5 Replies Latest reply on Mar 9, 2017 8:44 AM by Ankit Gupta RSS
    magrawal Apprentice

    Display Mashups from external Browser

    Hi All,

     

    I have a use case where I have to display mashups in salesforce through iframes.
    I have done this as follow:

    http://myDomain/Thingworx/Mashups/MashupName? appKey=APPLICATION_KEY&x-thingworx-session=true

     

    Earlier it was working good, and I was successfully able to view mashups in salesforce.


    Recently, I got my TWX Version upgraded to 7.2.5 and after upgradation I started facing the issue of AUTHENTICATION with the above way to display mashups. It now started asking for username and password.

     

    Please help as my complete work is getting affected by this.

     

    Thanks,

    Meenakshi

     


      • Re: Display Mashups from external Browser
        sharmon Creator

        Meenakshi Agrawal - Protection against Cross-Site Scripting (XSS) has been improved steadily since version 6.5. For information about how to configure XSS protection in your instance, take the following steps:

         

         

        You'll find instructions on how to configure XSS protection there.

         

        P.S. - this looks like a cross-post with this post. Would you mind combining the two posts?

          • Re: Display Mashups from external Browser
            sdaram-2 Newbie

            Hi

            Re: Display Mashups from external Browser

            Stephen HarmonCreator

             

             

            I have Same requirement need to show Thingworx mashup in Iframe/Div or any other HTML control. I need to integrate thingworx mashup in Webpage. I have followed below step mentioned in Release notes.

             

             

            Description

            Required Steps

            Remove all clickjacking protection

            1. a. Locate the following section of code in the web.xml and comment it out:
            2. b. <!-- use the SameOrigin version to allow your
            3. c. application to frame, but nobody else -->
            4. d. <filter-mapping>
            5. e.                                                                               <filter-name>ClickjackFilterSameOrigin</filter-name>
            6. f.                                                                               <url-pattern>/*</url-pattern>

                             </filter-mapping>

            Currently i am using Thingworx 7.3

             

            Still  i am unable to get my thingworx mashup in Iframe.

             

            giving following Error in Console.

             

            Refused to display 'http://localhost:8080/Thingworx/Runtime/index.html#mashup=test&__fromBuilder=93bdc457-ce6b-414d-bd1e-a8c7f760985b' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

            http://localhost:56354/favicon.ico Failed to load resource: the server responded with a status of 404 (Not Found)

             

             

             

             

            In above URL "test" is my mahsup name, What i am doing wrong here. could you please look into issue.

             

             

            Thanks & Regards

            Spandhana.

              • Re: Display Mashups from external Browser
                sdaram-2 Newbie

                Please observer changes done in web.xml

                 

                <web-app xmlns="http://java.sun.com/xml/ns/javaee"

                         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

                         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"

                         version="3.0">

                  <display-name>ThingWorx Platform</display-name>

                  <context-param>

                    <param-name>globalScope</param-name>

                    <param-value>default</param-value>

                  </context-param>

                  <context-param>

                    <param-name>parentContextKey</param-name>

                    <param-value>default.context</param-value>

                  </context-param>

                  <context-param>

                    <param-name>webAppRootKey</param-name>

                    <param-value>/</param-value>

                  </context-param>

                  <context-param>

                    <param-name>log4jConfigLocation</param-name>

                    <param-value>/WEB-INF/log4j.properties</param-value>

                  </context-param>

                  <filter>

                    <description>Sets various HTTP Response Headers in order to increase security, etc.</description>

                    <filter-name>HttpResponseHeadersFilter</filter-name>

                    <filter-class>com.thingworx.security.filter.HttpResponseHeadersFilter</filter-class>

                  </filter>

                  <filter-mapping>

                    <filter-name>HttpResponseHeadersFilter</filter-name>

                    <url-pattern>/*</url-pattern>

                  </filter-mapping>

                  <filter>

                    <description>Prohibits Requests from being processed by a Platform instance that is not the current HA "Leader".</description>

