ThingWorx Platform webAppRootKey / log4jConfigLocation /WEB-INF/log4j.properties logbackDisableServletContainerInitializer true COOKIE CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins * cors.allowed.methods OPTIONS,GET,POST,HEAD,PUT,DELETE cors.allowed.headers Authorization,appKey,x-thingworx-session,Content-Type,X-Requested-With,Origin,Access-Control-Request-Method,Access-Control-Request-Headers cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-Credentials cors.support.credentials false cors.preflight.maxage 10 cors.request.decorate true CorsFilter /* Mark resource as non-cacheable for browser HttpResponseHeadersNoCacheFilter com.thingworx.security.filter.HttpResponseHeadersFilter Cache-Control SET no-cache,no-store,must-revalidate Pragma SET no-cache Expires SET 0 HttpResponseHeadersNoCacheFilter /Runtime/index.html HttpResponseHeadersNoCacheFilter /Composer/index.html Sets various HTTP Response Headers in order to increase security, etc. HttpResponseHeadersFilter com.thingworx.security.filter.HttpResponseHeadersFilter X-Content-Type-Options SET nosniff X-XSS-Protection SET 1; mode=block HttpResponseHeadersFilter /* UrlRewriteFilterRewrite org.tuckey.web.filters.urlrewrite.UrlRewriteFilter confPath /WEB-INF/urlrewrite-rewrite.xml logLevel slf4j UrlRewriteFilterRestore org.tuckey.web.filters.urlrewrite.UrlRewriteFilter confPath /WEB-INF/urlrewrite-restore.xml logLevel slf4j AuthenticationFilter com.thingworx.security.authentication.AuthenticationFilter defaultSessionTimeout 30 ValidationFilter com.thingworx.security.filter.ValidationFilter FlowDelegatedOAuthFilter com.thingworx.flow.filter.FlowDelegatedOAuthFilter ClickjackFilterDeny com.thingworx.security.filter.ClickjackFilter mode DENY ClickjackFilterSameOrigin com.thingworx.security.filter.ClickjackFilter mode SAMEORIGIN ClickjackFilterWhiteList com.thingworx.security.filter.ClickjackFilter mode WHITELIST domains http://example.com ClickjackFilterSameOrigin /* UrlRewriteFilterRewrite /* REQUEST FORWARD AuthenticationFilter /rp/* REQUEST FORWARD UrlRewriteFilterRestore /rp/* REQUEST FORWARD AuthenticationFilter /extensions/* AuthenticationFilter /Common/extensions/* AuthenticationFilter /config/buildConfig.json AuthenticationFilter /action-authenticate/* AuthenticationFilter /action-login/* AuthenticationFilter /action-confirm-creds/* AuthenticationFilter /action-change-password/* AuthenticationFilter /ThingworxMain.html AuthenticationFilter /ThingworxMain.html/* AuthenticationFilter /Server/* AuthenticationFilter /ApplicationKeys/* AuthenticationFilter /Networks/* AuthenticationFilter /Dashboards/* AuthenticationFilter /DirectoryServices/* AuthenticationFilter /Authenticators/* AuthenticationFilter /PersistenceProviderPackages/* AuthenticationFilter /tunnel/wsadapter.jsp AuthenticationFilter /tunnel/adapter.jsp AuthenticationFilter /tunnel/vnc.jsp AuthenticationFilter /Logs/* AuthenticationFilter /Metrics/* AuthenticationFilter /Resources/* AuthenticationFilter /Subsystems/* AuthenticationFilter /Users/* AuthenticationFilter /Home/* AuthenticationFilter /StateDefinitions/* AuthenticationFilter /StyleDefinitions/* AuthenticationFilter /StyleThemes/* AuthenticationFilter /ScriptFunctionLibraries/* AuthenticationFilter /AtomFeedService/* AuthenticationFilter /DataShapes/* AuthenticationFilter /Importer/* AuthenticationFilter /ImageEncoder/* AuthenticationFilter /Exporter/* AuthenticationFilter /ExportDatabase/* AuthenticationFilter /ExportTheme/* AuthenticationFilter /ExportDefaultEntities/* AuthenticationFilter /ImportDatabase/* AuthenticationFilter /DataExporter/* AuthenticationFilter /DataImporter/* AuthenticationFilter /Widgets/* AuthenticationFilter /Groups/* AuthenticationFilter /ThingGroups/* AuthenticationFilter /ThingPackages/* AuthenticationFilter /Things/* AuthenticationFilter /ThingTemplates/* AuthenticationFilter /ThingShapes/* AuthenticationFilter /DataTags/* AuthenticationFilter /ModelTags/* AuthenticationFilter /Composer/* AuthenticationFilter /Builder/* AuthenticationFilter /Runtime/index.html AuthenticationFilter /Runtime/index-jq3.html