WebWAR ac 3 ag 3 ap 3 contextClass com.appiancorp.common.spring.SelectiveOrderedXmlWebApplicationContext contextConfigLocation /WEB-INF/conf/**/spring-*.xml contextInitializerClasses com.appiancorp.common.spring.ApplicationContextBeanFactoryInitializer driver-config WEB-INF/conf/process/rdbms/driver-config.xml file WEB-INF/config.xml,WEB-INF/conf/config-*.xml sessionFailoverFilter com.appiancorp.security.web.SessionFailoverFilter domainFilter com.appiancorp.security.web.DomainFilter userAgentFilter com.appiancorp.common.web.UserAgentFilter mobileAuthContextFilter com.appiancorp.security.auth.mobile.MobileAuthContextFilter mobileLandingPageFilter com.appiancorp.ap2.MobileLandingPageFilter authProviderFilter com.appiancorp.security.auth.AuthProviderFilter maintWindowHeaderFilter org.springframework.web.filter.DelegatingFilterProxy emailRenderingAuthFilter org.springframework.web.filter.DelegatingFilterProxy authenticationLoggingFilter com.appiancorp.security.auth.logging.AuthenticationLoggingFilter corsFilter com.appiancorp.security.cors.CorsFilter encodingFilter org.springframework.web.filter.DelegatingFilterProxy encoding UTF-8 httpMethodOverrideFilter com.appiancorp.common.web.HttpMethodOverrideFilter nullByte com.appiancorp.ap2.NullByteInjectionFilter ClassParamFilter com.appiancorp.security.appianwebmvc.ClassParamFilter excludeParams (.*\.|^|.*|\[('|"))(c|C)lass(\.|('|")]|\[).* environment com.appiancorp.ap2.environment.EnvironmentFilter wrap com.appiancorp.ap2.WrapFilter exclude-url-patterns /**/process_modeler_node_recommendation.weights,/**/process_modeler_node_recommendation.json,/api/**,/saml/**,/webapi/**,/oauth/**,/oidc/callback/**,/oauth/authorize/**,/piee/callback/**,/authorization/oauth/**,/clientapi/**,/portals/clientapi/**,/devops-infrastructure/**,/healthz,/self-test,/self-test/**,/internal/webapi/**,/rest/**,/s/**,/plugins/servlet/stateless/**,/**/*.gif,/**/*.png,/**/*.jpg,/**/*.jpeg,/**/*.ico,/**/*.eot,/**/*.woff,/**/*.woff2,/**/*.ttf,/**/*.svg,/**/*.htc,/rpa/**,/deployment-management/**,/connected-system-management/**, /cloud-database-management/** appianSecurityHeadersFilter com.appiancorp.security.headers.AppianSecurityHeadersFilter frameOptionsFilter com.appiancorp.security.web.FrameOptionsFilter springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy sessionJvmRouteModificationFilter org.springframework.web.filter.DelegatingFilterProxy cspFilter org.springframework.web.filter.DelegatingFilterProxy targetFilterLifecycle true configPath /WEB-INF/conf/security/csp/CspConfiguration.json dynamicConfigPath /WEB-INF/conf/security/csp/DynamicCspConfiguration.json staticConfigPath /WEB-INF/conf/security/csp/StaticCspConfiguration.json xssFilter com.appiancorp.security.xss.XssFilter authenticationStatusHeaderFilter com.appiancorp.security.auth.AuthenticationStatusHeaderFilter tracingUserUuidFilter org.springframework.web.filter.DelegatingFilterProxy UrlRewriteFilter org.tuckey.web.filters.urlrewrite.UrlRewriteFilter WhitelistPortal com.appiancorp.security.web.AppsPortalVisibilityFilter allowedUrlsPath /WEB-INF/conf/security/uri/portal-allowedUrls.txt designerAllowedUrlsPath /WEB-INF/conf/security/uri/portal-designerAllowedUrls.txt WhitelistUrlRewriteFilter org.tuckey.web.filters.urlrewrite.UrlRewriteFilter confPath /WEB-INF/conf/security/uri/whitelist-urlrewrite.xml background com.appiancorp.asi.components.common.BackgroundFilter sitemesh com.appiancorp.ap2.PageFilter contentFilter com.appiancorp.ap2.ContentFilter mfaVerificationCodeFilter com.appiancorp.security.auth.mfa.MfaVerificationCodeFilter forceSetPasswordFilter com.appiancorp.security.auth.ForceSetPasswordFilter ssoRedirectFilter org.springframework.web.filter.DelegatingFilterProxy signInLinksRedirectFilter org.springframework.web.filter.DelegatingFilterProxy filter-plugin-dispatcher-before-dispatch-request com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter location before-dispatch dispatcher REQUEST filter-plugin-dispatcher-before-dispatch-forward com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter location before-dispatch dispatcher FORWARD filter-plugin-dispatcher-before-dispatch-include com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter location before-dispatch dispatcher INCLUDE filter-plugin-dispatcher-before-dispatch-error com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter location before-dispatch dispatcher ERROR nav com.appiancorp.ap2.NavigationFilter entry com.appiancorp.ap2.EntryFilter compress com.appiancorp.ap2.CompressionFilter rest-timer com.appiancorp.tempo.util.PerformanceLogFilter local-request com.appiancorp.common.web.ThreadLocalRequestFilter feed-gzip com.appiancorp.tempo.util.CompressionFilter listingsServletFilter org.springframework.web.filter.DelegatingFilterProxy JsonRpcFilter com.appiancorp.security.jsonrpc.JsonRpcFilter httpStrictTransportSecurityFilter com.appiancorp.common.web.HttpStrictTransportSecurityFilter gifImageFilter com.appiancorp.common.web.GifImageFilter deployment-management-servlet-filter com.appiancorp.designdeploymentsapi.DeploymentManagementServletFilter httpResponseMetricsFilter com.appiancorp.monitoring.prometheus.HttpResponseMetricsFilter appianTracingFilter org.springframework.web.filter.DelegatingFilterProxy webApiLogbookFilter com.appiancorp.webapi.logging.WebApiLogbookFilter webAssetMonitorFilter org.springframework.web.filter.DelegatingFilterProxy portalSymmetricKeyRequestLogFilter com.appiancorp.portals.loggingFilter.PortalSymmetricKeyLogFilter measureStartupRequestFilter com.appiancorp.common.web.MeasureStartupRequestFilter appianTracingFilter /rest/a/* /webapi/* httpResponseMetricsFilter /* httpStrictTransportSecurityFilter /* encodingFilter /* nullByte /* sessionFailoverFilter /* ClassParamFilter *.bg ClassParamFilter *.none ClassParamFilter *.frameset ClassParamFilter *.admin ClassParamFilter *.popup ClassParamFilter *.layer ClassParamFilter *.do ClassParamFilter /process/forms/internal/task.pdf ClassParamFilter /process/forms/internal/process.pdf ClassParamFilter *.preview ClassParamFilter *.print ClassParamFilter *.simplepopup compress /portal/js/constants.jsp portalSymmetricKeyRequestLogFilter /rest/a/portal-keys/* local-request /* environment /* domainFilter /* userAgentFilter /* authProviderFilter /* mobileAuthContextFilter /* mobileLandingPageFilter /tempo/* /sites/* authenticationLoggingFilter /* maintWindowHeaderFilter /* emailRenderingAuthFilter /ntf/emailHtml/* emailRenderingAuthFilter /ntf/modernEmailHtml/* corsFilter /* httpMethodOverrideFilter /* appianSecurityHeadersFilter /* frameOptionsFilter /* cspFilter /* springSecurityFilterChain /* sessionJvmRouteModificationFilter /* xssFilter /* authenticationStatusHeaderFilter /* tracingUserUuidFilter /rest/a/* mfaVerificationCodeFilter /* forceSetPasswordFilter /* ssoRedirectFilter /admin/page/oidc/ /admin/page/oidc /admin/page/saml/ /admin/page/saml /admin/page/piee/ /admin/page/piee signInLinksRedirectFilter /admin/page/signin-page-links/ /admin/page/signin-page-links webApiLogbookFilter /webapi/* wrap /* gifImageFilter *.gif gifImageFilter *.svg rest-timer /api/* rest-timer /rest/* rest-timer /s/* feed-gzip /api/feed/* UrlRewriteFilter /* background *.bg WhitelistUrlRewriteFilter /* REQUEST FORWARD WhitelistPortal /* contentFilter /knowledge/SearchContent.do contentFilter /knowledge/SearchContent.bg contentFilter /contents/GetContent.do contentFilter /contents/GetContent.bg contentFilter /knowledge/getDocument.do contentFilter /knowledge/getDocument.bg contentFilter /knowledge/GetDocument.do contentFilter /knowledge/GetDocument.bg sitemesh /ntf/emailHtml/* sitemesh /ntf/modernEmailHtml/* sitemesh /collaboration/start/* sitemesh /personalization/* sitemesh /analytics/* sitemesh /portalreport.do sitemesh /queryRule.do sitemesh /dataStore.do sitemesh /admin/workingHours.do sitemesh /forums/* sitemesh /webservices/* sitemesh /process/* sitemesh /knowledge/* sitemesh /tempo/* sitemesh /design/* sitemesh /rules/* sitemesh /contents/* sitemesh /components/grid/* sitemesh /components/search/* sitemesh /components/hierarchy/* sitemesh /components/picker2/* sitemesh /components/dialogs/* sitemesh /portal/* sitemesh /admin/* sitemesh /applications/* sitemesh /plugins/* sitemesh /portal.do sitemesh /portal.bg sitemesh /portal.admin sitemesh /register.popup sitemesh /userdetail_pop.popup nav *.do nav *.bg nav *.none listingsServletFilter /logs/* listingsServletFilter /shared-logs/* listingsServletFilter /shared-logs filter-plugin-dispatcher-before-dispatch-request /* REQUEST filter-plugin-dispatcher-before-dispatch-forward /* FORWARD filter-plugin-dispatcher-before-dispatch-include /* INCLUDE filter-plugin-dispatcher-before-dispatch-error /* ERROR JsonRpcFilter /JSON-RPC deployment-management-servlet-filter /deployment-management/* webAssetMonitorFilter /* entry /* com.appiancorp.common.logging.ConfigureLog4j com.appiancorp.common.startup.WaitForStatefulComponentsListener com.appiancorp.common.web.HttpSessionCreateLogger com.appiancorp.rdbms.config.PrimaryDataSourceShutdown com.appiancorp.common.StartupContextListener com.appiancorp.common.ServerBootstrapEvaluationEnvironmentContextListener com.appiancorp.common.initialize.PluginObjectStorageMigrationListener com.appiancorp.common.initialize.EnableAccdocsObjectStorageListener com.appiancorp.common.initialize.LoadLegacySystemObjectsListener com.appiancorp.common.AppianSpringContextLoaderListener com.appiancorp.common.startup.WebsocketHandlerRegistrationListener com.appiancorp.common.config.ConfigurationLoader com.appiancorp.common.startup.RedissonClientLoader com.appiancorp.portal.persistence.PortalStartupListener com.appiancorp.portal.alerting.EmailErrorAlertStartupListener com.appiancorp.plugins.PluginLoader com.appiancorp.applications.BundledApplicationsLoader com.appiancorp.common.event.HttpSessionListenerImpl org.springframework.security.web.session.HttpSessionEventPublisher