Configuration properties

The following table contains a list of properties in the HCL Leap Leap_config.properties file. You can adjust the settings listed in the file, or add your own for a custom configuration.

Table 1. List of properties in the Leap_config.properties configuration file.
Comment description Sample value provided

The runtimeCSP setting defines the Content-Security-Policy header that will be applied to running Forms.

Note: This setting only applies to Forms. It does not currently apply to App Pages, Summarry Charts, or the View Data page.

For more information, see https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

For more information on Strict CSP, see Strict CSP.

 
ibm.nitro.NitroConfig.runtimeCSP=default-src 'self' *.example.com; img-src *

For WebSphere® Application Server only, configure the VMM login. This setting is mandatory. By default, Leap uses J2C alias vmmAdmin to authenticate with VMM. You must configure it here if you want to change the J2C alias name.

You must have WebSphere® Application Server administrative user credentials to run Leap

 
ibm.was.MemberManager.adminAlias = vmmAdmin

If you use LDAP within WebSphere® Application Server , there are a number of properties that look up user and group information. If your LDAP uses different property keys than the ones set by default, update the property keys here so that user and group look up function correctly.

If you are using LDAP within WebSphere® Application Server , the ibm.was.MemberManager.userProps.loginName key describes the LDAP property used as the login ID. Each loginName must be unique. The default setting is uid.

The ibm.was.MemberManager.userProps.id key represents a unique key for the user. This key must be identical to the loginName. The default setting is uid.

The ibm.was.MemberManager.groupProps.id key is used to represent a unique key for the group. The value is the LDAP property that is used. For example, cn, represents Common Name. The default setting is cn.

The ibm.was.MemberManager.userProps.email key is the email address of the user. Leap uses this email address to send notifications and other emails to the user. The default setting is mail.

The ibm.was.MemberManager.userProps.displayName is used to display the name of the user, instead of the login id. The default setting is cn.

 
ibm.was.MemberManager.userProps.loginName = mail 
ibm.was.MemberManager.userProps.id = mail
ibm.was.MemberManager.groupProps.id = name
ibm.was.MemberManager.userProps.email = mail
ibm.was.MemberManager.userProps.displayName = cn

Enables or disables JavaScript security in run time forms. When a form designer adds custom JavaScript to an application, this flag applies security settings to the custom JavaScript. This flag applies to the entire server. If you change this value, any existing applications must be manually redeployed to apply the change. For more information, see JavaScript API for Leap.

Note: Setting this parameter to false might expose users to malicious JavaScript. Only set to false in a secured environment where Leap applications are created by trusted users.
 
ibm.nitro.ApplicationCompilerService.secureJS = true

Provides HTML content that is shown at the end of the login screen. Can be used for status messages, or help.

ibm.nitro.InfoEntryPoint.dailyInfo = Welcome to HCL Leap

List of allowed (WhiteList), and not allowed (BlackList) of mimetypes, and the number of maximum file sizes for Application File uploads.

appFilesWhiteList – A space separated list of:
  • mimetypes – text/plain application/vnd.xfdl
  • partial mimetypes – text/audio/ /plain
  • file extensions – GIF PDF XML
  • default value – empty (everything is allowed)
appFilesBlackList – A space separated list of:
  • mimetypes – text/plain application/vnd.xfdl
  • partial mimetypes – text/audio/ /plain
  • file extensions – GIF PDF XML
  • default value – exe
appFilesMaxSize (size in kb) – A space separated list of:
  • mimetypes – text/plain application/ /vnd.xfdl
  • file extensions – GIF PDF XML or default as special type
  • default value – 5000

ibm.nitro.NitroConfig.appFilesWhiteList = css js html exe text/plain application/vnd.xfdl mov avi

ibm.nitro.NitroConfig.appFilesBlackList =exe

ibm.nitro.NitroConfig.appFilesMaxSize.10000 = default

ibm.nitro.NitroConfig.appFilesMaxSize.50000 = mov avi

List of allowed (WhiteList), and not allowed (BlackList) of mimetypes, and the number of maximum file sizes for the Attachment form item.

attachmentFilesWhiteList – A space separated list of:
  • mimetypes – text/plain application/vnd.xfdl
  • partial mimetypes – text/audio/ /plain
  • file extensions – GIF PDF XML
  • default value – empty (everything is allowed)
attachmentFilesBlackList – A space separated list of:
  • mimetypes – text/plain application/vnd.xfdl
  • partial mimetypes – text/audio/ /plain
  • file extensions – GIF PDF XML
  • default value – exe js html svg
attachmentFilesMaxSize (size in kb) – A space separated list of:
  • mimetypes – text/plain application/ /vnd.xfdl
  • file extensions – GIF PDF XML or default as special type
  • default value – 5000

ibm.nitro.NitroConfig.attachmentFilesWhiteList = css js html exe text/plain application/vnd.xfdl mov avi

ibm.nitro.NitroConfig.attachmentFilesBlackList =exe

ibm.nitro.NitroConfig.attachmentFilesMaxSize.10000 = default

ibm.nitro.NitroConfig.attachmentFilesMaxSize.50000 = mov avi

You can provide the user more contact information when the following error message is shown. If the message is We are unable to process your request. If this error persists, report the problem to your administrator at adminInfo1, or adminInfo2, and provide error reference: XXX. You provide adminInfo1 and adminInfo2. If you provide only adminInfo1, then the message is shortened.

ibm.nitro.NitroConfig.adminInfo1 = admin@yourcompany.com

ibm.nitro.NitroConfig.adminInfo2 = 1-800-GET-HELP

Hides the "Use" tab, and prevents fetching the list of deployed and usable applications.

ibm.nitro.NitroConfig.disableUseTab=true

Where:
  • true - "Use" tab is hidden
  • false - "Use" tab is displayed
Default: false

For WebSphere® Application Server with DB2® , or Oracle. The maximum number of records that View Response counts up to when returning large record sets. Larger values are still returned, but the paging no longer accurately lists the total number of pages. Setting this value higher can have performance consequences for the server if there are many users viewing forms with large response lists.

ibm.nitro.NitroConfig.viewResponsesMaximumCount=2000

Maximum number of records that are permitted for export from the View Data page at one time. If the number of records to be exported exceeds the number set by this property, the export is stopped, and an error message is shown.