AuthenticationFilter /Mashups/* AuthenticationFilter /Menus/* AuthenticationFilter /MediaEntities/* AuthenticationFilter /loaders/* AuthenticationFilter /demos/* AuthenticationFilter /API/* AuthenticationFilter /ExtensionPackageUploader/* AuthenticationFilter /ExtensionPackages/* AuthenticationFilter /FileRepositoryUploader/* AuthenticationFilter /FileRepositoryDownloader/* AuthenticationFilter /FileRepositories/* AuthenticationFilter /xmpp/* AuthenticationFilter /LocalizationTables/* AuthenticationFilter /Organizations/* AuthenticationFilter /RemoteTunnel/* AuthenticationFilter /WSTunnelClient/* AuthenticationFilter /WSTunnelServer/* AuthenticationFilter /PersistenceProviders/* AuthenticationFilter /Projects/* AuthenticationFilter /NotificationDefinitions/* AuthenticationFilter /NotificationContents/* AuthenticationFilter /Apps/Flows/* AuthenticationFilter /Providers_Flow_redirect FlowDelegatedOAuthFilter /Providers_Flow_redirect ValidationFilter /* ContentLengthFilter com.thingworx.security.contenttype.ContentLengthFilter max-allowed-length-in-bytes 67108864 white-list ContentLengthFilter /ApplicationKeys/* /AtomFeedService/* /Authenticators/* /Dashboards/* /DataExporter/* /DataShapes/* /DataTags/* /DirectoryServices/* /ExportDatabase/* /ExportDefaultEntities/* /ExportTheme/* /Exporter/* /ExtensionPackages/* /Groups/* /Home/* /ImportDatabase/* /LocalizationTables/* /Logs/* /Metrics/* /Mashups/* /MediaEntities/* /Menus/* /ModelTags/* /Networks/* /NotificationContents/* /NotificationDefinitions/* /Organizations/* /PersistenceProviderPackages/* /PersistenceProviders/* /Projects/* /Resources/* /ScriptFunctionLibraries/* /Server/* /StateDefinitions/* /StyleDefinitions/* /StyleThemes/* /Subsystems/* /ThingPackages/* /ThingShapes/* /ThingTemplates/* /Things/* /Users/* /Widgets/* ContentTypeFilter com.thingworx.security.contenttype.ContentTypeFilter paths-to-be-ignored-for-DELETE /SCIMProvider/* ContentTypeFilter /* ValidationFilter /health /ready /Admin/HA/LeaderCheck AuthenticationFilter /saml/SSO AuthenticationFilter /saml/metadata AuthenticationFilter /oauth2_authorization_code_redirect AuthenticationFilter /oauth2_gather_grants AuthenticationFilter /SCIMProvider/* com.thingworx.system.ThingWorxBootstrapper com.thingworx.security.authentication.sso.SSORequestContextListener HealthCheck com.thingworx.webservices.HealthCheck ReadyCheck com.thingworx.webservices.ReadyCheck HealthCheck /health /Admin/HA/LeaderCheck/* ReadyCheck /ready Things com.thingworx.webservices.Things ThingTemplates com.thingworx.webservices.ThingTemplates ApplicationKeys com.thingworx.webservices.ApplicationKeys Networks com.thingworx.webservices.Networks DirectoryServices com.thingworx.webservices.DirectoryServices Authenticators com.thingworx.webservices.Authenticators Logs com.thingworx.webservices.Logs Metrics com.thingworx.webservices.MetricsExporter Resources com.thingworx.webservices.Resources Subsystems com.thingworx.webservices.Subsystems Dashboards com.thingworx.webservices.Dashboards LocalizationTables com.thingworx.webservices.LocalizationTables Organizations com.thingworx.webservices.Organizations Users com.thingworx.webservices.Users Home com.thingworx.webservices.Home Mashups com.thingworx.webservices.Mashups Menus com.thingworx.webservices.Menus MediaEntities com.thingworx.webservices.MediaEntities Widgets com.thingworx.webservices.Widgets ScriptFunctionLibraries com.thingworx.webservices.ScriptFunctionLibraries StyleDefinitions com.thingworx.webservices.StyleDefinitions StyleThemes com.thingworx.webservices.StyleThemes StateDefinitions com.thingworx.webservices.StateDefinitions ThingPackages com.thingworx.webservices.ThingPackages PersistenceProviderPackages com.thingworx.webservices.PersistenceProviderPackages Server com.thingworx.webservices.Server DataShapes com.thingworx.webservices.DataShapes ThingShapes com.thingworx.webservices.ThingShapes Groups com.thingworx.webservices.Groups ThingGroups com.thingworx.webservices.ThingGroups DataTags com.thingworx.webservices.DataTags ModelTags com.thingworx.webservices.ModelTags Importer