                    <filter-name>ProhibitIfNotLeaderFilter</filter-name>

                    <filter-class>com.thingworx.security.filter.ProhibitIfNotLeaderFilter</filter-class>

                    <init-param>

                      <description><![CDATA[URLs matching this pattern will always be allowed on the current Platform instance, regardless of whether or not that instance is the current HA "Leader". This parameter is useful to identify, for example, URLs related to Platform Administration Services, etc. which should be executable on all Platform instances, not just the current HA "Leader". Please note that this parameter does not yet currently support the full <url-pattern> syntax (as specified by the Servlet Specification). That is, it currently must start with "/" and must end with "/*" (e.g. "/foo/*"), otherwise an exception will be thrown.]]></description>

                      <param-name>url-pattern-allowed-if-not-leader</param-name>

                      <param-value>/Admin/HA/*</param-value>

                    </init-param>

                  </filter>

                  <filter-mapping>

                    <filter-name>ProhibitIfNotLeaderFilter</filter-name>

                    <url-pattern>/*</url-pattern>

                  </filter-mapping>

                  <filter>

                   <filter-name>HAAuthenticationFilter</filter-name>

                   <filter-class>com.thingworx.security.authentication.HAAuthenticationFilter</filter-class>

                  </filter>

                  <filter>

                   <filter-name>AuthenticationFilter</filter-name>

                   <filter-class>com.thingworx.security.authentication.AuthenticationFilter</filter-class>

                   <init-param>

                      <param-name>defaultSessionTimeout</param-name>

                      <param-value>30</param-value>

                   </init-param>

                  </filter>

                  <filter>

                   <filter-name>ValidationFilter</filter-name>

                   <filter-class>com.thingworx.security.filter.ValidationFilter</filter-class>

                  </filter>

                  <filter>

                    <filter-name>ClickjackFilterDeny</filter-name>

                    <filter-class>com.thingworx.security.filter.ClickjackFilter</filter-class>

                    <init-param>

                      <param-name>mode</param-name>

                      <param-value>DENY</param-value>

                    </init-param>

                  </filter>

                  <filter>

                  <filter-name>ClickjackFilterSameOrigin</filter-name>

                  <filter-class>com.thingworx.security.filter.ClickjackFilter</filter-class>

                  <init-param>

                   <param-name>mode</param-name>

                   <param-value>SAMEORIGIN</param-value>

                  </init-param>

                  </filter>

                 

                  <filter>

                    <filter-name>ClickjackFilterWhiteList</filter-name>

                    <filter-class>com.thingworx.security.filter.ClickjackFilter</filter-class>

                    <init-param>

                      <param-name>mode</param-name>

                      <param-value>WHITELIST</param-value>

                    </init-param>  

                    <init-param>

                      <param-name>domains</param-name>

                      <param-value>http://example.com</param-value>

                    </init-param>

                  </filter>

                      

                  <!-- use the Deny version to exclude all framing -->   

                  <!--

                  <filter-mapping>

                    <filter-name>ClickjackFilterDeny</filter-name>

                    <url-pattern>/*</url-pattern>

                  </filter-mapping>

                  -->

                 

                  <!-- use the SameOrigin version to allow your application to frame, but nobody else -->  

                  <!-- spandana

                  <filter-mapping>

                    <filter-name>ClickjackFilterSameOrigin</filter-name>

                    <url-pattern>/*</url-pattern>

                  </filter-mapping>

                   spandana -->

                 

                 

                  <!-- use the WhiteList version to allow framing from specified domains -->

                  <!-- 

                  <filter-mapping>

                    <filter-name>ClickjackFilterWhiteList</filter-name>

                    <url-pattern>/*</url-pattern>

                  </filter-mapping>

                  -->

                 

                  <filter-mapping>

                  <filter-name>AuthenticationFilter</filter-name>

                  <url-pattern>/extensions/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/action-authenticate/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/action-login/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/action-confirm-creds/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/action-change-password/*</url-pattern>

