Configuration files

The following configuration files are processed by map.apps:

  • WEB-INF/classes/ (DO NOT EDIT)
    This file contains all configuration options of map.apps with their default values.

  • WEB-INF/classes/
    If a change to the working directory ( is required, the change has to be made in this file. Any further changes have to be made in the following file.

  • []/
    Make changes to the configuration by editing this file.
    The default working directory ( of map.apps is ${user.home}/.mapapps. The file is not created automatically, so the file WEB-INF/classes/ can be used as a template. Only leave the settings in the file that are changed.

The format of the configuration files must correspond to the Java Properties file format .

Sample Java Properties file
# The files have to be UTF-8 encoded, otherwise special characters can lead to errors.
# A safe method is to use Unicode syntax, for example รค = \u00E4 (see

# comments use the hash sign

# the syntax is:
key = value

# a value can reference another key
key1 = http://${key.with.server}/test

If the property is enabled, any changes of the file ${}/ triggers an internal reloading of the application settings. Changes of other configuration files are considered, too. Invalid settings might prevent a successful internal reload. A manual restart of the web application is required to repair this failure.

If the property is disabled, restarting the web application is necessary (you might also restart the Tomcat server).

Configuration parameters

This section describes the parameters that most often need to be changed in a standard installation. Further parameters are described in comments in the file WEB-INF/classes/

This parameter defines the working directory in which map.apps data is stored locally. The default value is$\{user.home\}/.mapapps. In case the Tomcat server is running as a Windows service, the .mapapps directory is located in the user directory of the Tomcat user who started the service. Path separators must be specified as either / or \\.

Tomcat User
If no Tomcat user is created, the Tomcat server runs with the system user (not recommended). In this case the directory is created under the following path: C:/Windows/System32/config/systemprofile/.mapapps.

A divergent map.apps data directory can be configured in the file WEB-INF/classes/

This parameter enables monitoring of the ${}/ file. This allows configuration settings to be changed without restarting the web application. The default value is true. The configuration file must be present when the web application is started so that it can be monitored.


map.apps supports German and English in the user interface by default. The language setting of the browser is recognized and map.apps is started in the corresponding language. If the language in the browser is neither German nor English, the value of this parameter is used.


This parameter defines the languages supported by map.apps. If a language extension is installed, the new language must be added to this property. The default value is en,de. In GitHub there is a tutorial for adding more languages .


In the default layout of map.apps, the upper left corner shows the text "map.apps". This text can be changed by setting this parameter.


This parameter defines the global timeout value of all requests using esri/ct.request that do not their own timeout value.

Database connection

This section describes the configuration properties for the database connection. It is automatically created in the file system for testing purposes and requires no further configuration. Do not use the HSQL database in production environments.


If you run multiple instances of map.apps in parallel, do not use the same HSQL database. Change the parameter of every instance accordingly.

Microsoft SQL Server

When using Microsoft SQL Server, set the collation to a case-sensitive format (for example, Latin1_General_CS_AS) when creating the database.

Change the database connection by editing the following properties:


This parameter specifies whether a direct database connection (JDBC) or a container-managed database connection (JNDI) is to be established. Allowed values are jndi or jdbc. The default value is jdbc, which means that no container configuration is necessary. Use JNDI if there are several web applications in the container (such as Apache Tomcat) accessing the same database (see also Apache Tomcat JNDI documentation ).


Vendor-specific type of the database system used. This is used internally to generate correct and optimized database queries. The default value is hsqldb. Values for other database systems can be found in the following table.


Defines if and how the database schema is updated. Allowed values are validate and update. Default value is update.

Attribute values for different database systems

Database Type Example-URL




Oracle Database



Microsoft SQL Server






Direct database connection (JDBC)

To setup a direct database connection, the following parameters have to be set in addition to the preceding attributes:


The URL of the JDBC database connection. Its value depends on the database system in use (see preceding table). Default value: jdbc:hsqldb:file:$\{\}/storage/db;shutdown=true


Username of the database user. Default value: sa


Password of the database user.


Maximum number of active database connections in the deployed Connection Pool. Default value: 50


Minimum number of active database connections in the deployed Connection Pool. Default value: 1

Copy the corresponding JDBC driver to the folder %MAPAPPS%/WEB-INF/lib when using a JDBC connection.

Container managed database connection (JNDI)

To configure a database connection through JNDI, the following parameter has to be configured in addition to the three attributes listed preceding:

The JNDI name to use by the container to query the database. The default value is java:comp/env/jdbc/mapapps.

Additionally the following steps have to be performed:

  1. Open the file server.xml which is located in the conf directory of the Apache Tomcat installation folder.

  2. Add the following entry to the <GlobalNamingResources> element:

    <Resource name="mapappsdb" auth="Container"
          url="jdbc:postgresql://localhost:5432/mapapps" />

    In this example this element is adjusted to the PostgreSQL database. If you are using a different database than PostgreSQL, adjust the attributes driverClassName and URL. The preceding table lists the driverClassNames and example database URLs for various databases.

  3. Adjust the values of the attributes username and password to the conditions in your system.

  4. Copy the JAR file that contains the JDBC driver for your database to the lib directory of your Apache Tomcat.

  5. Open the file context.xml from the META-INF directory of the map.apps web application. To enable the element <ResourceLink name="jdbc/mapapps" global="mapappsdb" type="javax.sql.DataSource"/> remove the enclosing comment tags.

