Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X
Hi i have 2 question about Thingworx
1. Change URL
How can AppKey show mashups without being exposed?
2. Protect Composer page
Users typically go to the squal page if no home mashup is specified.
However, you can go directly to the Composer page by entering Composer directly.
Customers do not want it. Can I prevent a user other than a specific user or administrator from entering the Composer page?
Or can I replace the URL that currently enters the Composer page(<host>:<port>/Thingworx/Composer) with a specific format(<host>:<port>/IoT/<SomeKeyValue>/Composer)?
Thanks
Solved! Go to Solution.
Thank you for answer.
But I wanted was to make it possible for specific user, not everyone, to go to the composer page.
To solve this problem, I found a way to limit access to the composer page through Tomcat configuration.
Tomcat's remote address configuration allows only the local host to access the composer page
thank
For appkeys the security is really in the limited permissions you assign to it, to only accomplish the tasks necessary.
As such these aren't generally recommended for Session based interactions like Mashups.
You can in certain use cases justify it, like general display boards or registration.
The recommended way to 'hide' it is to have it in the header of a call and not in the URL
For composer you can now set up user profiles such that if they do end up in composer they have no menus available to them.
I would also set up an organization to apply visibility so they can only see what they need to.
Thank you for your reply.
What you learn from your answer is that it seems preferable to use Appkey to communicate with ThingWorx and not to use it to show mashups.
I think user can not access the composer's page is a better way than by modifying the user's profile that hiding the left-hand collection of the composer's page or using the organization to limit visibility
Could you change the URL of the composer page?
I am wondering if there is any way to change / Thingworx / Composer /.
I wonder if I can change the proposition called Composer to access the composer page with another proposition.
Now, I approach the composer page through the address / Thingworx / Composer.
But can I change to access the composer's page through / Thingworx / <Some Value>?
Thank you.
We do not recommend moving/removing/aliasing whatever people might do to remove composer.
I understand the concern, but the only people that would end up in composer if you properly set redirects or home mashups is if they intentionally / specifically navigate to that link (<server>/Thingworx/Composer)
For regular end users I think that is rare, and if some of them do know Thingworx, they would go there because they are curious or ... trying to hack :D.
So properly setting up permissions and the profile will help with that.
Thank you for answer.
But I wanted was to make it possible for specific user, not everyone, to go to the composer page.
To solve this problem, I found a way to limit access to the composer page through Tomcat configuration.
Tomcat's remote address configuration allows only the local host to access the composer page
thank
Hi CHASEONHO,
Can you pls share the setting that you have set in Tomcat? I have same requirement as your to stop the some users from accessing the composer.
Thanks.
This can be done by modifying Tomcat's web.xml.
Open the web.xml under a conf in the Tomcat installation directory with a text editor (I used Notepad ++).
Add the following syntax:
(Search for "Built In Filter Mappings" and add it)
<filter>
<filter-name> Remote Address Filter </ filter-name>
<filter-class> org.apache.catalina.filters.RemoteAddrFilter </ filter-class>
<init-param>
<param-name> allow </ param-name>
<!-- Write the IP to allow access here. -->
<param-value> 127 \. \ d + \. \ d + \. \ d + | :: 1 | 0: 0: 0: 0: 0: 0: 0: 1 | 66 \ .12 \ .8 \ .45 < / param-value>
</ init-param>
</ filter> -
<!-- ==================== Built In Filter Mappings ====================== -->
<!-- The mapping for the HTTP header security Filter -->
<filter-mapping>
<filter-name> Remote Address Filter </ filter-name>
<!-- Write a url pattern that only IPs that are allowed to access can be connected -->
<url-pattern> / Composer / * </ url-pattern>
<url-pattern> / Squeal / * </ url-pattern>
</ filter-mapping>
PS
You may also refer to the following site.
https://geekflare.com/tomcat-http-security-header/