`x7mzUf8WD~+RxKWdQNzrxydSuxaY>5JnG0_NtJ^{g~j>_bd
z(vUwDuVDtK7WKpjR7~0gM>z|i=`9ev2HH~Sm!rYsJX+}M%(BzEYyRG_5^aD9Hi$ci
zqPL{N>TMQ+2Y>Z3ui|jD-fl`sWNU&m&<vH$BpADs)qT7ZnT3F=?e}jmb=O&3@kQ5t
z=3A$*cbvSe|DyMg=Hg(cT^eS$HGY>Z-To<L?Qs=>{$J~ZezC{ab?;)uUA3RwFUan>
zWQxF*EL5%r^*MY!0w+2hszS(pZ<S!-MO!P#`RZrB6S6snK3pMR{Gnizs(8rs+WeBc
z_5#;Am6OjgLQP~p14A}nB_F~XVgJ#Gd+6_Yki50=^f?T|#RvVoav#?Ct?Rx(qXDk3
zVpO4*I@o7{{56cWMkjvc-vDV8dcU`N*I(KyolXb8@7ih}8ncN~JRT*mB;s1SKymFH
zCpfRU1lb89?X8N<9AQusNFZ#Rz*jjBn(V?3^of>Bc7EY^QkFd$DMgsIZ0km)1tq43
zyPlIl2xe{t&zbo7%u39QW7^!5|EnEP-%#)t1w$Bl<VHmFYaM2rh0cl@XDmZWYj07=
z3%uiNAJffub)=5I-w403r;%s3a|TMDNZKO34NNk;L|{i&;_g141|lpjr=1<+=yK)>
z_3p2;?c+6-&MSYORVP$qtxMmK3qsy7g#x<0V=2>k6`F6?8!0SF0-2|HUT3jZd5CbN
z=39i_;3>4x9SNMAe=&1=h6Q+rsU~l5Pl{jN^P+^YsV|JR`QTl+I|JAzoOR6oar~OR
z)^?%KRWm4i_-!n$Ep}bUW>X5aKmVA?r-saJ)REwBGTSdCO5~+}(}^-qhQfWBn|p=M
zN}DB6T3)ML&}S?K$kc4tR?pn#xIIsr5qW%6Bu$;85}G9{o;+Rx>5TrYQ1uV(-TtET
zw7;D<CPqC;a21r?#G*Rkf$)Z^A<xJRPMm`ABAdhF$s%GdDVFo-x88^M*Llr1YY!QQ
ztS_!oi18phP63&IWp0&N@=$;`c^aH8jOEybC8p^pw4)Y|`8fM$+2qYzuDK=7Wnw1a
zjR<|`Irn|QqsSF($|m?1*e3)?gq~tbRSLn6gM<qr`_3G!x7=YGl5A^gXI1a=>-+Ql
zOW~7ps?R62E~Zm{Y|umqH@9Ph@M#QA5C=NnCyT@h%U1rc#Cq%yAZ4Z8uUA4bc6JhD
zMb3j8HBBGUerC(t)`>oUp049hPVR=oW<fTWbJXhTn3qptjrRV&>o+$vLRr;SBMq9C
z3(onheUY7JHW~5n$30(*@b|HOWzs}wuMtkCt9rgOL+DwGaCHaXgcZ)Zy(n5oR8v1Y
z(IaXmEe<!YDW$T$kEd8#l-c(Gh0cEc8N2Q2Soc>ea04S-5jRD#E~Zh7$bQb~2=V|F
z%5)1&r(?OUY+1NF*ZeB>zCYg)`R`zkARjdZ5+1Jr_Se8by|#FDZP*`j7k<d%<I`Xq
zwk#eddfWoD{?M5zF@Y`y#d&#n%)ynS>2m@6XpHVm_Ley7*TJNkuGnb3qQBuinoN0T
zN<=1X5l9xdv)vCWXO>6qbKnDtxgviKj|kgd{tQJ)%Va@Nw4V1z@)9x!;u(*$Je3;M
zM_IzS2-Cem{6r{P_YFXji>7l;gRXN`k0rrO{cxeO_1J#WGlj2wSvQ20_D|H^ve4qs
zrhCbmAbpWf>9z7(#RYUnsK&SSd6||7xnCxb1e|#fkKABkY(NR7+G4E=YXowI(o?O?
zmLEF2889%mf?ViA_Iig|&Xo;_zl|SWk&!*iTyQVy46-a%0T(U{CYXY7k#o`tnxQU8
z-`eVOH1b)C2U(6$FVtjQ1<{^DSoNNJgDmNPt)o(f^6;EgXk8YsbGCwo1#fyuOY;@T
zy+6QMp9G#}NxO{X{fzQDApJw^^>Uc;86Iz+p9>ACT-V%9Nf@eFT~!DY_7>+u1v+(9
zXb7ClNeujK2&YZwB5UyRa(293;9Ml{6C{O=abI(5g0lOfPeV^OGC^R#<zY9?p@lUn
zwzcwN0xSjjq+@MGM%00^>E^r;_QBu1Rw?YJIfP7sbSpB}3AVQ&-DG9-UB(3zG*1+V
znmR!7?<16xR|R>N7O;$iZN;n|skOdWg3O(B)mfx3&J6!0Q+*0_KcE3A4LjFXU$202
z!dVKV%b2#AvFl+ICpBjsymalr8J-I_c|kt+J_(DdObPu;`Zj`jr=fCe($cB5$bCoQ
z(|+rEkYBnrk*)dY9wpM92#N8afVlfkR64z~iVwHMqQ?6p-WNxRAZ`F2fV1oS>%;|T
z$>JDzBNq*|Kq=6bZ~m6r{#WFU3`Syu<NcKczmDH}NFBcO>u&;MTiWR<e}#8kzd1Z1
zg!509tk#^+^`ZD=a`Ey9omR+3rBf(j8qLoOUj6L;v$xGH*vz*mux}^E@2|aRw74P%
zlq?cU0P+E575qHXW9KT(Nt=Z4(BaNe^bn2u4gg)-w1Pee<JV@g+)SLt;i4nNm!E!=
zrT5IX6?J(o>$DMn#N}f?n>CEjqEPQ6SGw22vF&|qF&M#m*LQUv?F*PWcxgeO1$8rD
zeUdDR-0`~=REaCF;WP3rRQ|3;)+&>@i#%AR-SbpEjazPfRLz@SQWMO$EGD(+0JR^A
zo<D!^ajIvDj90!5Z#xG%6y~P)Ucg$YK|YO54Q3>yV4S<6AT)3&zCW%qP@!|9aUfj=
zRckYNB_08fq;qU20GHd?WB3FSj}rF3BAP<XO*ji5Rr$k8M~#@jFQB!kBWu$Zk^iai
z;j}phm??v|vc#XG&#ax7I1rpwSFCa^dOdGh?&M&sgbu!hr|I!&pCyNAZ0$jIiIYP5
z2THm?kLQ!Y*wy}b^n6e_u`7ZOc9hv@kmm75%U{(G{NbGIFPQ*M9lTIQj~H~dh62%e
z133~_&z_BF@5`Uc5X@Amo@YLZm*WKp{9DrRKkl}}xa4PN-%l~H^A>2@4!&v`$K{E8
zX+&^%7W*mXZ^X{x#LzNRSv5ZgE;*;*r_0biAKK9_XXFno)zQN~Uw&|#Kx`_nuDJ5T
ze^_Q@wn^@hQsP-QbbOOZlVe|#2GfS@%Q#eg9PdaMcsWRV-kx{p3tA!nx}|G_A;=OU
zL9Yw5LxO$%OSISLP_=(>dA#V<ZAf`iyY^vhH}pWwRclV@(e&z_e6G8Q$1ZHa!zXv&
zx_$XV^kDMz4_w3{-|=<l3$cP3m`aMLVoDI6s;7qWE8}&oT~T?CG$OV_okIuFo$|DT
z-<hjn-pq@U%;hs9)2SqSOKFPq3?O_36WeW(TjUi#ON5_KE9UX;ajg95saYiwy{1%V
zx~xc9%LSiNjKJRk$?SoE1Cz-~ZhqJ4o6a^x?3T2t5<*fYaukDQyn8)2K6k5rhCDUd
zxHmHIdN(i>b?bish{90RIfPKu>3{OXzxs}Z{{L_U8Z6vD)9IgR_rE9w{C_CLODjFh
z&BWvEe<;Pjarq_J8|KSYMr`l>I0+c{xki1KnJ-hxL&ZvYbeciJFJG>a#m_i#)AxB8
z#g^z3V(^*eVP{yypVcBTUL_<3oqvD`T4QB&L&YrTw>UIQg<$jOW;H7JD;PaL7(s*!