  6. Save all modified files and restart Apache Tomcat.

If new settings are not applied correctly or if you experience any errors, check the content of the file conf/Catalina/localhost/ct-mapapps-webapp-4.12.3.xml as this file might be out of date. If so, delete that file. It is regenerated with the correct settings during the next start of the Tomcat server.

Container managed database connection with HikariCP (JNDI)

We recommend the usage of the Database Connection Pool HikariCP.

The configuration inside the server.xml looks then like:

<Resource name="mapappsdb" auth="Container"
        dataSource.password="postgres" />

Next to the database driver it is required to install the following libraries inside the Tomcat lib directory:

PostgreSQL maintenance

So-called blobs are used to save bundles or report templates. Depending on the number and size of the uploaded files, this can result in a high amount of storage space being used over time because the blobs are not removed correctly in PostgreSQL. PostgreSQL recommends the following strategies to solve this problem:

  • Run the vacuumlo tool provided with PostgreSQL on a regular basis. The tool removes data that is no longer used.

  • Alternatively, database triggers can be registered that correctly delete the corresponding data when updating or deleting rows. The file postgres-blob-cleanup-trigger.sql in the resources/sql directory of the download file contains the SQL statements required to register the triggers.

Default URLs

Secured Access
Always use the HTTPS protocol when configuring external URLs.

URL for the ArcGIS for Server Print Task. The value is used by the printing bundle and the report service. A print task configured as synchronous is required by the reporting service. If another configuration is needed for the report service, the parameter reporting.printtask.service.url can be used.


Defines the base URL of ArcGIS Online or the central ArcGIS Portal installation for example:

The default value is: //


URL of the ArcGIS for Server Geometry Service.


URL of an Esri locator service used by the bundle locator-store by default.

Security settings

map.apps includes an integrated security mechanism on delivery. All possibilities and options for security settings, user administration and protection are summarized in security.

Proxy settings


map.apps provides an integrated proxy servlet. This is needed, because direct access to other resources is prohibited within JavaScript due to security restrictions. This property contains a list of URLs that are allowed to be accessed by the proxy servlet.

The configuration uses the following syntax:

Each entry must be followed by a ;. If several lines are to be used, a \ must follow at the end of every line (except the last one). No spaces are allowed after the \.

Within url-expression, * might be used as placeholders:


Defines that access to any subdomain of and the path '/arcgis' is allowed. Add a /** at the end of the expression to allow all deeper URLs if wildcards are used. The * wildcard does not include the /. The ** wildcard contains the /.


If no placeholders are used, it is assumed that all redirects to URLs beginning with the expression are allowed.

The following property expressions are available:

  • user:<username>
    The username for HTTP basic authentication

  • pw:<password>
    The password for HTTP basic authentication

  • token:<token>
    A long-lived ArcGIS Server Token

  • followRedirects:<true|false>
    Defines if forwarding is tracked by the proxy (default is false)

  • trusted:<true|false>
    If a URL is marked as trusted, cookies and Authorization HTTP headers are forwarded through the proxy.

Configure URLs as exactly as possible to reduce security risks!


  • full URL:**;

  • HTTP + HTTPS URL (but only default ports): *://**;

  • HTTP + HTTPS URLs (with custom ports): *://*/arcgis/rest/services/**;

  • add arcgis server token:,token:xyz123;

  • define username/password for HTTP basic authentication:**,user:test,pw:testtest;

  • define that cookies and authorization headers are forwarded:**,trusted:true;


Enables insecure values in the parameter proxy.allowedServerUrls. The default value is false.

The following configurations are considered unsafe:

  • "localhost" forwards might expose unwanted access to service on the host server over the proxy

  • protocol only definitions, like "http://" it allows uncontrolled network access over the proxy


Defines rules for proxy access based on hostnames. It provides more fine-grained control over which requests are routed through a proxy page.


That means: is requested over default "/proxy" , is requested over own proxy page "/proxyPage".

CORS settings

The following settings are required for Cross Origin Request support.

If you have configured a proxy rule, map.apps continues to use the proxy. Otherwise, requests are made with the assumption that CORS is supported.

List of base URLs of websites which are allowed to access the service interface of map.apps with CORS (* can be used as wildcard).


Example (with wildcards): http*://**

Allows access from any subdomain of via http and https from any port.


List of URLs for backend services for which the transfer of security-critical information with CORS is activated (for example cookies and authorization headers)


This setting is not applied to apps prior to version 4.6.0. See proxy.cors.enabledServers.

CORS settings for apps prior to version 4.6.0

List of URLs for backend services that support CORS.


In addition, the transfer of security-critical information (for example cookies) can be activated at this point.


This setting is not used for apps of version 4.6.0 or later. See proxy.cors.trustedServers.

Logging of errors and messages

The following logging configuration options can be used:


This parameter defines the level of detail for the logging. Allowed values are: TRACE, DEBUG, INFO, WARN, ERROR. The default value is INFO.

logging.output.location (Deprecated since 4.9.1)

Use logging.file.location instead.


This parameter defines the log file location. The default value is ${catalina.base}/logs. This is the folder of the tomcat log files. To create log files in the working directory of map.apps, use the value ${}/logs.


This parameter defines the name of the log files. The default value is ct-mapapps-webapp. To prefix log files with the URL context path of the map.apps installation (for example mapapps), use the value ${}.

Additional logging options are described in the file, for example to enable or disable logging into the console, into files, and GELF logging.