ThingWorx Platform
webAppRootKey
/
log4jConfigLocation
/WEB-INF/log4j.properties
logbackDisableServletContainerInitializer
true
COOKIE
CorsFilter
org.apache.catalina.filters.CorsFilter
cors.allowed.origins
*
cors.allowed.methods
OPTIONS,GET,POST,HEAD,PUT,DELETE
cors.allowed.headers
Authorization,appKey,x-thingworx-session,Content-Type,X-Requested-With,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
cors.exposed.headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
cors.support.credentials
false
cors.preflight.maxage
10
cors.request.decorate
true
CorsFilter
/*
Mark resource as non-cacheable for browser
HttpResponseHeadersNoCacheFilter
com.thingworx.security.filter.HttpResponseHeadersFilter
Cache-Control
SET no-cache,no-store,must-revalidate
Pragma
SET no-cache
Expires
SET 0
HttpResponseHeadersNoCacheFilter
/Runtime/index.html
HttpResponseHeadersNoCacheFilter
/Composer/index.html
Sets various HTTP Response Headers in order to increase security, etc.
HttpResponseHeadersFilter
com.thingworx.security.filter.HttpResponseHeadersFilter
X-Content-Type-Options
SET nosniff
X-XSS-Protection
SET 1; mode=block
HttpResponseHeadersFilter
/*
UrlRewriteFilterRewrite
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
confPath
/WEB-INF/urlrewrite-rewrite.xml
logLevel
slf4j
UrlRewriteFilterRestore
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
confPath
/WEB-INF/urlrewrite-restore.xml
logLevel
slf4j
AuthenticationFilter
com.thingworx.security.authentication.AuthenticationFilter
defaultSessionTimeout
30
ValidationFilter
com.thingworx.security.filter.ValidationFilter
FlowDelegatedOAuthFilter
com.thingworx.flow.filter.FlowDelegatedOAuthFilter
ClickjackFilterDeny
com.thingworx.security.filter.ClickjackFilter
mode
DENY
ClickjackFilterSameOrigin
com.thingworx.security.filter.ClickjackFilter
mode
SAMEORIGIN
ClickjackFilterWhiteList
com.thingworx.security.filter.ClickjackFilter
mode
WHITELIST
domains
http://example.com
ClickjackFilterSameOrigin
/*
UrlRewriteFilterRewrite
/*
REQUEST
FORWARD
AuthenticationFilter
/rp/*
REQUEST
FORWARD
UrlRewriteFilterRestore
/rp/*
REQUEST
FORWARD
AuthenticationFilter
/extensions/*
AuthenticationFilter
/Common/extensions/*
AuthenticationFilter
/config/buildConfig.json
AuthenticationFilter
/action-authenticate/*
AuthenticationFilter
/action-login/*
AuthenticationFilter
/action-confirm-creds/*
AuthenticationFilter
/action-change-password/*
AuthenticationFilter
/ThingworxMain.html
AuthenticationFilter
/ThingworxMain.html/*
AuthenticationFilter
/Server/*
AuthenticationFilter
/ApplicationKeys/*
AuthenticationFilter
/Networks/*
AuthenticationFilter
/Dashboards/*
AuthenticationFilter
/DirectoryServices/*
AuthenticationFilter
/Authenticators/*
AuthenticationFilter
/PersistenceProviderPackages/*
AuthenticationFilter
/tunnel/wsadapter.jsp
AuthenticationFilter
/tunnel/adapter.jsp
AuthenticationFilter
/tunnel/vnc.jsp
AuthenticationFilter
/Logs/*
AuthenticationFilter
/Metrics/*
AuthenticationFilter
/Resources/*
AuthenticationFilter
/Subsystems/*
AuthenticationFilter
/Users/*
AuthenticationFilter
/Home/*
AuthenticationFilter