zIkUgOJninp9)5nG-moJtY=V&=xGkWZJ~ZD(L*^F3HEu9X5vlB?tL*-)oLfg+>NKTS
z0xpOUiIkZ7-2NmMhw-Yg_n^_vE<-mE7<?bnDrZP6J9l*)J)C$##H$>k72%A2B<rT9
z5^XJ}LF7Wm1H2C&P%jgd+-9|wi=+Sd{10**VkYhbxlrK;3)<)(?VS_r5(kDOJb2yX
zF)W?tK^6`A^`KdUurY{`gu1;=|LVCsirn_NT+?)j82uW%o839|_y|#e)lFRUyq_1(
zLLMa=D(C{$$7#?Mr^2>`jC=3OZwR^RVj~M!Mh!}Jb>(LF;da5P#zE5Kjicba>O_@T
zy{&)XD(sO(aM7!@S-eLAqO6k4VqhQP=E#4-29^LC;hz{w8I0qr_{{ckO9hcO^<#fd
zl@ju@2$#x_bO%r@3xW$qoD`IZXzy*XTA?FZBlCNUqYT|m*!2dIfRB%P$LPfxGK^wr
zogd_%8kPK*jeb$rY^v_Gz**h1VIXE@sbkdK^Zr<KHZar%_g02GNiUBySjjiM>Z#3Y
z(_7Ro(I2nlIUTt?ozQ`ljZ<9^o<cb){h0Pf)O^M#n4@$)0FLNQ%Tm_8iuIdgU-vJq
z-fTaMH6sF-OEBpXF}h%wq*bpcPUY=9>#YouzLQ;9`4xpbTyT<OHvLHJwlH*$Dg$1m
zcw{B}XOjw&el}Nrl5^=D4#;e<J|xLofJS}HG?8ZQ_rPb{xG*qG)`ScJI*+t>$I$-<
zdswBngY=U?H8|ELg#$2LHMz%AC}}xO2U}NmqI*G7LZbEe=M+>PZCaNL#OHJ2@Z{d&
zLSxAqSLe$UMprGN_o5-enb;LIlch5%@oLZJnwJ40NUzQr;ns91+|%tlpbEc9!ftwk
z2U5G+J20ov@VSYixf7vxmPm<2W@w3gCMThw;PmJQ8VV%MNrlTxTO=5G&ot0n6)+%K
zGIE)FpSFz&$>+}?cXkr~#s%pjCQyfSHud@m2e=<TSwuhTzu^K7{l)vjWS5|75kXge
zLWbIuQvz8Z3SGR3+CD=h1aaa<8=La7@Hi+IST0*l|Hyuv47R4M?f&aRyHlqs%o-s(
zo*_v4AnJN-iu>JGpUC~oi{Q4LFZ^K_=WMw}D=!0ZZy3Ecn@GgwY{W!euuL3f_PaI#
zVh0X)b<@HMt|8kM=->z5ZwaAv<URs~HtgXWXJuH0)^M<Owa=t%=|0+LsaP~>SRpve
z2)VuK*Fv_uyz6Bx)1nvqGehqg_?>VZiRaxl_IG8qCjG#tu#3O75W&e}xD+KM(0pLv
zx@_fCb(uf>$)<e={OQr%ePa0qe2AJJ7X5Pg74T2;Q>>p&V!5-t3O~ud0au!!#3~=L
zcK<~db@y<Ua>{B&bER}@vA@sW;};0Gp3`_VrW{+SHZUY6Er5s)t=`Hx8r*N}LxVs?
zO<h|cD?I+uk#xWqF2LHF<Yb~Kx~k&o?rK1EBM$>y^R*eEdgLkyl|rYB>abmRZ<Y4o
z#Oe4Nj>La8u|eA#dFWPX(Y=RQfFs5GtpTGjoW7RhJhD%n2+x(w_oh#u8<8K_dWN-d
zTwOj8qiB5d6wz3anl3Fw>#b&tsdxw%O@!Z`8Tz2O#!s1_Zw5#q;Bjm2+V2gp@ZQ=+
zfo<g@pIqJ4NjlDHRiKUS(h)gHRwu&=m}3Ep`@Pr8JM}E7n6*m#STnEMrv&+_jj;_s
z@Nd=^2Mu!e^owvG=m{r|R^;?J;QVD7zbHD!4NNv(z^^IGV_Y=uurC~xPvS-XBN%yo
zK$Ldy(%|>g-8*D^#8CvEHZD+sGJd5~Fd^jY?}L8jhu7^c_SCtFI<VD>jtl`8ZrZip
zx0zaBuA9yFu)2P?`i(-&Kdp_L+8+WJSotugJx4XBIUl!*uuJMJ-p5vz)mHch^kdra
z&^h_83+r_mPZXoW#@@DbQJZD7lG8DjmS_Lyq;%ct?;+wQ4Cv^K>cB@mQZl9?>j^V@
zovTUpX0`YgvL+krbgpJ6=i#%2-Ao<@(1-_>`A)`}wKyp<vy3DdH_wGZseAZ|TLY6n
z-XM}8Z-*i0`VfP(JBlO3wNB$sJ?e+~b->Ob6@wWH@E7(RL#%<T7xSR`r^|;|?$CRG
z6e_L0%#J#3p%t0Y$2rs})s!2lqv4jQ0aQw?<BnInoAULF7B&t{V!Ao+taTvf8FwdE
zzQvv_zYkZE{?D%q7%@v2uT<#Q4}PKeI<!T&wZk(d)vvmMnx}l+a^*~c!#NK4!TFKQ
z2Vro8{-Y|OBOSMwYcE!$HdGDdDdj~VfW34d;GKYyz7q^9*blC&H7zsz<kn`#NSZ<K
z5vb(jg<`|>_*CKB{%)$xksO|T+oc({X#xMC4YLoL_E#|~Ss_BU*U`s2XTy*bt98{C
za{A(Z%|6n)Su>Xcr%!*1zT<spTTr)y)aJSrT%hkoch~H!nIXakhheg;Nvs({fdN2&
z+CH0w<%U-D?Ve_%Lrn^ee&sPBj#i$@`-Luub4#M{+ds}%WZ$k#|Ct_ymqZMp`IOWf
zwS*M^@M)HnS!E=?3t#D&@$Kb6do^_Hh;+x*HT{NlmZ6L_&E#EhH*&;KPeO#)m@RQS
za1>%groxA;IbYqW%aHi)iaC#r9jfb>`-m~$&@k7NTR>h!c_I@MHn9JRUh`r0FKv!F
zdP_mQ4_e$EHsAVBO(etvIoG|$Fx-~{g{cl#80Lt=p0$PP!s5vVvwGAO%ClM<WW2A$
zJ5M60&%kmFdCII?OjI;ga7EBg&>}~;Fv}u?m_0_^=X7Y_<@yD#%aooyJhSMiXl!0j
zGi`o==wNE6)R7l|Hh5}gT{4mn@4|^qjN`r8*dMPBq5huqK|Pd4m<I$W1BrX~Dr5?+
z_slk;UIK`y{a&5Ep#l@eDZO%UKj_=xHSkJlVUbXMz)7<pz?mfzz`BaNuNrTVS`>C3
zvKMu+%U*Ykx8?^49DJKtba@dGdo1-!EXVArX8cptL(J1l{26YH*e*>io=X}C`2Xn)
zm4FL}5(~x(#v0}`j5&-aj021ZknX=WAr}z>!AwBAi3D9|`)+$}VKYyA*~fTuWgr)j
z28fD;$chCIM}`Q4KwzvFV}G&0il~&v23}FZSKWoO$RnWGE99{<T4qrFC&c|97;y@r

literal 0
HcmV?d00001

diff --git a/fhir-server-webapp/src/main/liberty/config/resources/security/fhirTrustStore.p12 b/fhir-server-webapp/src/main/liberty/config/resources/security/fhirTrustStore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..5413314c6f38b30f570e47dcfd956bc44850b30c
GIT binary patch
literal 8898
zcmV;zB0b$Of+D^G0Ru3CB6kJ}Duzgg_YDCD0ic2+Xas^HWH5pvU@(FrTm}g$hDe6@
z4FLxRpn@VzFoGgU0s#Opf+9i&2`Yw2hW8Bt2LUiC1_~;MNQU<f0So~KFdGCE4PqKG
zmh1%cx<?Kzf;lN%;S-I50s{cUP=JCW2rGgcDQPKIP4=#SY<^b81$Y*e&Styw`szxx
zq(NJc2ZAUmVjB@#<Ic<%g3<kI@=$U)@4Zr)?+-}Nk%V=2gwst6E%|6Pnq1dDS^BIz
zv1Qb-B&Nvh-oG&_{+RgO`4>$FjK;eMmB|2Uy)@}wF=SFB)+9q2T#IL^IpD>c0=+&C
zVN!JEpXAt;V|J1W_?xZ*arNOq+~DDX9ivQ~%)3fU7V0VuWl|A8|K}2mJz>l52NS2{
z`3Y~5lPjH#OiKHsI;A7pXU1L8;xgGrJ3psOk>WX{;5rH*Y?5!MHN>k%r<Ej6H+&X<
z;6Kr`GsxX71bE((l{#)k(Rc4ohBtb;J$Tb`x80Uj<8-aO>%3~Q+WR4xyk)4&nM2c6
zm`#N1P!ab9`FUO28zE)I(l|a`-*+Ke)NJ<mSUTnM0qyQ*R#^CXfI`V<{>csnFBS$n
zQ$rbzFgy{Q_HFHjamu<sB#V|pf=kKSh`anTdw$PSA^g}Z?DZpzHZiV?6=I;;qCUQz
