Hi All,
I have a use case where I have to display mashups in salesforce through iframes.
I have done this as follow:
http://myDomain/Thingworx/Mashups/MashupName? appKey=APPLICATION_KEY&x-thingworx-session=true
Earlier it was working good, and I was successfully able to view mashups in salesforce.
Recently, I got my TWX Version upgraded to 7.2.5 and after upgradation I started facing the issue of AUTHENTICATION with the above way to display mashups. It now started asking for username and password.
Please help as my complete work is getting affected by this.
Thanks,
Meenakshi
Meenakshi Agrawal - Protection against Cross-Site Scripting (XSS) has been improved steadily since version 6.5. For information about how to configure XSS protection in your instance, take the following steps:
You'll find instructions on how to configure XSS protection there.
P.S. - this looks like a cross-post with this post. Would you mind combining the two posts?
Hi
I have Same requirement need to show Thingworx mashup in Iframe/Div or any other HTML control. I need to integrate thingworx mashup in Webpage. I have followed below step mentioned in Release notes.
Description | Required Steps |
Remove all clickjacking protection |
</filter-mapping> |
Currently i am using Thingworx 7.3
Still i am unable to get my thingworx mashup in Iframe.
giving following Error in Console.
Refused to display 'http://localhost:8080/Thingworx/Runtime/index.html#mashup=test&__fromBuilder=93bdc457-ce6b-414d-bd1e-a8c7f760985b' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
http://localhost:56354/favicon.ico Failed to load resource: the server responded with a status of 404 (Not Found)
In above URL "test" is my mahsup name, What i am doing wrong here. could you please look into issue.
Thanks & Regards
Spandhana.
Please observer changes done in web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>ThingWorx Platform</display-name>
<context-param>
<param-name>globalScope</param-name>
<param-value>default</param-value>
</context-param>
<context-param>
<param-name>parentContextKey</param-name>
<param-value>default.context</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>/</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/log4j.properties</param-value>
</context-param>
<filter>
<description>Sets various HTTP Response Headers in order to increase security, etc.</description>
<filter-name>HttpResponseHeadersFilter</filter-name>
<filter-class>com.thingworx.security.filter.HttpResponseHeadersFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>HttpResponseHeadersFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<description>Prohibits Requests from being processed by a Platform instance that is not the current HA "Leader".</description>
<filter-name>ProhibitIfNotLeaderFilter</filter-name>
<filter-class>com.thingworx.security.filter.ProhibitIfNotLeaderFilter</filter-class>
<init-param>
<description><![CDATA[URLs matching this pattern will always be allowed on the current Platform instance, regardless of whether or not that instance is the current HA "Leader". This parameter is useful to identify, for example, URLs related to Platform Administration Services, etc. which should be executable on all Platform instances, not just the current HA "Leader". Please note that this parameter does not yet currently support the full <url-pattern> syntax (as specified by the Servlet Specification). That is, it currently must start with "/" and must end with "/*" (e.g. "/foo/*"), otherwise an exception will be thrown.]]></description>
<param-name>url-pattern-allowed-if-not-leader</param-name>
<param-value>/Admin/HA/*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ProhibitIfNotLeaderFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>HAAuthenticationFilter</filter-name>
<filter-class>com.thingworx.security.authentication.HAAuthenticationFilter</filter-class>
</filter>
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>com.thingworx.security.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>defaultSessionTimeout</param-name>
<param-value>30</param-value>
</init-param>
</filter>
<filter>
<filter-name>ValidationFilter</filter-name>
<filter-class>com.thingworx.security.filter.ValidationFilter</filter-class>
</filter>
<filter>
<filter-name>ClickjackFilterDeny</filter-name>
<filter-class>com.thingworx.security.filter.ClickjackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<param-value>DENY</param-value>
</init-param>
</filter>
<filter>
<filter-name>ClickjackFilterSameOrigin</filter-name>
<filter-class>com.thingworx.security.filter.ClickjackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter>
<filter-name>ClickjackFilterWhiteList</filter-name>
<filter-class>com.thingworx.security.filter.ClickjackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<param-value>WHITELIST</param-value>
</init-param>
<init-param>
<param-name>domains</param-name>
<param-value>http://example.com</param-value>
</init-param>
</filter>
<!-- use the Deny version to exclude all framing -->
<!--
<filter-mapping>
