cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Removing access to Squeal with Tomcat Security Constraints

Highlighted
Level 11

Removing access to Squeal with Tomcat Security Constraints

The Squeal functionality has been discontinued with ThingWorx 8.1, see ThingWorx 8.1.0 Release Notes

 

There might be scenarios where it should be disabled in earlier versions as well. This can be achieved e.g. with Tomcat Security Constraints. To add such a constraint, open <Tomcat>\webapps\Thingworx\WEB-INF\web.xml


At the end of the file add a new constraint just before closing the </web-app> tag:

 

<security-constraint>
  <web-resource-collection>
    <web-resource-name>Forbidden</web-resource-name>
    <url-pattern>/Squeal/*</url-pattern>
  </web-resource-collection>
  <auth-constraint/>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

Save the file and restart Tomcat.


Accessing the /Thingworx/Squeal resource now will result in an error message:

 

HTTP Status 403 - Access to the requested resource has been denied

 

One scenario to be aware of is when the web.xml changes, e.g. due to updating ThingWorx or other manual changes. In such a case, ensure that the filter is still present in the file and taken into account.