                  </filter-mapping> 

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ThingworxMain.html</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ThingworxMain.html/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Server/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ApplicationKeys/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Networks/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Dashboards/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/DirectoryServices/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Authenticators/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/PersistenceProviderPackages/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/tunnel/wsadapter.jsp</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/tunnel/adapter.jsp</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Logs/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Resources/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Subsystems/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Users/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Home/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/StateDefinitions/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/StyleDefinitions/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ScriptFunctionLibraries/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/AtomFeedService/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/DataShapes/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Importer/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ImageEncoder/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Exporter/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ExportDatabase/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ExportTheme/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ExportDefaultEntities/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ImportDatabase/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/DataExporter/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/DataImporter/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Widgets/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Groups/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ThingPackages/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Things/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ThingTemplates/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/DataAnalysisDefinitions/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ThingShapes/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/DataTags/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ModelTags/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Composer/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Squeal/index.html</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Runtime/index.html</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Mashups/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Menus/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/MediaEntities/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/loaders/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/demos/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/API/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ExtensionPackageUploader/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/ExtensionPackages/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/FileRepositoryUploader/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/FileRepositoryDownloader/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/FileRepositories/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/xmpp/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/LocalizationTables/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Organizations/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/RemoteTunnel/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/WSTunnelClient/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/WSTunnelServer/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/PersistenceProviders/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>AuthenticationFilter</filter-name>

                    <url-pattern>/Projects/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                    <filter-name>ValidationFilter</filter-name>

                    <url-pattern>/*</url-pattern>

                  </filter-mapping>

                  <filter>

                     <filter-name>ContentTypeFilter</filter-name>

                     <filter-class>com.thingworx.security.contenttype.ContentTypeFilter</filter-class>

                  </filter>

                  <filter-mapping>

                      <filter-name>ContentTypeFilter</filter-name>

                      <url-pattern>/*</url-pattern>

                  </filter-mapping>

                  <filter-mapping>

                      <filter-name>HAAuthenticationFilter</filter-name>

                      <url-pattern>/Admin/HA/*</url-pattern>

                  </filter-mapping>

                 

                 

                  <listener>

                    <listener-class>com.thingworx.system.ThingWorxBootstrapper</listener-class>

                <!--  To be enabled if you wish to use JMX to monitor ThingWorx

                    <listener-class>com.thingworx.instrumentation.ThingWorxServerMBeanContextListener</listener-class>

                -->

                  </listener>

                  <servlet>

                    <servlet-name>ClusteringStatus</servlet-name>

                    <servlet-class>com.thingworx.webservices.ClusteringStatus</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>LeaderCheck</servlet-name>

                    <servlet-class>com.thingworx.webservices.LeaderStatus</servlet-class>

                  </servlet>

                 

                 

                  <servlet-mapping>

                    <servlet-name>LeaderCheck</servlet-name>

                    <url-pattern>/Admin/HA/LeaderCheck/*</url-pattern>

                  </servlet-mapping>

                 

                 

                  <servlet-mapping>

                    <servlet-name>ClusteringStatus</servlet-name>

                    <url-pattern>/Admin/HA/ClusteringStatus/*</url-pattern>

                  </servlet-mapping>

                 

                  <servlet>

                    <servlet-name>Things</servlet-name>

                    <servlet-class>com.thingworx.webservices.Things</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ThingTemplates</servlet-name>

                    <servlet-class>com.thingworx.webservices.ThingTemplates</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>DataAnalysisDefinitions</servlet-name>

                    <servlet-class>com.thingworx.webservices.DataAnalysisDefinitions</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ApplicationKeys</servlet-name>

                    <servlet-class>com.thingworx.webservices.ApplicationKeys</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Networks</servlet-name>

                    <servlet-class>com.thingworx.webservices.Networks</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>DirectoryServices</servlet-name>

                    <servlet-class>com.thingworx.webservices.DirectoryServices</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Authenticators</servlet-name>

                    <servlet-class>com.thingworx.webservices.Authenticators</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Logs</servlet-name>

                    <servlet-class>com.thingworx.webservices.Logs</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Resources</servlet-name>

                    <servlet-class>com.thingworx.webservices.Resources</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Subsystems</servlet-name>