<filter-name>ClickjackFilterDeny</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
<!-- use the SameOrigin version to allow your application to frame, but nobody else -->
<!-- spandana
<filter-mapping>
<filter-name>ClickjackFilterSameOrigin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spandana -->
<!-- use the WhiteList version to allow framing from specified domains -->
<!--
<filter-mapping>
<filter-name>ClickjackFilterWhiteList</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/extensions/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/action-authenticate/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/action-login/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/action-confirm-creds/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/action-change-password/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ThingworxMain.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ThingworxMain.html/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Server/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ApplicationKeys/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Networks/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Dashboards/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/DirectoryServices/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Authenticators/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/PersistenceProviderPackages/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/tunnel/wsadapter.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/tunnel/adapter.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Logs/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Resources/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Subsystems/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Users/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Home/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/StateDefinitions/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/StyleDefinitions/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ScriptFunctionLibraries/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/AtomFeedService/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/DataShapes/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Importer/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ImageEncoder/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Exporter/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ExportDatabase/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ExportTheme/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ExportDefaultEntities/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ImportDatabase/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/DataExporter/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/DataImporter/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Widgets/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Groups/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ThingPackages/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Things/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ThingTemplates/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/DataAnalysisDefinitions/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ThingShapes/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/DataTags/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ModelTags/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Composer/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Squeal/index.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Runtime/index.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Mashups/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Menus/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/MediaEntities/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/loaders/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/demos/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/API/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ExtensionPackageUploader/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/ExtensionPackages/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/FileRepositoryUploader/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/FileRepositoryDownloader/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/FileRepositories/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/xmpp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/LocalizationTables/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Organizations/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/RemoteTunnel/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/WSTunnelClient/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/WSTunnelServer/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/PersistenceProviders/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Projects/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>ContentTypeFilter</filter-name>