org.springframework.web.context.request.RequestContextListener com.appiancorp.rpa.user.OnStartupRpaUserSyncer com.appiancorp.object.remote.aiskill.OnStartupCrossRegionApplier com.appiancorp.security.auth.phpmyadmin.PhpMyAdminSessionListener com.appiancorp.security.auth.CookieConfigurationContextListener com.appiancorp.process.workpoller.UnattendedRequestPollerLoader com.appiancorp.process.jms.JmsProcessIntegrationLoader com.appiancorp.process.emailpoller.EmailPollerLoader com.twelvemonkeys.servlet.image.IIOProviderContextListener com.appiancorp.common.JacksonDefaultsOverride com.appiancorp.common.initialize.InitializeEPEx portalLogsServlet org.springframework.web.servlet.DispatcherServlet contextConfigLocation /WEB-INF/conf/portals/portalLogsServlet-servlet.xml portalLogsServlet /portals/logging/* siteLogsServlet org.springframework.web.servlet.DispatcherServlet contextConfigLocation /WEB-INF/conf/sites/siteLogsServlet-servlet.xml siteLogsServlet /sites-monitoring/logging/* connectedSystemsAPIServlet org.springframework.web.servlet.DispatcherServlet contextConfigLocation /WEB-INF/conf/connected-systems/connectedSystemsAPIServlet-servlet.xml throwExceptionIfNoHandlerFound true connectedSystemsAPIServlet /connected-system-management/* edpApiServlet org.springframework.web.servlet.DispatcherServlet contextConfigLocation /WEB-INF/conf/edp/edpApiServlet-servlet.xml throwExceptionIfNoHandlerFound true edpApiServlet /cloud-database-management/* cors-servlet com.appiancorp.security.cors.CorsServlet webapi-servlet com.appiancorp.webapi.WebApiServlet deployment-management-servlet com.appiancorp.designdeploymentsapi.DeploymentManagementServlet clientapi-servlet com.appiancorp.clientapi.ClientApiServlet portals-clientapi-servlet com.appiancorp.clientapi.PortalsClientApiServlet appianRpaRequestHandler org.springframework.web.context.support.HttpRequestHandlerServlet appianRpaLoginRequestHandler org.springframework.web.context.support.HttpRequestHandlerServlet deployment-management-servlet /deployment-management/* phpMyAdminAuthenticatorRequestHandler org.springframework.web.context.support.HttpRequestHandlerServlet forgotpassword-servlet com.appiancorp.security.auth.forgotpassword.ForgotPasswordRequestServlet saml-test-servlet com.appiancorp.security.auth.saml.SamlTestServlet saml-logout-servlet com.appiancorp.security.auth.saml.SamlLogoutServlet oauth-servlet com.appiancorp.connectedsystems.http.oauth.OAuthServlet oidc-test-servlet com.appiancorp.security.auth.oidc.test.OidcTestServlet oAuthTokenEndpointServlet org.springframework.web.context.support.HttpRequestHandlerServlet oAuthAuthCodeEndpointServlet org.springframework.web.context.support.HttpRequestHandlerServlet mobile-auth-redirect-servlet com.appiancorp.security.auth.mobile.MobileAuthRedirectServlet ce-servlet com.appiancorp.connectedenvironments.ConnectedEnvironmentsServlet plugin-servlet com.atlassian.plugin.servlet.ServletModuleContainerServlet login-page com.appiancorp.ap2.LoginPageServlet file-server com.appiancorp.plugins.servlet.FileServerServlet 4 init-email-ntf-request com.appiancorp.ap2.ns.InitEmailNtfRequest 2 action com.appiancorp.common.appianwebmvc.AppianWebMvcActionServlet chainConfig com/appiancorp/web/framework/layouts/chain/chain-config.xml detail 2 2 suggest com.appiancorp.asi.components.autocomplete.SuggestServlet 