                    <servlet-class>com.thingworx.webservices.Subsystems</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Dashboards</servlet-name>

                    <servlet-class>com.thingworx.webservices.Dashboards</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>LocalizationTables</servlet-name>

                    <servlet-class>com.thingworx.webservices.LocalizationTables</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Organizations</servlet-name>

                    <servlet-class>com.thingworx.webservices.Organizations</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Users</servlet-name>

                    <servlet-class>com.thingworx.webservices.Users</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Home</servlet-name>

                    <servlet-class>com.thingworx.webservices.Home</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Mashups</servlet-name>

                    <servlet-class>com.thingworx.webservices.Mashups</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Menus</servlet-name>

                    <servlet-class>com.thingworx.webservices.Menus</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>MediaEntities</servlet-name>

                    <servlet-class>com.thingworx.webservices.MediaEntities</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Widgets</servlet-name>

                    <servlet-class>com.thingworx.webservices.Widgets</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ScriptFunctionLibraries</servlet-name>

                    <servlet-class>com.thingworx.webservices.ScriptFunctionLibraries</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>StyleDefinitions</servlet-name>

                    <servlet-class>com.thingworx.webservices.StyleDefinitions</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>StateDefinitions</servlet-name>

                    <servlet-class>com.thingworx.webservices.StateDefinitions</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ThingPackages</servlet-name>

                    <servlet-class>com.thingworx.webservices.ThingPackages</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>PersistenceProviderPackages</servlet-name>

                    <servlet-class>com.thingworx.webservices.PersistenceProviderPackages</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Server</servlet-name>

                    <servlet-class>com.thingworx.webservices.Server</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>DataShapes</servlet-name>

                    <servlet-class>com.thingworx.webservices.DataShapes</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ThingShapes</servlet-name>

                    <servlet-class>com.thingworx.webservices.ThingShapes</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Groups</servlet-name>

                    <servlet-class>com.thingworx.webservices.Groups</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>DataTags</servlet-name>

                    <servlet-class>com.thingworx.webservices.DataTags</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ModelTags</servlet-name>

                    <servlet-class>com.thingworx.webservices.ModelTags</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Importer</servlet-name>

                    <servlet-class>com.thingworx.webservices.Importer</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Exporter</servlet-name>

                    <servlet-class>com.thingworx.webservices.Exporter</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ExportDatabase</servlet-name>

                    <servlet-class>com.thingworx.webservices.ExportDatabase</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ExportTheme</servlet-name>

                    <servlet-class>com.thingworx.webservices.ExportTheme</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ExportDefaultEntities</servlet-name>

                    <servlet-class>com.thingworx.webservices.ExportDefaultEntities</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ImportDatabase</servlet-name>

                    <servlet-class>com.thingworx.webservices.ImportDatabase</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>DataImporter</servlet-name>

                    <servlet-class>com.thingworx.webservices.DataImporter</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>DataExporter</servlet-name>

                    <servlet-class>com.thingworx.webservices.DataExporter</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ImageEncoder</servlet-name>

                    <servlet-class>com.thingworx.webservices.ImageEncoder</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>AtomFeedService</servlet-name>

                    <servlet-class>com.thingworx.webservices.AtomFeedService</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ExtensionPackageUploader</servlet-name>

                    <servlet-class>com.thingworx.webservices.ExtensionPackageUploader</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>ExtensionPackages</servlet-name>

                    <servlet-class>com.thingworx.webservices.ExtensionPackages</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>FileRepositoryUploader</servlet-name>

                    <servlet-class>com.thingworx.webservices.FileRepositoryUploader</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>FileRepositoryDownloader</servlet-name>

                    <servlet-class>com.thingworx.webservices.FileRepositoryDownloader</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>FileRepositories</servlet-name>

                    <servlet-class>com.thingworx.webservices.FileRepositories</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>AvatarViewer</servlet-name>

                    <servlet-class>com.thingworx.webservices.AvatarViewer</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>OrganizationLogoViewer</servlet-name>

                    <servlet-class>com.thingworx.webservices.OrganizationLogoViewer</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>FormLogin</servlet-name>