com.thingworx.webservices.Importer Exporter com.thingworx.webservices.Exporter ExportDatabase com.thingworx.webservices.ExportDatabase ExportTheme com.thingworx.webservices.ExportTheme ExportDefaultEntities com.thingworx.webservices.ExportDefaultEntities ImportDatabase com.thingworx.webservices.ImportDatabase DataImporter com.thingworx.webservices.DataImporter DataExporter com.thingworx.webservices.DataExporter ImageEncoder com.thingworx.webservices.ImageEncoder AtomFeedService com.thingworx.webservices.AtomFeedService ExtensionPackageUploader com.thingworx.webservices.ExtensionPackageUploader ExtensionPackages com.thingworx.webservices.ExtensionPackages FileRepositoryUploader com.thingworx.webservices.FileRepositoryUploader FileRepositoryDownloader com.thingworx.webservices.FileRepositoryDownloader FileRepositories com.thingworx.webservices.FileRepositories AvatarViewer com.thingworx.webservices.AvatarViewer OrganizationLogoViewer com.thingworx.webservices.OrganizationLogoViewer FormLogin /login/FormLogin.jsp ResetPassword /login/ResetPassword.jsp ConfirmCredentials /login/ConfirmCredentials.jsp PersistenceProviders com.thingworx.webservices.PersistenceProviders Projects com.thingworx.webservices.Projects NotificationDefinitions com.thingworx.webservices.NotificationDefinitions NotificationContents com.thingworx.webservices.NotificationContents FlowApp com.thingworx.webservices.AppRouter ExtensionPackageUploader /ExtensionPackageUploader/* ExtensionPackages /ExtensionPackages/* Server /Server/* Mashups /Mashups/* Dashboards /Dashboards/* Menus /Menus/* MediaEntities /MediaEntities/* Widgets /Widgets/* StateDefinitions /StateDefinitions/* StyleDefinitions /StyleDefinitions/* StyleThemes /StyleThemes/* ScriptFunctionLibraries /ScriptFunctionLibraries/* ApplicationKeys /ApplicationKeys/* Networks /Networks/* DirectoryServices /DirectoryServices/* Authenticators /Authenticators/* Logs /Logs/* Metrics /Metrics/* Resources /Resources/* Subsystems /Subsystems/* Users /Users/* Home /Home/* LocalizationTables /LocalizationTables/* Organizations /Organizations/* Things /Things/* ThingTemplates /ThingTemplates/* ThingPackages /ThingPackages/* PersistenceProviderPackages /PersistenceProviderPackages/* DataShapes /DataShapes/* ThingShapes /ThingShapes/* Groups /Groups/* ThingGroups /ThingGroups/* DataTags /DataTags/* ModelTags /ModelTags/* AtomFeedService /AtomFeedService/* Importer /Importer Exporter /Exporter/* ExportDatabase /ExportDatabase/* ExportTheme /ExportTheme/* ExportDefaultEntities /ExportDefaultEntities/* ImportDatabase /ImportDatabase/* DataImporter /DataImporter DataExporter /DataExporter/* ImageEncoder /ImageEncoder FileRepositoryUploader /FileRepositoryUploader/* FileRepositoryDownloader /FileRepositoryDownloader/* FileRepositories /FileRepositories/* AvatarViewer /AvatarViewer/* OrganizationLogoViewer /OrganizationLogoViewer/* FormLogin /FormLogin/* ResetPassword /FormLogin/reset/* ConfirmCredentials /FormLogin/confirm/* PersistenceProviders /PersistenceProviders/* Projects /Projects/* NotificationDefinitions /NotificationDefinitions/* NotificationContents /NotificationContents/* FlowApp /Apps/Flows/* index.jsp index.html Allow unprotected HEAD /tunnel/* HEAD Forbidden /WEB-INF/* Forbidden /persistence/* Forbidden /streams/* SCIMProvider com.thingworx.security.scim.SCIMProvider 9000 SCIMProvider /SCIMProvider/* AuthenticatorExceptionHandler com.thingworx.security.authentication.AuthenticatorExceptionHandler AuthenticatorExceptionHandler /AuthenticatorExceptionHandler 401 /AuthenticatorExceptionHandler PageNotFoundExceptionHandler com.thingworx.handlers.PageNotFoundExceptionHandler PageNotFoundExceptionHandler /PageNotFoundExceptionHandler 404 /PageNotFoundExceptionHandler UnexpectedExceptionHandler com.thingworx.handlers.UnexpectedExceptionHandler UnexpectedExceptionHandler /UnexpectedExceptionHandler 500 /UnexpectedExceptionHandler ServiceUnavailableExceptionHandler com.thingworx.handlers.ServiceUnavailableExceptionHandler ServiceUnavailableExceptionHandler /ServiceUnavailableExceptionHandler 503 /ServiceUnavailableExceptionHandler