8 suggestDesignObjects com.appiancorp.asi.components.autocomplete.SuggestDesignObjectsServlet 8 intuitiveurl com.appiancorp.ap2.IntuitiveUrlServlet 8 intuitiveurlpermanentredirect com.appiancorp.ap2.IntuitiveUrlPermanentRedirectServlet 8 dataStoreServlet com.appiancorp.gwt.datastore.server.DataStoreRPCServiceImpl remoteLogging com.appiancorp.common.logging.GWTRemoteLoggingService queryRulesServlet com.appiancorp.gwt.queryrule.server.QueryRulesRpcServiceImpl tempoSvcServlet com.appiancorp.gwt.tempo.server.TempoRpcServiceImpl environmenturl com.appiancorp.ap2.environment.EnvironmentUrlServlet 8 download com.appiancorp.km.servlet.Download 4 downloadfromurl com.appiancorp.ac.servlet.DownloadFromUrl 7 pmws com.appiancorp.process.webservices.pmserver.PMServlet com.appiancorp.jsonrpc.JSONRPCServlet com.appiancorp.jsonrpc.JSONRPCServlet webpart com.appiancorp.sharepoint.webpart.WebPartServlet SecretKey THE_SECRET_KEY_VALUE tempo-user-servlet com.appiancorp.tempo.api.UserInfoServlet tempo-icon-servlet com.appiancorp.tempo.api.IconServlet tempo-approve-inline com.appiancorp.tempo.api.ApproveInlineTaskServlet tempo-groups-servlet com.appiancorp.tempo.api.TempoGroupsServlet tempo-open-a-case-servlet com.appiancorp.tempo.api.OpenACaseServlet tempo-subscription-servlet com.appiancorp.tempo.api.SubscriptionServlet tempo-favorite-servlet com.appiancorp.tempo.api.FavoriteServlet tempo-file-servlet com.appiancorp.tempo.api.FileServlet tempo-upload-servlet com.appiancorp.tempo.api.UploadServlet tempo-upload-servlet-encrypted com.appiancorp.tempo.api.EncryptedUploadServlet embedded-redirect-servlet com.appiancorp.embedded.http.RedirectServlet dblogin com.appiancorp.security.auth.phpmyadmin.PhpMyAdminLoginServlet listings com.appiancorp.tomcat.logs.LogsServlet debug 0 listings true sortListings true sortDirectoriesFirst true office-integrations-servlet com.appiancorp.ws.office.OfficeIntegrationServlet wopi com.appiancorp.ws.office.WopiHostServlet wopi /wopi /wopi/ /wopi/* self-test com.appiancorp.selftest.SelfTestServlet com.appiancorp.common.monitoring.AppianMetricsListener healthcheck com.appiancorp.common.healthcheck.HealthcheckServlet healthcheck /healthz keepalive com.appiancorp.common.keepalive.KeepAliveServlet keepalive /keep-alive self-test /self-test self-test /self-test/* phpMyAdminAuthenticatorRequestHandler /dbauth webapi-servlet /webapi/* clientapi-servlet /clientapi/* portals-clientapi-servlet /portals/clientapi/* appianRpaRequestHandler /rpa/* appianRpaLoginRequestHandler /rpalogin oauth-servlet /oauth/* oAuthTokenEndpointServlet /authorization/oauth/token /authorization/oauth/token/ oAuthAuthCodeEndpointServlet /oauth/authorize/* /oauth/authorize/ mobile-auth-redirect-servlet /mobileAuthSuccessHandler/* ce-servlet /devops-infrastructure/* forgotpassword-servlet /forgotpasswordrequest saml-test-servlet /saml/AssertionConsumer saml-logout-servlet /saml/LogoutConsumer oidc-test-servlet /oidc/callback webapi-servlet /internal/webapi/* cors-servlet /cors cors-servlet /cors/ping cors-servlet /cors/wc webpart /webpart/* plugin-servlet /plugins/servlet/* file-server /download/* com.appiancorp.jsonrpc.JSONRPCServlet /JSON-RPC pmws /webservice/processmodel/* suggest /suggest/* suggestDesignObjects /suggestDesignObjects/* remoteLogging /tempo/remote_logging