                    <jsp-file>/login/FormLogin.jsp</jsp-file>

                  </servlet>

                  <servlet>

                    <servlet-name>ResetPassword</servlet-name>

                    <jsp-file>/login/ResetPassword.jsp</jsp-file>

                  </servlet>

                  <servlet>

                    <servlet-name>ConfirmCredentials</servlet-name>

                    <jsp-file>/login/ConfirmCredentials.jsp</jsp-file>

                  </servlet>

                  <servlet>

                    <servlet-name>PersistenceProviders</servlet-name>

                    <servlet-class>com.thingworx.webservices.PersistenceProviders</servlet-class>

                  </servlet>

                  <servlet>

                    <servlet-name>Projects</servlet-name>

                    <servlet-class>com.thingworx.webservices.Projects</servlet-class>

                  </servlet>

                  <servlet-mapping>

                    <servlet-name>ExtensionPackageUploader</servlet-name>

                    <url-pattern>/ExtensionPackageUploader/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ExtensionPackages</servlet-name>

                    <url-pattern>/ExtensionPackages/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Server</servlet-name>

                    <url-pattern>/Server/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Mashups</servlet-name>

                    <url-pattern>/Mashups/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Dashboards</servlet-name>

                    <url-pattern>/Dashboards/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Menus</servlet-name>

                    <url-pattern>/Menus/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>MediaEntities</servlet-name>

                    <url-pattern>/MediaEntities/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Widgets</servlet-name>

                    <url-pattern>/Widgets/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>StateDefinitions</servlet-name>

                    <url-pattern>/StateDefinitions/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>StyleDefinitions</servlet-name>

                    <url-pattern>/StyleDefinitions/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ScriptFunctionLibraries</servlet-name>

                    <url-pattern>/ScriptFunctionLibraries/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ApplicationKeys</servlet-name>

                    <url-pattern>/ApplicationKeys/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Networks</servlet-name>

                    <url-pattern>/Networks/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>DirectoryServices</servlet-name>

                    <url-pattern>/DirectoryServices/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Authenticators</servlet-name>

                    <url-pattern>/Authenticators/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Logs</servlet-name>

                    <url-pattern>/Logs/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Resources</servlet-name>

                    <url-pattern>/Resources/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Subsystems</servlet-name>

                    <url-pattern>/Subsystems/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Users</servlet-name>

                    <url-pattern>/Users/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Home</servlet-name>

                    <url-pattern>/Home/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>LocalizationTables</servlet-name>

                    <url-pattern>/LocalizationTables/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Organizations</servlet-name>

                    <url-pattern>/Organizations/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Things</servlet-name>

                    <url-pattern>/Things/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ThingTemplates</servlet-name>

                    <url-pattern>/ThingTemplates/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>DataAnalysisDefinitions</servlet-name>

                    <url-pattern>/DataAnalysisDefinitions/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ThingPackages</servlet-name>

                    <url-pattern>/ThingPackages/*</url-pattern>

                  </servlet-mapping>

                    <servlet-mapping>

                    <servlet-name>PersistenceProviderPackages</servlet-name>

                    <url-pattern>/PersistenceProviderPackages/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>DataShapes</servlet-name>

                    <url-pattern>/DataShapes/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ThingShapes</servlet-name>

                    <url-pattern>/ThingShapes/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Groups</servlet-name>

                    <url-pattern>/Groups/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>DataTags</servlet-name>

                    <url-pattern>/DataTags/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ModelTags</servlet-name>

                    <url-pattern>/ModelTags/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>AtomFeedService</servlet-name>

                    <url-pattern>/AtomFeedService/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Importer</servlet-name>

                    <url-pattern>/Importer</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Exporter</servlet-name>

                    <url-pattern>/Exporter/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ExportDatabase</servlet-name>

                    <url-pattern>/ExportDatabase/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ExportTheme</servlet-name>

                    <url-pattern>/ExportTheme/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ExportDefaultEntities</servlet-name>

                    <url-pattern>/ExportDefaultEntities/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ImportDatabase</servlet-name>