za6Y)BQ9!BCvJT01S6eZJQJD#SbE*z$Is^>qyWU3WxO3WbPSg`Npp}opTkq(Hrv>E$
z=u0Fq6);}#w~~|h+ceC%qmhlfHRl&^J3C#XGP=465)oC;#>(~Sbj2}R3U>ogPAqyx
zJO_2CZm<jKr%sKt#cc-v`2^ADYRKU)?!I4S_OJFy(i)ZXsE|g5;826~vew`3|J?i;
ziOGp)vBf1E=BBS##6!b)tN>ebd^%I>i)i-Sl{L#dHyfxaEcRupXqruHBniG1jldK{
zp%=O`0$O{hkAlfXix>?_mrPEIWb))*c47;Hn@;ndhq1el9ExM^%2w0lW+T|cax5T2
zuS8PQ|H&+j7y2%`yHcJ~#VQ&NtA+Q$5Ya<hFKU(IJh{vp^#N_^XD-7Q(YALZN0Hr0
z|1MKjs8X@&_dSWU!7L_<d@SC<Dr;nP0Q3^e7dGFjwOn&PU=ep#&bX#NmGgmt81V>C
z6es_K^MSA2NKceZcIH4*6SU%5aGGi!75J(4f%(>ftE6;->VaFIg%1xTTh!t4#L~#)
zl3i_|iYJW759Vtrw7Rl=iucLpD|TXxVT9HBB%}5}%RyIFv&48wyB&ol3VWv`?vvkv
zbt5tvu!EW?ApVVBy~E-n$yQSE57pmKkkrNd%kGhGtQrm?@%`BxZrQ6i6Mo@ld_Uyz
zksKu*Y4=z(F|khbA4O^tJL?08^G_<om?K@<7>j>D?6>=N@%cWKOmD#76>=7skTH1&
zmbd%Cc-y>5RXBygFvtONYTN;;*$)TjBAleJD47Sh%$er`ZdF7P(Vg2i(1>b2hLC<y
z|0WeLSaFNvb_pm@&W0=>ore_f_8SIJC4O0Bkan?j#DHxBb-z(<r^wlULK`NHp9{PZ
zOpVT6p%|YYS?KvnrTYvCWso;7u~%oA0vVS51N>%0U}m;7$0&kL#|rqK*mb_q-zJZx
z9sn`iW}gj*o%>rU+a0OBi=<K94rFCCCt;-@ApUitVotDB3odDH-`Z6a$uTvY#63?7
z7tdHNeW5%;Qu`4y)Adg>>lT88OYbPB(uxZ_6Fdf<MGsMhi3>}u@I;uH6)|!CjWv#I
zGaE=RC|hn$<s_r`cV7&-2eH)gPqNrckNax^R6J;k{j;0#WMY3JQI0*!S)WJAYR+j{
zd|9`sGgxqA$Wp(=IpV<j)D6l$d*dK8oyb#S$FDC$#@W-ofAIZ7Qml3xQ&jJv2i%B0
zx4>(OQlu-=|7EXz!+p;go>`VKHBsf34~R^QYB$bc!g`8hcwPOd>J3qcu_xw#2wrGv
zo|Lp8pb)g0B-V+8D*i|L4nqvZ`s{854nv4kz5;!?FOh_j+{?5L;8q+1MHm=}ihaG^
z0SBr3)#sBWmNR*{S9K8A=*LIyF`n3p;UdPeUvvh>SlCd|u%g-NugTs*NVZfoh|sg|
zR$=po=cj`emlU1xo)@J0#+perZT!q9qq7^qT!Tc<4`=V9W;I>%(cP~jF$ut4Ka9O%
z83Ze(u+pvO1@5f7DQ+{MF4e1%GbLNvs292ER!B$tbA16s=2ToB6R!$P6t2h?r*$Om
zjpfUr*)HiRy@uue1p9=bP<AkN*0cSVn{I>4dM0A{hk4jIhN<=bg<c^(gf5&SO?BG`
zL!pn-62uNNf;Y{Zo6g5CalhA8TM4t91OH*qs6dpoDcw8yNGajmXwFYC$YRKq<y$k#
z1A8)hy)kPby_^w9BPex7+jxx?R0n6HuQVa#T$Mrqbtn9@cBrqmAcC*25zr0P29n%n
zuX&(r@M=Vd_z@%p_sj7<GMde899tKA&uyA7yGi!C08~3dRLIJwIsOHWvOP5-6a6;v
z3x{|Oco+zQ?|PztWl62Yb%|);3jg)(MNHP4)bm%d;0r5f=)qH@O-Z~(+PV6H5{PYg
z<L}<hXE%{c0WC(E^9A7$ZpggMcCpla+zw(4TZ&2{m5jJ#b``HJS}Sj1XtVi4jB41H
zP0_9|suqJ~Q^zK{;u@dz?~g{+QhkyTiu#}P-^#Xm?lj6p*7ZjsDZ?;w5sVF3HRY^k
z6-XzdW@=9AndGq8v;<MUGmN2zp|-ui&r&8x19REc?d_)+Df=q5B+aM-(GzXSPwA^(
zv=<f|OezC(!7j{kDRDwhCE!+HfYxKKR>C0K9ytIeg3AKBwYp675R1IRAg!KQOv&vI
zgWW?mCIr*35fpoQ=TCwFjs7@v@JF7ikbZOSc1X-*v^iY4TsnzyvBmp+uAvm>Y)M1D
zj0uxWSB`~{X~d?oh8DK}9zcE+9(3t6PE*nvdT5kccFF~*!H-AY(y;b>YNTeODpht#
zB~^CjxjZoHj8p1`mS-9<A1;^)NbBt{E}-Mai6<5+@}Ydm!>=N1eRt>otK`xF^nmwY
zI3LNU5hB0pJEaH9TQ7HM2EIeM4S3}w1@H^+{OC5;YI*W+pR^$s2U-1NKVdp<D&Bn8
zc{f%@lQs!Xz1jE~*j5Zjr+nUk#m%6M6faONN4QSV>Fl#>lhh^SwA{+f3&bH+9Firk
z9%@+%^hp><mx<s?Lkgmj)+%&HJrckDC^vL}SKS&f?fSS<-2<To{6eG?OSXKal_mj+
z`{Kg*3X_>%#YAn%?qdc5Jc?<(4P%ASI#OmyctLn!!Q0o)jc7UBFF<pB?#ga4LP-9x
z^QuR@yX3Zq63ybTns*v5kLA0NV%=<i+N1+dx~aQRN-YX5#{kJ;*;P=*h?k!>3E1%Q
zi0e#>Buw9@Lb~yV0`i{Zp$g%%xp!@66$r9!q(Yn3qMZ@axL7D}Uu#PLbRC2Y3J4e`
z)!;BDWFZ4{=$BOsLbamGA{P^R2P_cvWJY$NCpA~GbJ&6;k1~4BOVAv3KyAuANXe&<
z4~M0s#L&SVq;u*j0!8H}%@IM@%P<pwJsfZU@9vL@3J)EHPtB?h5T-ji^)0#Wv*aFl
z=jl>V#vxFmu)8X&4XZNT0%fM7P5oOgz9^y2U&P8GM!0XpQrnX<JNvdXFp)Ah=9}qk
zhb0L5-(*Gok`=y0UK!SSR&>~U-6t_u$aF*hgVLD`<<DEgu*T{`0Oeu54?3M78e^%|
zYpu6P_5_t=-x_PgoE^Hdbzdf@q16Ag@dm85y(BrtrfUf!8O!1p-z<PdLP~DeRa)F@
z#-$v;nHY`Eg-nCNXc?S&6TxS(Cn+!RKbV?(3%UC2@E0q^4g(JvNo)x48ew11*`(hj
zF}EFzvy#|o27d~5(qV&iSANE9DPX?b?qFF?fdWg#p9xsO>VODoF``LgsmF@-8#k9B
zof&B-i~0{8Y;nScSo$Y+BB*z-fShpLNb(P}2GSWb6=YQZU+#h>XBR{aD06jHzhbEq
zPGoTR`ww!PVMOU3BHuFQgncP0>k#_5lbM!m%sitfad^HS3c}k%6Tvl*RCO@xPZVk#
ze?cC>rc3#7GPdSW^Irc$@`poANRQYIq>ly&Y8kP?<eiRrj0Uw54cZD4I>xg3&ejbw
zPYlHgqQr^}C#rJ|2c*Bb!U_KvTazH0y9WKY4ZEgb2Paz%y0`Y!iU6V4CE#QZW8TqQ
zfOSTKuEcdZE+XRHcAN+Y6h+lj_muk0Eh6&M7$PCw@hF{p=jliYK~_nxY&Eh9==F;a
zu&hK~f>wh(TRTi?toa7)2<JYrj-;5y_jd6p+80$kmS-}D8vD{Z82bQqxmWh<N70|E
zfv|$fh5OHQ0vEm};Rpn1abvR{;uO-D|7TvK#asiTTkOd5%xAzDfs*er@(KCgFQUbb
ziu`yACwk^>LdT;ZyDP@7imkV(p3+TlUK8&nUC><`4gJ51&&+i}j0P#}Y!?)h0BfSt
zfOVQ6`cqdXVVgI2&3~?gTM~5Xt1>PA;lKPqw^$?<>82^>B~KNW_xHPty50pX6RYJ!
zsKlCaf+Nn`915R-e(|m-#7M_}inR#|CKBgk97h4D5_yQfiHMv<>(C2-$Y-5x&xI)x
zk{0AUM*+a<rm!JDmZqbZ1#A<YFx5D!jvu^=y<I;5>jdbRPJO=#5ku9K5Z_8ntJ^}*
zoQs$CD-Hi0u`Bk$L8dT=&ty!YK>&~Ca&%@m9}E6{-v)e-m&(|}p03YGo6S49xfs)?