/StateDefinitions/*
AuthenticationFilter
/StyleDefinitions/*
AuthenticationFilter
/StyleThemes/*
AuthenticationFilter
/ScriptFunctionLibraries/*
AuthenticationFilter
/AtomFeedService/*
AuthenticationFilter
/DataShapes/*
AuthenticationFilter
/Importer/*
AuthenticationFilter
/ImageEncoder/*
AuthenticationFilter
/Exporter/*
AuthenticationFilter
/ExportDatabase/*
AuthenticationFilter
/ExportTheme/*
AuthenticationFilter
/ExportDefaultEntities/*
AuthenticationFilter
/ImportDatabase/*
AuthenticationFilter
/DataExporter/*
AuthenticationFilter
/DataImporter/*
AuthenticationFilter
/Widgets/*
AuthenticationFilter
/Groups/*
AuthenticationFilter
/ThingGroups/*
AuthenticationFilter
/ThingPackages/*
AuthenticationFilter
/Things/*
AuthenticationFilter
/ThingTemplates/*
AuthenticationFilter
/ThingShapes/*
AuthenticationFilter
/DataTags/*
AuthenticationFilter
/ModelTags/*
AuthenticationFilter
/Composer/*
AuthenticationFilter
/Builder/*
AuthenticationFilter
/Runtime/index.html
AuthenticationFilter
/Runtime/index-jq3.html
AuthenticationFilter
/Mashups/*
AuthenticationFilter
/Menus/*
AuthenticationFilter
/MediaEntities/*
AuthenticationFilter
/loaders/*
AuthenticationFilter
/demos/*
AuthenticationFilter
/API/*
AuthenticationFilter
/ExtensionPackageUploader/*
AuthenticationFilter
/ExtensionPackages/*
AuthenticationFilter
/FileRepositoryUploader/*
AuthenticationFilter
/FileRepositoryDownloader/*
AuthenticationFilter
/FileRepositories/*
AuthenticationFilter
/xmpp/*
AuthenticationFilter
/LocalizationTables/*
AuthenticationFilter
/Organizations/*
AuthenticationFilter
/RemoteTunnel/*
AuthenticationFilter
/WSTunnelClient/*
AuthenticationFilter
/WSTunnelServer/*
AuthenticationFilter
/PersistenceProviders/*
AuthenticationFilter
/Projects/*
AuthenticationFilter
/NotificationDefinitions/*
AuthenticationFilter
/NotificationContents/*
AuthenticationFilter
/Apps/Flows/*
AuthenticationFilter
/Providers_Flow_redirect
FlowDelegatedOAuthFilter
/Providers_Flow_redirect
ValidationFilter
/*
ContentLengthFilter
com.thingworx.security.contenttype.ContentLengthFilter
max-allowed-length-in-bytes
67108864
white-list
ContentLengthFilter
/ApplicationKeys/*
/AtomFeedService/*
/Authenticators/*
/Dashboards/*
/DataExporter/*
/DataShapes/*
/DataTags/*
/DirectoryServices/*
/ExportDatabase/*
/ExportDefaultEntities/*
/ExportTheme/*
/Exporter/*
/ExtensionPackages/*
/Groups/*
/Home/*
/ImportDatabase/*
/LocalizationTables/*
/Logs/*
/Metrics/*
/Mashups/*
/MediaEntities/*
/Menus/*
/ModelTags/*
/Networks/*
/NotificationContents/*
/NotificationDefinitions/*
/Organizations/*
/PersistenceProviderPackages/*
/PersistenceProviders/*
/Projects/*
/Resources/*
/ScriptFunctionLibraries/*
/Server/*
/StateDefinitions/*
/StyleDefinitions/*
/StyleThemes/*
/Subsystems/*
/ThingPackages/*
/ThingShapes/*
/ThingTemplates/*
/Things/*
/Users/*
/Widgets/*
ContentTypeFilter
com.thingworx.security.contenttype.ContentTypeFilter
paths-to-be-ignored-for-DELETE
/SCIMProvider/*
ContentTypeFilter
/*
ValidationFilter
/health
/ready
/Admin/HA/LeaderCheck
AuthenticationFilter
/saml/SSO
AuthenticationFilter