<filter-class>com.thingworx.security.contenttype.ContentTypeFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ContentTypeFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HAAuthenticationFilter</filter-name>
<url-pattern>/Admin/HA/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>com.thingworx.system.ThingWorxBootstrapper</listener-class>
<!-- To be enabled if you wish to use JMX to monitor ThingWorx
<listener-class>com.thingworx.instrumentation.ThingWorxServerMBeanContextListener</listener-class>
-->
</listener>
<servlet>
<servlet-name>ClusteringStatus</servlet-name>
<servlet-class>com.thingworx.webservices.ClusteringStatus</servlet-class>
</servlet>
<servlet>
<servlet-name>LeaderCheck</servlet-name>
<servlet-class>com.thingworx.webservices.LeaderStatus</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LeaderCheck</servlet-name>
<url-pattern>/Admin/HA/LeaderCheck/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ClusteringStatus</servlet-name>
<url-pattern>/Admin/HA/ClusteringStatus/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Things</servlet-name>
<servlet-class>com.thingworx.webservices.Things</servlet-class>
</servlet>
<servlet>
<servlet-name>ThingTemplates</servlet-name>
<servlet-class>com.thingworx.webservices.ThingTemplates</servlet-class>
</servlet>
<servlet>
<servlet-name>DataAnalysisDefinitions</servlet-name>
<servlet-class>com.thingworx.webservices.DataAnalysisDefinitions</servlet-class>
</servlet>
<servlet>
<servlet-name>ApplicationKeys</servlet-name>
<servlet-class>com.thingworx.webservices.ApplicationKeys</servlet-class>
</servlet>
<servlet>
<servlet-name>Networks</servlet-name>
<servlet-class>com.thingworx.webservices.Networks</servlet-class>
</servlet>
<servlet>
<servlet-name>DirectoryServices</servlet-name>
<servlet-class>com.thingworx.webservices.DirectoryServices</servlet-class>
</servlet>
<servlet>
<servlet-name>Authenticators</servlet-name>
<servlet-class>com.thingworx.webservices.Authenticators</servlet-class>
</servlet>
<servlet>
<servlet-name>Logs</servlet-name>
<servlet-class>com.thingworx.webservices.Logs</servlet-class>
</servlet>
<servlet>
<servlet-name>Resources</servlet-name>
<servlet-class>com.thingworx.webservices.Resources</servlet-class>
</servlet>
<servlet>
<servlet-name>Subsystems</servlet-name>
<servlet-class>com.thingworx.webservices.Subsystems</servlet-class>
</servlet>
<servlet>
<servlet-name>Dashboards</servlet-name>
<servlet-class>com.thingworx.webservices.Dashboards</servlet-class>
</servlet>
<servlet>
<servlet-name>LocalizationTables</servlet-name>
<servlet-class>com.thingworx.webservices.LocalizationTables</servlet-class>
</servlet>
<servlet>
<servlet-name>Organizations</servlet-name>
<servlet-class>com.thingworx.webservices.Organizations</servlet-class>
</servlet>
<servlet>
<servlet-name>Users</servlet-name>
<servlet-class>com.thingworx.webservices.Users</servlet-class>
</servlet>
<servlet>
<servlet-name>Home</servlet-name>
<servlet-class>com.thingworx.webservices.Home</servlet-class>
</servlet>
<servlet>
<servlet-name>Mashups</servlet-name>
<servlet-class>com.thingworx.webservices.Mashups</servlet-class>
</servlet>
<servlet>
<servlet-name>Menus</servlet-name>
<servlet-class>com.thingworx.webservices.Menus</servlet-class>
</servlet>
<servlet>
<servlet-name>MediaEntities</servlet-name>
<servlet-class>com.thingworx.webservices.MediaEntities</servlet-class>
</servlet>
<servlet>
<servlet-name>Widgets</servlet-name>
<servlet-class>com.thingworx.webservices.Widgets</servlet-class>
</servlet>
<servlet>
<servlet-name>ScriptFunctionLibraries</servlet-name>
<servlet-class>com.thingworx.webservices.ScriptFunctionLibraries</servlet-class>
</servlet>
<servlet>
<servlet-name>StyleDefinitions</servlet-name>
<servlet-class>com.thingworx.webservices.StyleDefinitions</servlet-class>
</servlet>
<servlet>
<servlet-name>StateDefinitions</servlet-name>
<servlet-class>com.thingworx.webservices.StateDefinitions</servlet-class>
</servlet>
<servlet>
<servlet-name>ThingPackages</servlet-name>
<servlet-class>com.thingworx.webservices.ThingPackages</servlet-class>
</servlet>
<servlet>
<servlet-name>PersistenceProviderPackages</servlet-name>
<servlet-class>com.thingworx.webservices.PersistenceProviderPackages</servlet-class>
</servlet>
<servlet>
<servlet-name>Server</servlet-name>
<servlet-class>com.thingworx.webservices.Server</servlet-class>
</servlet>
<servlet>
<servlet-name>DataShapes</servlet-name>
<servlet-class>com.thingworx.webservices.DataShapes</servlet-class>
</servlet>
<servlet>
<servlet-name>ThingShapes</servlet-name>
<servlet-class>com.thingworx.webservices.ThingShapes</servlet-class>
</servlet>
<servlet>
<servlet-name>Groups</servlet-name>
<servlet-class>com.thingworx.webservices.Groups</servlet-class>
</servlet>
<servlet>
<servlet-name>DataTags</servlet-name>
<servlet-class>com.thingworx.webservices.DataTags</servlet-class>
</servlet>
<servlet>
<servlet-name>ModelTags</servlet-name>
<servlet-class>com.thingworx.webservices.ModelTags</servlet-class>
</servlet>
<servlet>
<servlet-name>Importer</servlet-name>
<servlet-class>com.thingworx.webservices.Importer</servlet-class>
</servlet>
<servlet>