zj7(N9=Li27Y8m!@pJ^Thu$68<J|;i(8Ed^ys$QJQz7!}%o$y6)<~1$#>h_{A6hyXe
z0X|+&z=)D7q_6VXe8?bK!|?6p<l8(qhqsNC8!!F_D$1o`{SVF7d^+mN>7IQrhc2PC
z&RezX>>5G^N|vok%ya;QxZr6k@fEnNsM1zaQpt~nG<|=+^Bc8@QWVfKF9&@2Oe`0j
z%;$F0WJe-v;gz@2BOZ+&fSDd>ZAil21dRhu;1G2_OEHMbKW1k_pBacDaq0eoM8Aqw
z8Yc4n$i)Y~EZ_lQ|KkMSz>xsjyC#?Av$ZD=V0*_J)@T?%ozBO*WwW%ElXmYNcRJ{I
zxpKU<#cTDBwd-m2n1-|cMpie!EoP*wX9QPyCNq`*K^N#=c0SI8w1V3k0YKvRRcXfR
z>nEXZN2YR-GvKcQOo8wf3q14_!<{B}w_gRD6$tFAfV!%ALWB>Kf<8clh3dL>s6(Ge
z@gso!!Zj##&P1*xc-uok%Vc&&8Ny!gS)UL%Fk7PE>TXtC%b}k!(a)GoRsu!TH_~dG
zSzzl<nv416FkH3aUKpUwhY#~vpQhOg^#>Y|FPL`LrjJ@xF7Rj^M8$kE6YAk5PB*Ee
z%b(B)LY|+~mSF5{+hq?Xtd#X=$r<`$HVXJ&bma)BRC*ly$dS6F`Z3Bo$7Lxft}(d(
zC|2;=v5F+*_)SGvhWl`?v^<sfKE7o<!{L$Zd@u;bppdL`=8^^p60aRouqcp~Og__e
z-mw3eFQ62dgnr^;!DqDGO-MbbosPjpwHw@A0j?rehLa8oN-0tksgHPD4qfZpAs4*0
zE7<iB1*0vITLsAGu03KGpI>MZC0W4M%^_{ztx88Vc%}}b249*STKwVgT`LU1sGK`{
z1Nv1{3@PR-j~cnD^u#Q3<GWF`(Eu6GgAGWDa3|p%<%$+Bhrsv1*pb(pf*gFeIFF{6
zY9fUuluPq#Ii~W`@{~nwz7BBeiIW(x{oI{RJ<3={RhqUZ^{w_DSLzCG5Xo(8i=+&@
zu--?@2A+I66N5qs|8gD104&c;e{fhI>l*!*qR$jP_5l62^C7-3W}<C3zYM`6s!GMo
zMx(~#yU!*y$P_*v&a&vfl>er_=d4T!->W8K1t;b;$P3#)@~x_0b<t>+0OpPq&6QXQ
z%|l^)9^@v+N8*fCCm;s;R^w^Jdkxil_hkHLcM%(<wmvb{P9~+E`C$mR5V!<zQ0g2c
zn?1?VALcbG*N>ie5;tJna(=EZ83mdbwpr01ne2^k;_vT#-K>yd&d4qzqf!3RA$SF8
zpT$$LO+W)q@H)4qFgY~{?!!a+9ile+%-+<q>eXAp_xoR!YwHwUnbTEHG~LccC7Y2Z
zq;<#nITNaCOsMm5F!)G^sxtjpwO}*BMKa8x^#Or?XI#9;9IVFWQ~IfePV^Ggj;{o}
zf)JMsNnPb#p`5i`?aqPVnhtg98+<iR(iB0hCPD{QPCK=zrm9#Y6_(_456v|^04uRH
z^Te&`4-SyjKTgl6My$f~5xkM}J(Ke~aias$U2-Qf?~+S}zj<vzE>XlpOWgD(-2<}v
zI6~zL&>DCbT^@MIfXgLo#+-M(;<mC}K2kym@gDl0mbMZ1C!c%IaBRAWv~Xksz#a+_
z8)ymBW1<gZO!Clr9DyYTB-j4!Bs-C4{Hn>Y=p&fceE3-E6i)B0lA@(pUQi->7-402
z=gWFXJ6NBvuk<EeGs%L?e(IB}{&&3m&WX4Vy8;%p+Crbwe3N7=>2-KSu{++HaCw$U
zZT)gu;mEN?Vu{P5dEAa+29BW?5~>uJ)?W2eO;JJ>LO@UCptH(3+iiUGR!2wn<eFPw
zAtiKG?2Uo!^Ex(_Z0SG8hrtDKY7=T4Yl5Z2FD^jwdt=P}ja3k;puAKM2{`P);y=RQ
z!gRyP&|^;>?hO)8IutacY@ZoD?bD<nU^~k7yYhua7@*bDvQIFF&i+ns{rcH&)a9dS
zDQ@@X#oKDnZ4|1X!Y}zyQNg~|F&;98SZXhF+(Za7XW>`47Ca>&L+8O_`4!4#hGl6k
zT91bN>RouZB9T6VITK=`o3R@PAOCGkvnHCOxK>!_5Gb#JG+fi}!n<g-Ij|w@#<eNb
zUCKyeaXQs<2@DWEoD8Fa_8iIw)Lsa4;A9`&sr?c#fXVPVIA9Z-=U|o*UL}K<Y%zAt
za2x9bBo_kE87Qn9;HPW$zl<M?{U+aU1YVf!rD*Tq1NNwG$tR!F#3>M?O#IYB`8XOn
zURR}?er!*_OxmBNqlcJmK3*dVzCm(+C5-66;7;z{q*_!Wo6XO45ecfWJGa_O(AF(@
zpT617yj$kj#(*b2aRrgbb3tA6(i{UMG}06c4sc{;t5&szex|kv7q`SlKr?ulvd^7f
z@A7^<?^bt9DNj!`$ot?EVYVlp(jS&b=mu*BUKT$ZY?Ca}1r)pHR%-X;gNKSPl(YTd
zOSZ)be%*muGb~4ev5Jx*!@~4dSQ=<fr^j^I9b!NM0{5fEk&n$+6w$;t0t|wH><6W9
zZUnNg^#OeHy#-+PoB6z}791-vh7H56)h6p5shq80Jr+S*Nj;|BO&*3R5DC4%m=vuY
znb0%Jq45-TR^Wvax+n-PR-JD__CxWpTvK<*@295H{%BvC$AdYj)~F;USGtOz;E+Vq
zMv+fnea0vW1q=io=&!T>n6J4nbIDJiBzrOanjNazwRntqPN+4_L$!WvlzT-KYHPTh
z;~<qIyRqVr7ya*vdM8{ac@UHpa$&c<YKYtA=M;Cfqny_LlMt9uId;%1_ZK^of*2*T
z>hH*kkjFSNidwQ3nI5-VWo;=VfTplhv%0pkW&}jOjpm)D9||fQ@}SF*GW|Pb^%Z^s
zKNqh$E5h^yftZ)v8J(6azFc#gmGvbVf5;hZA&f4IvA%gRi2Frv2<Vivy<XI5KVzU-
z4*%q7Y!xB9?N{i@XgWYfg^y8IYr(}W^XM<yQMX-MugU1{$!tq`zq}c8v0^a5jhj&w
z&%B-H1g`ZDzD{#X6l0iUC=#MU7(Xi**68~gJA8ECqr7A8(8(tnl=~?aucXlhQgJ(V
zbtE2{RT$C-5v`#<-XPslZsSHYL-XYz#1=@CJzXb_l)L6}BYNAe`*Jfp>Gn{x?8vYY
z$g!<Si$sk1cvR0>;A94lrWPlVD#sfg-i_pJsPh4ck<fp4D^R>I^Dwx9t0CE1F^&AV
zE2atMl(RzAzFEnylUPtC-7_)d+;q>JG7A1SCn^>qB7<-~dCHQIF-epekQf0d^6n`Q
zB?xEwM4PEvYkfI@3q`#HrSrU!mu(d}Oz2pKDe`m~GfSh0IX}r4de`G<RY#qQCC~l|
zWJf{b@-heaW;mu?)Ef0&P+^dSlqJx8u_$PyWt2CgDDf`JPE^8@kL<j`r~U#J5GDJ(
z4QUi;X$Zu4U6IKIdvHkCoyPEfX3Bw-Bu6>?9Rd%*%wb~j#BX%rn-wz{w|CovN(oml
zBwT2sMmikdBJ9ro6^3}-ZKm60#ViV@fcTJXDukrjnilYsdh>3n>?I1u;qBRWZRjRQ
zb-kMZt{k--q<zx`tpxg?2C|NAi@o7kXEaiN_<f3cRgJsg@eXe@b~@<E5<pv&{RkBz
z?bWO3ZL&&7g)x6LxhQ;C<1`P(b$x!W|C`IMGPesg@@3Q8J#Vc5TeKvts14}vU3(jz
zeRxj?dYO#drov|SURIl~h@&eT)jDRzu4V9s8$lS-vJ%7d|3S%mJM&c~lTO4?jyT@E
z&U63GySHK5P@36fV#6d;feE)PEL)~ICSED?P%|6TXpq;Jm@@g=Qv=1_*D4N^S?`CK
zETfsMcQAlKbmL-Q)BH*CfY*xe!YQ7p_R4j^-IqCrq!oH|VC8g6Jfwfy?FqVuNJS{8
zVA=#2Bq^QeQB34h@%S}++#OGN?U?lBYKR=HRz$KzbbXl@B^G*?EY75gO;(X3#VosF
z(%Xq^%T`hFsGc1qL1fctmOQdCEXc-tkx<qA_2$t_VG6(8oKM%fG9YET_rN*57%H&M
z)lvFe=bj}E0FlJ-WKjOlX(RL_{d5O5>D@w??#Y%P$<ZK#VM4t<#i1IFjHUO!hef>+
zr*&Cql=#zZg*EC_bamMT0E`b$K{D)%P(F?&9fYIFPbnj)*p>*5iR&~iT%i~4T&P@N
zEX3Z(vNIQb;`aA^052lLA%%1539GF(q)p7phN5bia(iGo_rSf@T;P#cC>P#iEMKMN
z@aWt`P_8{MjNoM3`_dcZH)^2Kp(FW|se<T`1Zm4n5Fq%NPpabLqNe;xSz}okrchJP
zaPs~_glm=ji4vm528(QZ`Aca>BmgT152je$$PR!^g01+VVS)CgLG$eBL9Z(eZRVt3
zGZ3w{lGUbJ{(WpHpgEB99<x-l#UL$3J@ZeFxHd=S@t4MoI2@H#2F;~3#T{GcMZ8CV
zm;=SV1K>7-)R%)5^<i)=-DksXb6NZFic`9ATnQT_r94wN-YW)Zn1>1!Vd)gyVb`Si
zxIr%EDg1=nqs){EN>N#G;spjVT2#)I(IL|NXQE+i73)+qZqP_TwxKUfZXu^RF0O{H
zE!=3$H?R(nhbh|5?chlZKPcIq7Qe}N!(Il(NDqt=yjTJ1Tc0H&T>3i?Vt9A7SX`D~
zZ`>rGa_~W%At`<VJc3;06>ML93M`c$QbgW<1BFU?95=^G4TVBqH!&Yg`q~~sM6woR
z9CWEaq;R)Syh3W_wL2&pV%oLUYK6Qx!O*5j<5jhnK`!DepNk20xgjGHH%8~p39s1U
zMWT%gkVj}KJp0c)x>w|rYOI<c;JqVjCIpa<>?UpRFawqSFJ9T#E{wB!u{N6SPaHz+
zF0vL2r26-u*#sE7!WCCggc7C^NxzzJAOX^VDmLr<7v@WdJh2Zs68aSA*eK@RB1j*f
zp~Lcms%W&!doP<_CzKN?Cf=DKeTZ*1#+Mc3-6+vGC;0}a=Xp(`F`)<aN5}HA!VdN?