dataStoreServlet /masterapp/datastore queryRulesServlet /masterapp/queryRule tempoSvcServlet /tempo/tempoSvc environmenturl /apps/* environmenturl /designer/* intuitiveurl /content/* intuitiveurl /thread/* intuitiveurl /forum/* intuitiveurl /user/* intuitiveurl /group/* intuitiveurl /page/* intuitiveurlpermanentredirect /proc/* intuitiveurl /report/* intuitiveurl /task/* intuitiveurlpermanentredirect /model/* login-page /portal/loginPage action *.bg init-email-ntf-request /portal/initEmailNtfRequest.none action *.none action *.frameset action *.admin action *.popup action *.layer action *.do action /process/forms/internal/task.pdf action /process/forms/internal/process.pdf action *.preview action *.print action *.simplepopup download /collaboration/download download /knowledge/download downloadfromurl /doc/* tempo-user-servlet /api/user/* tempo-icon-servlet /api/icon/* tempo-groups-servlet /api/groups/* tempo-approve-inline /api/tempo/approveinline/* tempo-open-a-case-servlet /api/tempo/open-a-case/* tempo-subscription-servlet /api/tempo/subscription/* tempo-favorite-servlet /api/tempo/favorite/* tempo-file-servlet /api/tempo/file/* tempo-upload-servlet /tempo/file-web/* tempo-upload-servlet-encrypted /tempo/file-web-encrypt/* embedded-redirect-servlet /embedded/redirect dblogin /dblogin listings /logs listings /logs/* listings /shared-logs listings /shared-logs/* office-integrations-servlet /integrations/office/* 65 true COOKIE png image/png ico image/x-icon htc text/x-component log text/plain 400 /framework/error/genericerror.jsp 401 /framework/error/genericerror.jsp 402 /framework/error/genericerror.jsp 403 /framework/error/genericerror.jsp 404 /framework/error/genericerror.jsp 405 /framework/error/genericerror.jsp 406 /framework/error/genericerror.jsp 407 /framework/error/genericerror.jsp 408 /framework/error/genericerror.jsp 409 /framework/error/genericerror.jsp 410 /framework/error/genericerror.jsp 411 /framework/error/genericerror.jsp 412 /framework/error/genericerror.jsp 413 /framework/error/genericerror.jsp 414 /framework/error/genericerror.jsp 415 /framework/error/genericerror.jsp 416 /framework/error/genericerror.jsp 417 /framework/error/genericerror.jsp 418 /framework/error/genericerror.jsp 419 /framework/error/genericerror.jsp 422 /framework/error/genericerror.jsp 423 /framework/error/genericerror.jsp 424 /framework/error/genericerror.jsp 426 /framework/error/genericerror.jsp 428 /framework/error/genericerror.jsp 429 /framework/error/genericerror.jsp 431 /framework/error/genericerror.jsp 500 /framework/error/genericerror.jsp *.jsp true APIs Web APIs /api/* /webapi/* /internal/webapi/* /deployment-management/* /rest/* /plugins/servlet/stateless/* /metrics/* /clientapi/* /portals/clientapi/* /portals/logging/* /sites-monitoring/logging/* /authorization/oauth/token /authorization/oauth/token/ /oauth/authorize /oauth/authorize/ GET POST PUT DELETE HEAD OPTIONS Endpoints accessible through PATCH Patch APIs /plugins/servlet/stateless/* /webapi/* /connected-system-management/* /cloud-database-management/* PATCH Restrict unsafe HTTP methods All Restrict unsafe HTTP methods /* DELETE PUT By not defining any role-names, we disallow anyone from using the http-methods defined above Restrict TRACE HTTP method restricted methods Prevent TRACE HTTP method /* TRACE