<servlet-name>Exporter</servlet-name>
<servlet-class>com.thingworx.webservices.Exporter</servlet-class>
</servlet>
<servlet>
<servlet-name>ExportDatabase</servlet-name>
<servlet-class>com.thingworx.webservices.ExportDatabase</servlet-class>
</servlet>
<servlet>
<servlet-name>ExportTheme</servlet-name>
<servlet-class>com.thingworx.webservices.ExportTheme</servlet-class>
</servlet>
<servlet>
<servlet-name>ExportDefaultEntities</servlet-name>
<servlet-class>com.thingworx.webservices.ExportDefaultEntities</servlet-class>
</servlet>
<servlet>
<servlet-name>ImportDatabase</servlet-name>
<servlet-class>com.thingworx.webservices.ImportDatabase</servlet-class>
</servlet>
<servlet>
<servlet-name>DataImporter</servlet-name>
<servlet-class>com.thingworx.webservices.DataImporter</servlet-class>
</servlet>
<servlet>
<servlet-name>DataExporter</servlet-name>
<servlet-class>com.thingworx.webservices.DataExporter</servlet-class>
</servlet>
<servlet>
<servlet-name>ImageEncoder</servlet-name>
<servlet-class>com.thingworx.webservices.ImageEncoder</servlet-class>
</servlet>
<servlet>
<servlet-name>AtomFeedService</servlet-name>
<servlet-class>com.thingworx.webservices.AtomFeedService</servlet-class>
</servlet>
<servlet>
<servlet-name>ExtensionPackageUploader</servlet-name>
<servlet-class>com.thingworx.webservices.ExtensionPackageUploader</servlet-class>
</servlet>
<servlet>
<servlet-name>ExtensionPackages</servlet-name>
<servlet-class>com.thingworx.webservices.ExtensionPackages</servlet-class>
</servlet>
<servlet>
<servlet-name>FileRepositoryUploader</servlet-name>
<servlet-class>com.thingworx.webservices.FileRepositoryUploader</servlet-class>
</servlet>
<servlet>
<servlet-name>FileRepositoryDownloader</servlet-name>
<servlet-class>com.thingworx.webservices.FileRepositoryDownloader</servlet-class>
</servlet>
<servlet>
<servlet-name>FileRepositories</servlet-name>
<servlet-class>com.thingworx.webservices.FileRepositories</servlet-class>
</servlet>
<servlet>
<servlet-name>AvatarViewer</servlet-name>
<servlet-class>com.thingworx.webservices.AvatarViewer</servlet-class>
</servlet>
<servlet>
<servlet-name>OrganizationLogoViewer</servlet-name>
<servlet-class>com.thingworx.webservices.OrganizationLogoViewer</servlet-class>
</servlet>
<servlet>
<servlet-name>FormLogin</servlet-name>
<jsp-file>/login/FormLogin.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>ResetPassword</servlet-name>
<jsp-file>/login/ResetPassword.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>ConfirmCredentials</servlet-name>
<jsp-file>/login/ConfirmCredentials.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>PersistenceProviders</servlet-name>
<servlet-class>com.thingworx.webservices.PersistenceProviders</servlet-class>
</servlet>
<servlet>
<servlet-name>Projects</servlet-name>
<servlet-class>com.thingworx.webservices.Projects</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ExtensionPackageUploader</servlet-name>
<url-pattern>/ExtensionPackageUploader/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ExtensionPackages</servlet-name>
<url-pattern>/ExtensionPackages/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Server</servlet-name>
<url-pattern>/Server/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Mashups</servlet-name>
<url-pattern>/Mashups/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Dashboards</servlet-name>
<url-pattern>/Dashboards/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Menus</servlet-name>
<url-pattern>/Menus/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MediaEntities</servlet-name>
<url-pattern>/MediaEntities/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Widgets</servlet-name>
<url-pattern>/Widgets/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>StateDefinitions</servlet-name>
<url-pattern>/StateDefinitions/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>StyleDefinitions</servlet-name>
<url-pattern>/StyleDefinitions/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ScriptFunctionLibraries</servlet-name>
<url-pattern>/ScriptFunctionLibraries/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ApplicationKeys</servlet-name>
<url-pattern>/ApplicationKeys/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Networks</servlet-name>
<url-pattern>/Networks/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DirectoryServices</servlet-name>
<url-pattern>/DirectoryServices/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Authenticators</servlet-name>
<url-pattern>/Authenticators/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Logs</servlet-name>
<url-pattern>/Logs/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Resources</servlet-name>
<url-pattern>/Resources/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Subsystems</servlet-name>
<url-pattern>/Subsystems/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Users</servlet-name>
<url-pattern>/Users/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Home</servlet-name>
<url-pattern>/Home/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LocalizationTables</servlet-name>