zANsw46Q@vAg0!&eP^jM|ios?1FZq~uBDLF814CYm&L`BMHM3`|kPJ5&mZ~cA#rYRj
zJ2&4qktIkn&1LJ`gKvo+SHps}VO<2Apl`LmC@A~0qQw7wR%Pc{xemw{<gDJ{;m^z~
zRRp;y3|QG142)oeeR8dc2!ity($eG-y9034<HvplCVPN{w15$=I(&em7#S~W5cMeq
z(1Y^kcZ8Q39|Tya4u%7O`@pf(^`Wo>F>0R-ghasF{+W+Q{=Z377;60>0ic*Zz)78N
zEiu;9X4HAQt?cclhr}S*pFnG+8X-n^!pFR~G|Z=@OGg4}-Mc0ICw(TKqh*2@BeZ{7
zHF&0A)5yH=S+Fky2HU&u`&X&-+?1#C=I9HY>gibbntj2y4MwZItwroGoI6&qv3nU8
zIWr`soon0Tk2UJ`?5K2_^cQTI+__9j2-R6COlhK96$#b^$`!}%_Ib>KzF_PB8d!B+
zYxd44?9JNQTOH2x=I{SRjX@nxG8BDi!rkNRJ*F!r<4qh@JdlPqDid|n+M$2e`%mxU
z{|m<{d1*P?(&>;ppCd2_4gjQB%#cZFEQP&drzaRAJzuq*QA~ix8GwL!6mlrNsCX|5
zsgTwpSpg*!nc%dsE5rz)f$}e%_I~&fpz<W{P?lU@E(E`y`=)|mkZG48`s7i;)&|+@
zMZbZ7wGZ@BayksyKHPClT$tDa;!@tE8y5ou1IpXQ4^{Og`Nmvjr*IP-3R4Q#*0l8o
z#_E&rZD<`#&zl?;nv={ZDY4B8r^^<e^Hi4UI_Dkr`9`B<%bJ1PJZ~@Yd6$bhZiXe{
ziw;Y%O%~ugd7Ob8N`{i53eGhzMh3$43NG{tG$}PX3}ND3;(?H68R%&XbM%_PJm@x8
zuf|@DtfQPAIb9X+a}l>#i~Gy6hX$5LW}+CP7pVhOyGg*@g@+^J@s+?3S?EB8HSGh-
z_5#4m?eet2aoQh!e~~NejHIJd2(JId(F9(u+o_Z9_6F_(nKLxASWv(6%vXF&>T)%N
zE<qTB{z)mBaqv@+IFvh?P%w>W^VXg>DTQ9*a(VpxYK;Vj(G87TI0SFVZo7+WiP|!}
z@*Vdmc+AKp3q@}TRC|v;=@Rn?BPD0Uuj3jJ!50dnX`TlwqOJjvWA^bQVa4iB6|ixi
zbXpa4<dUZMzR+CX@iJ1&q^96Jui$Kj?*p|(bB9Vzd9pX2@Vw;9ZMlFP;tOo{p!bxo
zX%H>j1x4j?%EbG0y>~l4o8u{s@xmrIzSQ>fpn#GG#C_XI`8>=L1NHXZr-l?*S?1Ok
z$i5kI_<<<cpdSoYGlR&NNTj?LdjXn^(z?d6Q}b%5CtrXd6P|@iI+?mH?)v_T-kOkO
zowupeA`mksS<}I@8;6Hq7(s0r?iP<XBsV122BWAYq*?2nM|cOdq|^dH>-}$A@+V31
z%57gxvIVSK)HNATn9v$Ew)<%c9~TY0SqyMV@lRF{L=Dgwm3g7~V&lb*k(0~le!i#|
z5-`pqzUP09D(&k$0~^JVjNrN9ZZqQKR%QpYuQ%MOnvUvrT^~zbhxn7J>}U<pyv5X$
zj7hckj1oTWrgkH@hm5&97pF%dG=>~+aRRN0yog;dP~S$D_QjxwxU~tSgU4dejvbd`
zW(=2Zc&Y?J3&?VL-MW;|8D~hgrw>-`Z|Hq8a)(&tL_;~4Cg5QA7h(8-$=9lH3tA%B
zmE+E$sKJzF6Na4|@KsY{Q6fnODT+Z^2=Q7uqVObWw8H!ZW5}%K;f$x~rTjA~GeREz
zPMu8sOJPt>TY%}nO6ciXH}vAF54CrB?LG^V3&&FrNnB9DZfO)3B@#SOFN<C17N3e1
z4lq72AutIB1uG5%0vZJX1Qh%oA|(WzJnm;}e40=SPMfc@QAGq4K`PG`9HR=d=`YF<
Qo0E5){xIH@0s{etpxN*J-T(jq

literal 0
HcmV?d00001

diff --git a/fhir-server-webapp/src/main/liberty/config/resources/security/kafka.client.keystore.p12 b/fhir-server-webapp/src/main/liberty/config/resources/security/kafka.client.keystore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..799fb7f82f326c187bf1ff93b1ef9dcdf54bb4aa
GIT binary patch
literal 5514
zcmY+GWmFV^)~*?1$U#5`knWD5b6_Y5X^<2FX&AZ@h90^@+7aoHkd%f2kw#jPknR$s
zxt_J|z32OW?7i1|-nHM~4<sCn!~|eL!oeCqd~T#F@-GO03qXZ~q1fSI$$wZB5>BY{
z-w22bCzSYyL@)su{|?`O699x3Nbr9fhyXwcF*aVWc6}m|G^HITCLTs;I3b3ta`6+h
zGjML;Jzq<EbpB(a{vHd}ZFUo*y+iN)gFrKmCx@`K15x*axGNpCFbHP$yoK`7r1dfo
zdNvvH)JHkNz!M}AHNs-h@fQ1)NlGRIrN}u~cVafYh?cR5>@C_QO#SNppdGzSRRfQD
zxZX`><s|G6(X^t4Sw8!YP?|#AcZ~|K`M!4dxi?E}J?v)F;WzBHb|}zV%nF{2#m8>Z
zeM}{V3WrNViBB_2mk&&jNt^ojLaEC4GbeVcRP0=8Y&b)8Cw|Z3`e&yPB1X1`NtF~|
z|Gtst&C1N>pp~4lV_wZIEZz2RS)GS|Gv;2=(>kz!0u=u$G3d-rNw-`s%5dBty(d4c
zd^`t5IGHg+6uu1zBh0x5BPr%RvIbK%X&9@%l1##mnevtvTWj6hY2rVo^qC2r${3?(
zpN|#ByRH{Pjdt4*#i*cX^`EFa;}tQQlX%LZy)~m{5=mGr^Op01AOxG!P%Xt>6P>V2
zuOM14fX{`3HPZw454*PfyO5Jw*V%RjH39i|^kfBjKd25qa(j6GtHzD9ML4!A8B|nt
znWzbof>$qx<wgjIBeFV84J)QLwVQ?fbaX?)XUt{<=&HyVd2vV((+UrgMK8bC6m;qZ
z6E(bj^A0b2oUKWik#&|w+KJzg=-y?oed^5Iq;x3LIqh0s)1-lgE$|xj-kQ*?;)yh>
zhG5)g%K~Qkm(C`1NGCLNY0kaA8@tLOIF79qw_cHLm0;_wv1AsZ&2dLg@+)<Mak)8D
z*pj?~bcfh74%AzapzC5pbtF2~<HUL}yj<ZqAkwr?ME#8-o8AeBSCCT>Zo@^Jrz&LX
zq&4jjkEc8)d1Ng)wlJXd$_8sB7U&?ld0I%*C&E8ReYkDw#kru~O!#-Su{3)=t)71Q
zwTGs8Joei-GUM{6@&Fppj!3SdA)Zs^Mr4VP3P0vkG}MGFk@w@m&2Bs7@^f={D-0cT
zJdqO8P0f{vyKHyHeM^h!>Zi$JPu3wChM1mu8!tqB9vsgF7V`nGB!?ZlH0(2!V2RcW
zc_UVI+Z8C-ZkRy~2{JQEe<#9Vc;X#$p_A-R%M43S<;fCK?Pi~*_i=jIs~#U*RlO08
zqpmv-8D9&(J~eRt*$2eD<AV`zUJx2f=}?6z>x3$O%-jkfKELRt8$jE1$VihQv<Pa|
z(_bq=v<DcsKk{8<@U%SZ@Fc?fh2TAoyZ-rZBR`^akW-Lb46b%JShZqZZL&S_rUot7
zAfP<hKD>P%Z&DU;_V$(U+pM4<7S5f$T!Pbj5<J5+v0RaoAZMR@UDLxLft<gg3w~uP
zQYbc75^>RDh<nJ>zS2c#ZI-k&AQu(F=l@e<j*<iZzJ4A{@MoQ9mr(teMeZF!SDq5D
zy{~+FZ0}7A7w;syH7{Ok^3z1|dyf=nQnUZM;<TB&zi^U{G^duDpR87`X=|;e097SS
z22!1-M@S%1K*67!S8sf&N;L(yi_uCFy45dvn1W+ithd9NJUk41FMiREq%k}K1nbeH
zuL`UxBW`QVZCL$|Foj)mcV~F}SDA19ziS{LClq~<<c$qOv1#;NmJXH0ylb15AuT-e
zHgr97e5z;bhQ;2K4wHfR<w4tMrZ!ZfIF*FuL?cN~=z5I>9&jY5Yy8<XEr;WWX3X_K
zPgluB;GBewC%ApmrsxA-7Iu~eSEX1GZe*A-u(<jC<HOLdfA+%dqPUq%jXz*!bzyyu
zYoA}9DLOx*l7iw(xUn@GyjG=)|0gCvLb-TR<XBngWqi%<O@#Oy)<~$ssB!Ok_ic;w
zM}Fu@E`t|5H9@$Mj@Bch^eoo*TN9=u#a4#Lp6S`TR!_f?Yx;U}!ZG7T`uC2`g<_L>
z!p&J2dGMQ9Gk^N+Ep3IvYy6OUw(z-dohb_Br&p1;;d5T-8`&0?nQ`tQe5VTW!(u%6
z@UJx7?~h+B*=Jyd>2#L;FX7Vzf5f!G1;h1OBD#nNjdux$$nmT;@stfA`8sLFF6p3l
zGr!a0nQDer0}4+z`msrN)bt4c#!`;*!Hj>S_a6RP?4up?+AK(QjeMeuLB5&TA2N(v
z&1Lv0&k{eWZ&R!KRw`^IO+^2DhOiv1QJ2cIR_dVF8{Q%+u&K&-Cj(FkFU3C1z~Jwz
zdgY9-GBs5eFUqr!+^H66iC_R{eD0yZir;RV#WCdfV0^bV=fs}?$#v7{mqfb?Wvmg$
zTr%H)pR~t<e%Up<PM&Qs3x=&_!dx_KT~z(-<8ZR|{Ub;{CjqW#R80Ov3BW7*6L2r0
z>dN`Z@LC9Y;ffhRqBhJ~rs8=bU#*dI*u1j{>Yl=iAMj4=mJ%pAY9{GwaobbUHZlcV
z!nL4he-Sobjr$!on8Nbvw_HlqtbfXk_z)C!o{VDEHv|*k6$H~|<lf%{2D<&NN56XT
zd!_4Rk2V63LV4#?ae&w#MPev5^DkkfdNc01hfLy$2{WnEm}t&$uThiaRc7T(g_Tyz
zz<`q`x0EnZF*jC1*U!fh*JWq7M^M`@ib@(U-bCI0HqW|2cPya2=;Y%(hm0$}-831?