                    <url-pattern>/ImportDatabase/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>DataImporter</servlet-name>

                    <url-pattern>/DataImporter</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>DataExporter</servlet-name>

                    <url-pattern>/DataExporter/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ImageEncoder</servlet-name>

                    <url-pattern>/ImageEncoder</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>FileRepositoryUploader</servlet-name>

                    <url-pattern>/FileRepositoryUploader/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>FileRepositoryDownloader</servlet-name>

                    <url-pattern>/FileRepositoryDownloader/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>FileRepositories</servlet-name>

                    <url-pattern>/FileRepositories/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>AvatarViewer</servlet-name>

                    <url-pattern>/AvatarViewer/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>OrganizationLogoViewer</servlet-name>

                    <url-pattern>/OrganizationLogoViewer/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>FormLogin</servlet-name>

                    <url-pattern>/FormLogin/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ResetPassword</servlet-name>

                    <url-pattern>/FormLogin/reset/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>ConfirmCredentials</servlet-name>

                    <url-pattern>/FormLogin/confirm/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>PersistenceProviders</servlet-name>

                    <url-pattern>/PersistenceProviders/*</url-pattern>

                  </servlet-mapping>

                  <servlet-mapping>

                    <servlet-name>Projects</servlet-name>

                    <url-pattern>/Projects/*</url-pattern>

                  </servlet-mapping>

                  <welcome-file-list>

                    <welcome-file>index.htm</welcome-file>

                    <welcome-file>index.html</welcome-file>

                  </welcome-file-list>

                  <security-constraint>

                    <web-resource-collection>

                      <web-resource-name>Forbidden</web-resource-name>

                      <url-pattern>/WEB-INF/*</url-pattern>

                    </web-resource-collection>

                    <auth-constraint/>

                  </security-constraint>

                  <security-constraint>

                    <web-resource-collection>

                      <web-resource-name>Forbidden</web-resource-name>

                      <url-pattern>/persistence/*</url-pattern>

                    </web-resource-collection>

                    <auth-constraint/>

                  </security-constraint>

                  <security-constraint>

                    <web-resource-collection>

                      <web-resource-name>Forbidden</web-resource-name>

                      <url-pattern>/streams/*</url-pattern>

                    </web-resource-collection>

                    <auth-constraint/>

                  </security-constraint>

                </web-app>

            • Re: Display Mashups from external Browser
              sdaram-2 Newbie

              My Issue Got Resolved. I am able to Display Thingworx Mashup in Iframe Control of my Webpage.

               

              Steps I have done

               

              1) I have followed below step mentioned in Release notes.

               

              Description

              Required Steps

              Remove all clickjacking protection

              1. a. Locate the following section of code in the web.xml and comment it out:
              2. b. <!-- use the SameOrigin version to allow your
              3. c. application to frame, but nobody else -->
              4. d. <filter-mapping>
              5. e.                                                                               <filter-name>ClickjackFilterSameOrigin</filter-name>
              6. f.                                                                               <url-pattern>/*</url-pattern>

                               </filter-mapping>

              Currently i am using Thingworx 7.3

               

               

              2)

              <iframe id="if1" width="500" height="390" style="visibility:visible" src="http://localhost:8080/Thingworx/Mashups/PGCGraph? appKey=0f4b4662-7d09-46c3-a766-bbbcfa73ad99&x-thingworx-session=true">

              </iframe>

               

              Mashup URL I am giving like this

               

              http://localhost:8080/Thingworx/Mashups/PGCGraph? appKey=0f4b4662-7d09-46c3-a766-bbbcfa73ad99&x-thingworx-session=true

               

               

              here PGCGraph is Mashup Name.

               

              I have Created User (Example:User123) and I Have created Appkey( 0f4b4662-7d09-46c3-a766-bbbcfa73ad99) and assigned created user (User123 to appkey.)

               

              3)For Mashup i have assigned user in Design Time and Run time Permission.

               

               

              With above steps i am able to get my mashup in iframe.

               

               

              Thanks

              Spandhana Daram