/saml/metadata
AuthenticationFilter
/oauth2_authorization_code_redirect
AuthenticationFilter
/oauth2_gather_grants
AuthenticationFilter
/SCIMProvider/*
com.thingworx.system.ThingWorxBootstrapper
com.thingworx.security.authentication.sso.SSORequestContextListener
HealthCheck
com.thingworx.webservices.HealthCheck
ReadyCheck
com.thingworx.webservices.ReadyCheck
HealthCheck
/health
/Admin/HA/LeaderCheck/*
ReadyCheck
/ready
Things
com.thingworx.webservices.Things
ThingTemplates
com.thingworx.webservices.ThingTemplates
ApplicationKeys
com.thingworx.webservices.ApplicationKeys
Networks
com.thingworx.webservices.Networks
DirectoryServices
com.thingworx.webservices.DirectoryServices
Authenticators
com.thingworx.webservices.Authenticators
Logs
com.thingworx.webservices.Logs
Metrics
com.thingworx.webservices.MetricsExporter
Resources
com.thingworx.webservices.Resources
Subsystems
com.thingworx.webservices.Subsystems
Dashboards
com.thingworx.webservices.Dashboards
LocalizationTables
com.thingworx.webservices.LocalizationTables
Organizations
com.thingworx.webservices.Organizations
Users
com.thingworx.webservices.Users
Home
com.thingworx.webservices.Home
Mashups
com.thingworx.webservices.Mashups
Menus
com.thingworx.webservices.Menus
MediaEntities
com.thingworx.webservices.MediaEntities
Widgets
com.thingworx.webservices.Widgets
ScriptFunctionLibraries
com.thingworx.webservices.ScriptFunctionLibraries
StyleDefinitions
com.thingworx.webservices.StyleDefinitions
StyleThemes
com.thingworx.webservices.StyleThemes
StateDefinitions
com.thingworx.webservices.StateDefinitions
ThingPackages
com.thingworx.webservices.ThingPackages
PersistenceProviderPackages
com.thingworx.webservices.PersistenceProviderPackages
Server
com.thingworx.webservices.Server
DataShapes
com.thingworx.webservices.DataShapes
ThingShapes
com.thingworx.webservices.ThingShapes
Groups
com.thingworx.webservices.Groups
ThingGroups
com.thingworx.webservices.ThingGroups
DataTags
com.thingworx.webservices.DataTags
ModelTags
com.thingworx.webservices.ModelTags
Importer
com.thingworx.webservices.Importer
Exporter
com.thingworx.webservices.Exporter
ExportDatabase
com.thingworx.webservices.ExportDatabase
ExportTheme
com.thingworx.webservices.ExportTheme
ExportDefaultEntities
com.thingworx.webservices.ExportDefaultEntities
ImportDatabase
com.thingworx.webservices.ImportDatabase
DataImporter
com.thingworx.webservices.DataImporter
DataExporter
com.thingworx.webservices.DataExporter
ImageEncoder
com.thingworx.webservices.ImageEncoder
AtomFeedService
com.thingworx.webservices.AtomFeedService
ExtensionPackageUploader
com.thingworx.webservices.ExtensionPackageUploader
ExtensionPackages
com.thingworx.webservices.ExtensionPackages
FileRepositoryUploader
com.thingworx.webservices.FileRepositoryUploader
FileRepositoryDownloader
com.thingworx.webservices.FileRepositoryDownloader
FileRepositories
com.thingworx.webservices.FileRepositories
AvatarViewer
com.thingworx.webservices.AvatarViewer
OrganizationLogoViewer
com.thingworx.webservices.OrganizationLogoViewer
FormLogin
/login/FormLogin.jsp
ResetPassword