zeekv3$_(*M5wFq^bF*Pm4U**%ov&6U9#RXx-M?w+ZAYy|`Mx;ggz}aLxVm6m_b7x@
zM6dW$>9jqFpCc`Uk~0SSmP6i>M%m~lt-+&uToEfln_3+RV25Am3;l$$rQgmLR5t>6
zSfS{1gY<MHZoF5i9+hD!dc(R?W{h<nfx3$=b}@;bR_t9)u#a2Bdb*tj)JM5J`*!In
z^=Z(lPuRGW2>&C>s%Nix6uM(As7q2$+-uXhx>R<!zz|fUhL-Vhd7Xat$|ASc1wRtG
zL`$BuB)kRfP<PF4KeWk-4`cKx+%22EkFw(Vl%}0GVkM{Yq3GQiw#m<Y`g4775G3lu
zMAb+rn`_;@&8ko>!Z5aKRRMf0jCnwMb@6QY9*)D@b`ceOGW@e!m&!3+_De@~Bibf2
zJwYI*v`e^;m+T2xnrH~OMq`(SUJg=~TB7Arlu7Imk}+fA;?@RvLsu_g^HFGXPh}cs
zk3{kAh6v6kDlOQCSwnx<K(NSbG0uC87H9582kRAfOtR{TKm>UvnMKWC&`i0C&G?0v
z0}fVvz!yahPJ6*=Dl9M>f}vT2NzF8fLg7Y9ANQ?~z?V=C1*R7X1LM+71~FqiC&;3g
z)vr_iocA1~Gtgd-vBb>1l5u%Pb&N*iIe9CM2M*QX3N+>`Xhh`P1cg1mCq!jqj^T9k
z{RNS<yO!8qiy9>K!>vVBrdPBpQRGyJ7R>Q#=c?O>jMP8f>>Plc|2jJDI_IYCWEg1Y
zt$~K|ubfr85~<l*j_~+WOp&F<8j88gkgf_4hLV$XOFkd@hK~I5q)ugVOeL~YN<)wR
zyU0tSuGNt5f1p&mn}8n~(nstOHv|Rds;M9<dQLABnbfQ;AB@eIqEy@fQg6-o=@L#Q
zzaC!u=i@pyn<_!cW6vY{X|hw!(C@{wrMm1(1=I!_DF6;N!@9f1ULff7qJt*SS?TT;
zL!M{f!|-5@M{j}HAOMT9EQMM75_qfTz^hxqHFp^b%Drk~d=jquX5p?J(Z#mz_)vF5
zOdN3qw93e~4^P8iPy`O2EaVT_DfWhp<n#0M=j+DWlEMNE3IZ3G9t?RV;$63S*@{>s
zd-kBA+eugTe#}5FuAHK+F$9lL+Y?V`TkwXK^XEa+tupn-9wFNXb{vOf_o&kqcO9I6
z!i>N5KZF?-jz5nbjz9emPyCw^AmRVhX957`ztHy|^!#5|jrAX^9?M`jX_IN!|BqGw
zd)MLLQRe3WaIqihyYNWWTwKwR{yZ@?0$)fo<Sy7BTgmd#SHix)%@$MWEoRmCJ>#6|
z4CEXZTAk!y@X8I<krUY-$PcZRiuDSF!*DyJqj&bXrZyeP);dd7C~^++5X<rRV%Hu9
zB-{nkY<~8+9X0Ifh}OH$M7P4-J(%XINv&f5BU)Z}__zE4VWo2p27zHVBbEzi!uw`k
z7h=<%-PZs>uWj-$Ri5Zv%0}1fnT^A$UF-py{NJdE;W@*O?w8NVcO_Q(WeOw>6!YS(
z8Z*l0b*Wv5#we#iU~1LJ79?#s$>^#C|C}jtr?%sUzh{9@a{GSEk$7rw=ZWY8q#!hH
zJ>`9D9!8>3GRQ4$#o`2uy92G_4NrzJ7N)g-XE?9iEMZWk@KU_=2K>Im$h<UoiHh5V
z^`+MrfCOE3#Oc3_9x+)JK__uvJAF0cclM+{*wy6xTwOh%xTv7tj0IHF9%frmPp#2~
zF8wuM#`j(prxc&^_|3gfVW-x+9%hP^qm}+ctsfHcex#J()yLD0DUu%J5jBr)@9@28
z!Oj3p*FU&|4u2g{+~)_=+FtvI=C#2CqB#IHChwH&Hv!ohri`c=VlzsDlk~V_45B}<
zJ|0y6D41SSwJYQgH`juN70{}~Da*?p-qd5TM^v)yaf{Z!YnN@1q_a7V)|y+>^<9h#
ziB}V+91~{FEFxL{%JRejPNms&e$Nopp|8eDlF0w2X0)#MG*HXGCMxAFW05OBJLE0s
z_q7&8UWn*faRt(+H7`gHG?U`DQ$?ftGqfY#KA#I@thFTEs5842^SP+9pR(>~3%8Sy
z!l{-OAqJeT#B7j#5-t7byku;ZEq|OsEf^OKF3GnVx^d<hX4X!U*lns)KS(Pw<7<hM
zl0^DXLi$8PB=<Q$gC`S~N;L9>-ZX4>41R=*err;N(!yxWX3IM}+*VlE0aFW{V|94Z
zDc9oHSeqNv0R|;3C{GA}mUTKk>ckQJe&5czs*yJ_*I0+JNanM^9)fd2Ax$<!*!?&`
zww3N074nYOt>E<(Y@B#d8#3PeVb?iwOIu4_?IfB(9Zq7BSi)q)sm}8a?JU{RGAGsh
zwG_YbY}wICB5U#jo|Mz%e;ORf9OS(#vgc@Jr?N&DtcI12GEy~*fBK|hB=}nA3Ek%#
zofr%T;f_hpPp4vd!Uxw%J|tt-S<@Ot4nq~+j)O=5DxeLY+)|0e?7|n?o~hAO!m0pD
zL!J38zL?IYu(#rppv&W350V{2*kdyKG9ZjF{`USWCAURf(n>^#->jvww7f||mnp>s
zF9lyN?W>pcqt*kla;#x+JhsDkdNbqA2(@Yk>(GW9n!(}R_yyEj*DFb+DYcoA*3|po
zlJa(Z;m@^Kqq1T&Z_a)!Q_u5rBP_%EPt_|^`X^-x*bBO#oSJA^h1z{#_cUx?C2k{$
zz3b52()b{leqSoGaW$=zd5cV?iOwXf+13>dLv3kwqS{YKdh6qyYKlp{I^lW>YQTjU
zCH`LvE)>UnNM@8c&pjMj=Kf{9RQwnBdGmVHL2NRo$kt;t@$Io!D0$)2il((ql1<Y_
z!GatJ{9`#Djn=WOZ6sFt^H}by(!;Imzl$6pUsT*&0(*-I0UV~MpGA%9CNlhf$l>1c
zZyL<@Hn%=lI88C$9|3rQ0DqT1cR8`(oRY8CJ{Li#qcq9d6s*t+L?A7PHonzUVPxt3
zqGE#By!7+7Q-aj`pMWF6`Ju^Ggm2($L~=%tTUIEZ9v)TeZ(zI>TqK7sdJGxi)QURU
z&Zh~r+xg{NtG!>7?;H}MYgTCc0_S3^pH_%$+rKlTIkPr`K!3ti;vU<jXYW%;Cxx%c
zT>FkR4d1W?mf`)FOrHu)zW9$BV?t;G{d)fV1{Lo{qt-G^v(aK<1sqyGqPPD@^^Mvu
zBA1`KBo3@BxdzX29qBTc1xucA07Hw7T}1gSyf=+r>I+od+KV#sfEV6=P+PnX$38tA
zgw|0BrE+OwuLA7PU~BV=MK+A)_>>yzEf|vw04Yl|I|k6)n*)J-%F5IIl<$*;mi<vL
zv=uJSz;9E%YCc3989lz3_&SwVGeAv)N~9{72Pz2NYA3r%T!~x3o*>-;dFSi0J9KjX
z_TDv<#=IRj4#K*Hg{eo41^Dd=-Ze={s8>L5HI0~zhuK`Jx!1A>wWzQQ`kEj63Y;zE
z%8YG+9Mw&H#<dl!_Lgfr{QI%+#6e8C*q?A>qIp?bXONFdliSzqZ!{dBjrR=Ab|St)
zJ6IgV4OG_cT}Azss>3B*PiM%#|9L4F{qf$7ChEp7W5z`se!PwK$B52HO=OOUZ2N;T