<url-pattern>/LocalizationTables/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Organizations</servlet-name>
<url-pattern>/Organizations/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Things</servlet-name>
<url-pattern>/Things/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ThingTemplates</servlet-name>
<url-pattern>/ThingTemplates/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DataAnalysisDefinitions</servlet-name>
<url-pattern>/DataAnalysisDefinitions/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ThingPackages</servlet-name>
<url-pattern>/ThingPackages/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>PersistenceProviderPackages</servlet-name>
<url-pattern>/PersistenceProviderPackages/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DataShapes</servlet-name>
<url-pattern>/DataShapes/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ThingShapes</servlet-name>
<url-pattern>/ThingShapes/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Groups</servlet-name>
<url-pattern>/Groups/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DataTags</servlet-name>
<url-pattern>/DataTags/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ModelTags</servlet-name>
<url-pattern>/ModelTags/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AtomFeedService</servlet-name>
<url-pattern>/AtomFeedService/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Importer</servlet-name>
<url-pattern>/Importer</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Exporter</servlet-name>
<url-pattern>/Exporter/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ExportDatabase</servlet-name>
<url-pattern>/ExportDatabase/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ExportTheme</servlet-name>
<url-pattern>/ExportTheme/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ExportDefaultEntities</servlet-name>
<url-pattern>/ExportDefaultEntities/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ImportDatabase</servlet-name>
<url-pattern>/ImportDatabase/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DataImporter</servlet-name>
<url-pattern>/DataImporter</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DataExporter</servlet-name>
<url-pattern>/DataExporter/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ImageEncoder</servlet-name>
<url-pattern>/ImageEncoder</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FileRepositoryUploader</servlet-name>
<url-pattern>/FileRepositoryUploader/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FileRepositoryDownloader</servlet-name>
<url-pattern>/FileRepositoryDownloader/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FileRepositories</servlet-name>
<url-pattern>/FileRepositories/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AvatarViewer</servlet-name>
<url-pattern>/AvatarViewer/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>OrganizationLogoViewer</servlet-name>
<url-pattern>/OrganizationLogoViewer/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FormLogin</servlet-name>
<url-pattern>/FormLogin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ResetPassword</servlet-name>
<url-pattern>/FormLogin/reset/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ConfirmCredentials</servlet-name>
<url-pattern>/FormLogin/confirm/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>PersistenceProviders</servlet-name>
<url-pattern>/PersistenceProviders/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Projects</servlet-name>
<url-pattern>/Projects/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Forbidden</web-resource-name>
<url-pattern>/WEB-INF/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Forbidden</web-resource-name>
<url-pattern>/persistence/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Forbidden</web-resource-name>
<url-pattern>/streams/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
</web-app>
My Issue Got Resolved. I am able to Display Thingworx Mashup in Iframe Control of my Webpage.
Steps I have done
1) I have followed below step mentioned in Release notes.
Description | Required Steps |
Remove all clickjacking protection |
</filter-mapping> |
Currently i am using Thingworx 7.3
2)
<iframe id="if1" width="500" height="390" style="visibility:visible" src="http://localhost:8080/Thingworx/Mashups/PGCGraph? appKey=0f4b4662-7d09-46c3-a766-bbbcfa73ad99&x-thingworx-session=true">
</iframe>
Mashup URL I am giving like this
http://localhost:8080/Thingworx/Mashups/PGCGraph? appKey=0f4b4662-7d09-46c3-a766-bbbcfa73ad99&x-thingworx-session=true
here PGCGraph is Mashup Name.
I have Created User (Example:User123) and I Have created Appkey( 0f4b4662-7d09-46c3-a766-bbbcfa73ad99) and assigned created user (User123 to appkey.)
3)For Mashup i have assigned user in Design Time and Run time Permission.
With above steps i am able to get my mashup in iframe.
Thanks
Spandhana Daram
Meenakshi Agrawal, Could you please check spandana reply if it helps in your query too. If yes, mark it helpful or correct to let other members know this Thread has a Solution.