/login/ResetPassword.jsp
ConfirmCredentials
/login/ConfirmCredentials.jsp
PersistenceProviders
com.thingworx.webservices.PersistenceProviders
Projects
com.thingworx.webservices.Projects
NotificationDefinitions
com.thingworx.webservices.NotificationDefinitions
NotificationContents
com.thingworx.webservices.NotificationContents
FlowApp
com.thingworx.webservices.AppRouter
ExtensionPackageUploader
/ExtensionPackageUploader/*
ExtensionPackages
/ExtensionPackages/*
Server
/Server/*
Mashups
/Mashups/*
Dashboards
/Dashboards/*
Menus
/Menus/*
MediaEntities
/MediaEntities/*
Widgets
/Widgets/*
StateDefinitions
/StateDefinitions/*
StyleDefinitions
/StyleDefinitions/*
StyleThemes
/StyleThemes/*
ScriptFunctionLibraries
/ScriptFunctionLibraries/*
ApplicationKeys
/ApplicationKeys/*
Networks
/Networks/*
DirectoryServices
/DirectoryServices/*
Authenticators
/Authenticators/*
Logs
/Logs/*
Metrics
/Metrics/*
Resources
/Resources/*
Subsystems
/Subsystems/*
Users
/Users/*
Home
/Home/*
LocalizationTables
/LocalizationTables/*
Organizations
/Organizations/*
Things
/Things/*
ThingTemplates
/ThingTemplates/*
ThingPackages
/ThingPackages/*
PersistenceProviderPackages
/PersistenceProviderPackages/*
DataShapes
/DataShapes/*
ThingShapes
/ThingShapes/*
Groups
/Groups/*
ThingGroups
/ThingGroups/*
DataTags
/DataTags/*
ModelTags
/ModelTags/*
AtomFeedService
/AtomFeedService/*
Importer
/Importer
Exporter
/Exporter/*
ExportDatabase
/ExportDatabase/*
ExportTheme
/ExportTheme/*
ExportDefaultEntities
/ExportDefaultEntities/*
ImportDatabase
/ImportDatabase/*
DataImporter
/DataImporter
DataExporter
/DataExporter/*
ImageEncoder
/ImageEncoder
FileRepositoryUploader
/FileRepositoryUploader/*
FileRepositoryDownloader
/FileRepositoryDownloader/*
FileRepositories
/FileRepositories/*
AvatarViewer
/AvatarViewer/*
OrganizationLogoViewer
/OrganizationLogoViewer/*
FormLogin
/FormLogin/*
ResetPassword
/FormLogin/reset/*
ConfirmCredentials
/FormLogin/confirm/*
PersistenceProviders
/PersistenceProviders/*
Projects
/Projects/*
NotificationDefinitions
/NotificationDefinitions/*
NotificationContents
/NotificationContents/*
FlowApp
/Apps/Flows/*
index.jsp
index.html
Allow unprotected HEAD
/tunnel/*
HEAD
Forbidden
/WEB-INF/*
Forbidden
/persistence/*
Forbidden
/streams/*
SCIMProvider
com.thingworx.security.scim.SCIMProvider
9000
SCIMProvider
/SCIMProvider/*
AuthenticatorExceptionHandler
com.thingworx.security.authentication.AuthenticatorExceptionHandler
AuthenticatorExceptionHandler
/AuthenticatorExceptionHandler
401
/AuthenticatorExceptionHandler
PageNotFoundExceptionHandler
com.thingworx.handlers.PageNotFoundExceptionHandler
PageNotFoundExceptionHandler
/PageNotFoundExceptionHandler
404
/PageNotFoundExceptionHandler
UnexpectedExceptionHandler
com.thingworx.handlers.UnexpectedExceptionHandler
UnexpectedExceptionHandler
/UnexpectedExceptionHandler
500
/UnexpectedExceptionHandler
ServiceUnavailableExceptionHandler
com.thingworx.handlers.ServiceUnavailableExceptionHandler
ServiceUnavailableExceptionHandler
/ServiceUnavailableExceptionHandler
503
/ServiceUnavailableExceptionHandler