zO%^Dpw*F%%$LE<NA1l{oOUiFV_!<xZDC{MOY6iO|sKY#a@AtKtNY&$wol}y1qRTh<
z#6SuwSM-LH9V061Oo%LzkWvWSMsr&4-LPZitlQK82Nlz`Z)3qcM+L4xhU(NltS*A^
z>Zxn_of-L*@LHQ*Y|<|Q&Z~+vr(Z?v1uYnn^&e4{ZzI;H*qrv%ho2YC=IFI*@eI(j
z*j>inaE&RSb4PBi)g`417OkenO;fV+gG;)X)~Wlys5nTY*P=F*mCZJuOX2EsL+<*u
zE1R~c$bP7aS?Jg+>}ndD;otO&t&&hAsLp1}KNk=u6=J9oW!?y~@`g+LKJwEspX8py
zuiiE68k2cn=1hILoUs?EPT{b9ebw;7VepqTb@k%%ScMs$F!_P>y{=HyLX!7zT*8nw
zZ=R$|So(gi<m5#Jfj!Sgx_N=eSY-xoJds4XSi?mx9~(J_l0%Hy=G88g1vjgL373HV
zM~Y?H5b=1VV=&17kZsm^Ae)s8N>10pbS2;zEiRReYc-mJQE5pfn^+i;Py?~C?0ts*
zP3o2)N&Tkcp)*y<BM<#00K0I_GE?`|DCQfEnrK_<;ili`_Gtts*~%z|(?WEl(5|Sd
zkgV;=R_LtaQ~g7_tKG|p?cyOXEbb49U=$FOf2r(Fx%$kazk2MMjEk89sc}l_<tNLO
zH|CbYfcDsCe&>gSYHr!+$gI0EB(${$;`qDsU{1p|v9GbcD!e^+S`dIqqRb^(?eK}x
zf!HYGOEFsgDQSL3?tZ{{=N~$!qLt%$$7!s)QFNzx>H|Y<gM~W0u#f2FXF&xB&HuMF
zd~!izdLj%j3|kCO4B!832+My%upk9CIi35p(M`!c7QP0uBR_MeY>=DE4k8F)g5U#j
vc!;qusc|r{$p;p8N=0G6lVDy~wz2|=v3g-zBiMKt$OOV?BTG;IqjLWTNKau)

literal 0
HcmV?d00001

diff --git a/fhir-server-webapp/src/main/liberty/config/resources/security/kafka.client.truststore.p12 b/fhir-server-webapp/src/main/liberty/config/resources/security/kafka.client.truststore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..a680e8e1b2d38536329b8608d2fc4578049888e6
GIT binary patch
literal 2904
zcmV-e3#arjf(ujv0Ru3C3mOIqDuzgg_YDCD0ic2l3j~4-2QY#Q12BRL{{{&vhDe6@
z4FLxRpn?kUFoFu~0s#Opf(qpZ2`Yw2hW8Bt2LUh~1_~;MNQU<f0So~KFb)I=h(rBG
zMHAiV0s;sCfPxCRo)@mokBGw#U!BZsu0LgAEqH$}cz+4v@Ho}Scm62)Zp2ji9K5d{
z75H59M+;qfJD)&nB@2mXJKoMD6d#r69AYkI56`@bDDNk?mNq&pJ>EwfcG^<wKWVPT
zP}<cHbPNj~%874&HmW)v0MT$7%1=8s8BNe9!8HXnf<j^7y&pW>!1jN+8z2#10*2%U
z#2`s;aRYPme<@F){kB2Cxgi)+33GYA#|EApko=>ac!c+pr^G7G0hgEAwgRvF>%Yhi
z-?cB$Mse7?k<T>j*5RN2wtl*WS?!ZSklSCgLQ$p{fd@ypJY<D$pcJp@N7bPu;OSii
zaL-}XQ8PrjsedT7L?mcy30Q+sRfwACy}o&(z!;Z2BDa1oel#S-9BAuzj9N~S1Dr8X
zZ(}>;@2kK!t`YYlNI(Qm_y10fE+MldQQ$;OUq&_!lgBOfTj(FI4eSS>zorBy`FP(#
zLoN#LBGyHl5n0Bk%h;;cHGB|I>xgKO@a6y;L7rIUtk5&%;!OE+*>uHFV`g!38??ob
z+_2sDE>^tW;YA-hz-dqz8Eo<^uy<&Xgm=a#h#fKw1x0fi<<idHidn`$snG@BP1Md_
zxLtf#rFMy4&Ur{`x8LD(kKyd+EZ5`NP?s6IfzkjgCNh)9P4qnEu|((^=U{CDolPKF
zhbgn<#-;$pUmHb)XQU=E+e9EaQyvnKAa_n9J%cLy34!NPfF^7mqLc<141T`&_6KbD
zf0kjhznB?)Ow)<op(()JPFN${W|R_DcKjK87;)?_L@KjXuNh_ZREvTgJir01Q?{6n
zuLU|dFw1F--`d14GB6za;BT6F4eOnJ0*)x&Rf4c1p$Sg$>Wa~V_iVL&_@{2JYVPI!
zRDI3c@!(o()vapEosEaFk8*0XsXmth+l*bVE1QxaMtPH;aQ6X!&L`FV3*$N>B#M^`
zK;V;~b14@>cDGX*xP0)eS$QvIAzqiYo|mgcn`ZTAznsP;K4hlQs)C8BfiXv%Fzz;I
z^3q0aI4KjX2Yx&I4E(KsUeHWi;*}hwn;&U9hzh#D53!{z8xnE}Qb4DIjJ|xFhh`B+
z&s=DoXvXsndJP>quEGol%mt&le9<xw24zCab%8Z5_%qxdFb;4-Z<GNZsl4Ek(-p8u
z114F?OVHT8*$)1jqYBWnmj#tfHl;}5yk$mGFr;t3I$Awk&O&#px0(W#-i&jWfZGG!
z{9m*fj4#!Wb;E;!kxO!8^(Is-`lE>ffC3!JOBcccL)DiLcKr-Q2fIacwCmv~P-Z=W
zmE7J|vHU_KeU`deaNolyZw}eV@vixr{vY-M^XCqNtB$y$*9iXCBgj27ww4s<)1cuk
z{0+Gcpq`!w4>B^*`sn_+?NSYS8u-z4WTI;cEG%6vwCD|gv3T7o({J_lA6uuhE0gru
zag#`L{PUAkkm&r&G0PCr?2Mm-N~uTol7_HwQA~F4vQ!35NHZg{#c>Rj<b!(K7yAIp
zod#&Gy+c8Pf=Pa*S?e1RxH)QZtVC5gT|D0u^!A=%%n7kOjcJLvyBf1SfWQ^XGE;ew
zhP6*=E^C#MyO3V1cl&4RJWusA2Ba_4K1=_i60z7C6s!qv<fgjViY(FMAQ9%D9+wF8
z<*tpIBy66DCCbs(>QN4`oADc;Ky2S_?H$IX5uPutXTL!2UJanQL!N8CyM<!8(D`*f
zzeq3XQ<7>U+5wVWRe)9u?600?M5X}QZdsK^DOvCvW)=y-0|>cM2%4|O`c+7Zk)JaM
z2pyXNz8?ZpCYL7WqHt?GWGx1i<G16XwI+Fw#z+Seat<rc|2*B0c%dQoBTitbe<R3d
zcs-%`-GwzOc)p?(we<TZtOn$#YiJ7JvB(ATVI{tHOb$^jG=&*9Bm<XS73wk<CqB_a
zD>1@dZ>lz#k+knB3sQ6T^p;Ltwt4kgnWOP_9XO2nAxXV+s2QJUF+27|10TqPK3e`+
zc;{511DJpj%I(yQ`-v%KQ`y=Stg&gMq;Zwh2x+5oRv)Jh&I2H85}*zc0r2_~wpiab
ze0&V3Iexx%4XwLJvSdrEvnU<W9tRw&Rr#Vbt``F>qaDIhQgMKl<c8*n4T>yO4zRh?
zpzd4NSr>-!3%>>-8VSu$kh5iq`E+m(hq2z7To7C(+Y*}_e`Ewb?wh3_HM5eyyG5BN
z|CS~pO1YFEiCmqjjs+r<j7?7D*=SN1Zl><?UcaoB4m#ttGN5J-CXuLvln}%YJW6dS
z5V~c+D;8?yMPRx7&dW0EPRjwY!}bH*n8`F&{M2|?(8R=eJB^AGl($^Tc>ojO2%gV#
zquMUXB}KNO=$j@KhCYgX1Ie8&aU){zgV(wDY<~a`LNML+7Uc|6qpFn3KLu4%1htYC
zHqID5?{Xw(gpAb}pC};YKerisL$UoriyMDpiBhJ&QqSLw(i2(FYhM_dZ+l^Mv91SO
z1!GX|8xevR#~_{N2!}R$`dkCve+!aGaKJmX07!_D+4E+$Z9C}M+U^{t9xtLjARl-)
z$4uWWjLuxH@*`vD`C|Rje~(fgn&>n=)xvQhlCQ*WOM+Etdg^y6WgYxpN*L+6i9lU|
zbfi&~4_&ox4w)+2Z?D`$sYs=c5j{=C<<Gc19w(|B8OVuJIcp^jq(wc|cqs0z{8lMY
zyB*=4rEDt{vvBx_zVBmeRVc-UL4XHtm@x(<goO3*%RYH3AEd`00HzC{hF^a<-wpd=
ze1%$$d|%FeQyG7}T7d!&zEP9&ubr;t!}+yXYV`*|x-HsDqnqQr=_zWf;D^!ovLXK%
zRcF`KaH;Wj_3b&ar!2Qk%9Qqk0PL=6v))T8D7ZZAaJzCCE^=tsMrp}Z`e&j3nGJ+)
zo`;#0g1&y_mv>l<7XN8#X=HXO&<6)!c9HN=alw?bYe=lwyW`S29676tvcXW%fguE@
zH^F6hW8RUT8sEAR<=`{^azo0fsI)9ajuD)Flsmx09@l}x#6z$dcgkynZb$3QG!FrC
z3XvYMEJ>Bb+%yIER`%uc39{&dCLj<{q%x{miU@-@BfGqj6n=NuFQ-pdoL7eU(8fXk
zDH+`lvJ<i31hkO!NTQ_&8u&9`z`Z|D<mh>kIn^_Fi;2)<%n%``chMDAf6{qvHt9|Q
z8NW)C$)dct`VZ2Y`oj-t6->Tyo3NMy5qgB(#X(8xVg65rbxx51h-c0`;<XfBOrf0&
zD~B?wuZmHVlOqD)x5&XZL61n`&B}UHu{M&87cAl-+5|!`G8PL(GX8oeVqJgkcRd|1
z=l*s1JQcZwAUj87AciwW{&=AO(}rQG2uygJhyTSj5x$nsqtp7s;4(^VM%V7RmR#qE
z(-Ffg&)&buq@+GjQ~_{`*hp!>SIXm&LFaZAJS%xv1U6Ta97Wl&F6t@;C_T1tz4HMK
zOh=hoK^nqgY!F2~M|q_?EOeW;kie(1Efmk{@7QIL07^s{7F###Nh0rE`p{>(oVz**
zshyXFXI|}^rf?Bzow9pP`J{R0t@UOXCe?u8#;^uWq)b<gtI>Gho3V1XlnpMeGn4G$
z72jdo+&>DqKarQvd0i@L_`>X}>j1E@sBKTCOo6;U7kbjO^VV#JrX$g0{v{VU#Xk(y
zFflM8FbM_)D-Ht!8U+9Z6g={{`;3=iWF|hR?uehun4#^RFa!uR`K58v+-(yA0tf&i
Cw_#`i

literal 0
HcmV?d00001

diff --git a/fhir-server-webapp/src/main/liberty/config/server.env b/fhir-server-webapp/src/main/liberty/config/server.env
new file mode 100644
index 00000000000..ee2c923f826
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/server.env
@@ -0,0 +1 @@
+TZ=UTC
\ No newline at end of file
diff --git a/fhir-server-webapp/src/main/liberty/config/server.xml b/fhir-server-webapp/src/main/liberty/config/server.xml
new file mode 100644
index 00000000000..d2bc1701ba5
--- /dev/null
+++ b/fhir-server-webapp/src/main/liberty/config/server.xml
@@ -0,0 +1,119 @@
+<server description="fhir-server">
+
+    <!-- Enable features -->
+    <featureManager>
+        <feature>transportSecurity-1.0</feature>
+        <feature>appSecurity-2.0</feature>
+        <feature>jaxrs-2.1</feature>
+        <feature>servlet-4.0</feature>
+        <feature>jsonp-1.1</feature>
+        <!-- the db2 jcc driver for 11.5.0.0 doesn't fully implement jdbc-4.2 -->
+        <feature>jdbc-4.1</feature>
+        <feature>websocket-1.1</feature>
+        <feature>localConnector-1.0</feature>
+        <!-- mpJwt-1.2 isn't used by default,
+             but we include it here to avoid NoClassDefFound in our classes that *can* use it -->
+        <feature>mpJwt-1.2</feature>
+    </featureManager>
+
+    <!-- Disable welcome page so that internal server info won't be revealed in responses
+         to requests with an invalid context root.
+    -->
+    <httpDispatcher enableWelcomePage="false"/>
+    <!-- Disable X-Powered-By header to avoid leaking information and
+         override the default error pages to avoid showing stack traces
+         for nonsensical queries like requests for a JSP page that doesn't exist.
+    -->
+    <webContainer disableXPoweredBy="true"
+        displayTextWhenNoErrorPageDefined="Unexpected request/response. Please check the URL and try again."
+        deferServletLoad="false"/>
+
+    <!-- IBM FHIR Server's keystore and truststore configuration -->
+    <ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore" clientAuthenticationSupported="true" sslProtocol="TLSv1.2"/>
+    <keyStore id="defaultKeyStore" location="${server.config.dir}/resources/security/fhirKeyStore.p12" password="change-password"/>
+    <keyStore id="defaultTrustStore" location="${server.config.dir}/resources/security/fhirTrustStore.p12" password="change-password"/>
+
+    <!-- This entry defines the ports that the server will listen on.
+        By default, the httpPort is disabled (set to "-1").
+        Modify the port #'s as needed to satisfy your config requirements.
+        Note: on Linux, the server must be running with root priviledges in order to
+        listen on ports <= 1024.
+     -->
+    <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" httpsPort="9443" onError="FAIL"/>
+
+    <!--
+        The trace specification can be set via the TRACE_SPEC environment variable (or by overriding it below).
+        
+        Example trace specifications: 
+        <logging traceSpecification="*=info:com.ibm.fhir.*=finer" traceFormat="BASIC"/>
+        <logging traceSpecification="*=info:com.ibm.fhir.persistence.jdbc.dao.impl.*=fine" traceFormat="BASIC"/>
+        <logging traceSpecification="${TRACE_SPEC}" traceFileName="${TRACE_FILE}" traceFormat="${TRACE_FORMAT}" consoleLogLevel="${WLP_LOGGING_CONSOLE_LOGLEVEL}"/>
+        
+        To send the trace messages to standard out, set TRACE_FILE to "stdout".
+    -->
+    <variable name="TRACE_SPEC" defaultValue="*=info"/>
+    <variable name="TRACE_FILE" defaultValue="trace.log"/>
+    <variable name="TRACE_FORMAT" defaultValue="BASIC"/>
+    <variable name="WLP_LOGGING_CONSOLE_LOGLEVEL" defaultValue="INFO"/>
+    <logging traceSpecification="${TRACE_SPEC}" traceFileName="${TRACE_FILE}" traceFormat="${TRACE_FORMAT}" consoleLogLevel="${WLP_LOGGING_CONSOLE_LOGLEVEL}"/>
+
+    <!-- Automatically expand WAR files and EAR files -->
+    <applicationManager autoExpand="true"/>
+
+    <applicationMonitor updateTrigger="mbean"/>
+
+    <!-- This is the main IBM FHIR Server REST API war -->
+    <webApplication id="fhir-server-webapp" contextRoot="fhir-server/api/v4" location="fhir-server.war" name="fhir-server-webapp">
+        <classloader privateLibraryRef="fhirUserLib"/>
+        <!-- Include id attributes to make it easier to override this via dropinConfig -->
+        <application-bnd id="bind">
+            <security-role id="users" name="FHIRUsers">
+                <group id="usersGroup" name="FHIRUsers"/>
+            </security-role>
+        </application-bnd>
+    </webApplication>
+
+    <!--
+        This sharedlib can contain user-contributed jars that are intended to augment
+        the IBM FHIR Server installation (persistence interceptors, persistence layer impl's,
+        custom operation impl's, etc.)
+     -->
+    <library id="fhirUserLib">
+        <fileset dir="${server.config.dir}/userlib" includes="*.jar"/>
+    </library>
+
+    <!-- Shared library definitions for the supported database types -->
+    <library id="sharedLibDb2">
+        <fileset dir="${shared.resource.dir}/lib/db2" includes="*.jar"/>
+    </library>
+    <library id="sharedLibDerby">
+        <fileset dir="${shared.resource.dir}/lib/derby" includes="*.jar"/>
+    </library>
+    <library id="sharedLibPostgres">
+        <fileset dir="${shared.resource.dir}/lib/postgresql" includes="*.jar"/>
+    </library>
+
+    <webAppSecurity allowFailOverToBasicAuth="true" singleSignonEnabled="false"/>
+    
+    <cors domain="/"
+        allowedOrigins="*"
+        allowedMethods="GET, DELETE, POST, PUT, HEAD"
+        allowedHeaders="*"
+        maxAge="3600" />
+
+    <!-- Variables for the users so they can be overriden by environment variables -->
+    <variable name="FHIR_USER_PASSWORD" defaultValue="change-password"/>
+    <variable name="FHIR_ADMIN_PASSWORD" defaultValue="change-password"/>
+
+    <!-- Define a basic user registry with a few users. -->
+    <basicRegistry id="basic" realm="BasicRealm">
+        <user name="fhiruser" password="${FHIR_USER_PASSWORD}"/>
+        <user name="fhiradmin" password="${FHIR_ADMIN_PASSWORD}"/>
+        <group name="FHIRUsers">
+            <member name="fhiruser"/>
+        </group>
+        <group name="clientAdministrator">
+            <member name="fhiruser"/>
+        </group>
+    </basicRegistry>
+</server>