Note: The default value of 20,000 is supported for base systems. Setting the value higher results in poor performance, depending on result set size and server hardware.

ibm.nitro.NitroConfig.maximumRecordsToRetrieve=25000

Indicates the base URI used for critical functions, including editing applications, and email. Must include everything necessary to connect to the Leap context, for example, /apps. With this entry, all emailed links, and absolute links visible during Leap design time start with the following base URI regardless of what the user enters in the address bar.

ibm.nitro.NitroConfig.serverURI = http://host:9080/apps

As of Leap 8.5.1 anonymous access is no longer allowed by default. To complete a Leap application or survey, users must authenticate with a valid user ID and password.

ibm.nitro.NitroConfig.blockAnonAccess=redirect

Where:
  • enabled - anonymous access is blocked
  • disabled - anonymous access is allowed
  • redirect - redirects the user to authenticate
    Note: Redirection is not available for Leap with WebSphere® Portal .
Default: redirect

When a user attempts to access a Leap application anonymously, an error message is displayed. The default message is Anonymous access blocked. You can change the default message to provide additional information to the user.

ibm.nitro.NitroConfig.anonBlockedMsg=Anonymous access blocked

By default when you export data from applications, emails are also exported. You can exclude emails from the export by changing the property value to false.

ibm.nitro.NitroConfig.exportDataWithEmails=true

Where:
  • true - emails are exported with application data
  • false - emails are not exported with application data
Default: true

If Leap detects an unsupported browser, a warning message is displayed to the user. The user can still see the form after the warning message is closed.

ibm.nitro.NitroConfig.detectBrowser=warn

Where:
  • warn - The user is warned that the browser is unsupported. A list of supported browsers is displayed in the warning message. When the user closes the warning message, the form is displayed.
  • ignore - The user is not warned that the browser is unsupported, and the form is displayed.
Default: warn

The value of this parameter tells Leap where to redirect user after log off. If the parameter is not configured or left blank, the user is redirected to the login page

ibm.nitro.LogoutServlet.postLogoutRedirectURL=http://example_url.com/signout

Defines a form designer specified white-list of domains and HTTP actions allowed for URL-based services.

domain - The domain property implicitly allows sub-domains. For example, a domain property of example.com allows URLs such as https://www.example.com/anything,http://api.example.com/anything , or https://example.com/anything.

The https or http protocol included in the domain property is respected. For example, a domain property of https://api.example.com only allows calls to secure SSL https://api.example.com/anything and not to non-secure http://api.example.com/anything.

actions - A comma-separated list of the HTTP actions allowed for a particular domain. Valid values are GET, PUT, POST, and DELETE. If the actions value is missing, no actions are allowed.
Note: This white-list has no effect on service descriptions and custom service transports that were installed on the server by the administrator.

ibm.nitro.NitroConfig.servicesWhitelist.enabled = true

ibm.nitro.NitroConfig.servicesWhitelist.1.domain = example.com
ibm.nitro.NitroConfig.servicesWhitelist.1.actions = GET
ibm.nitro.NitroConfig.servicesWhitelist.2.domain = https://securehost.com
ibm.nitro.NitroConfig.servicesWhitelist.2.actions = GET, POST,PUT
Use this setting to control the X-Frame-Options response header for Leap pages. For example, to keep Leap from being embedded in third-party sites, use ibm.nitro.NitroConfig.xFrameOptions = SAMEORIGIN. ibm.nitro.NitroConfig.xFrameOptions = SAMEORIGIN
Enables integration with IBM Watson Content Hub. This allows Leap applications to select assets from IBM Watson Content Hub. ibm.nitro.NitroConfig.wchEnabled=false
Where:
  • true - enables a choice in the design experience that allows a design user to select assets from IBM Watson Content Hub (a Watson Content Hub subscription is required)
  • false - feature remains disabled

Default: false
IBM Watson Content Hub API URL. This setting is optional. When set in the config, all Leap users will use the same Watson Content Hub tenant for selecting assets. When it's not set, Leap design users can set their own Watson Content Hub API URL at the time of use.

ibm.nitro.NitroConfig.wchEnabled=true is required for this setting to work.

 ibm.nitro.NitroConfig.wchApiUrl=https://my1.digitalexperience.ibm.com/api/<guid>

LEAP contains an event handling implementation that enables printing out all or specific events in the system log or in a separate file based on properties setting, by default this feature is not enabled. Change properties, in the Leap_config.properties file, to monitor events that you are interested in, and where you want to output the event information.

infoLevelEvents and debugLevelEvents will output Events information in Application Server's system log at info or debug level.

auditLevelEvents is will output to a file, default file location on Windows is c:\febEvents.log and AIX/Linux is /febEvents.log, with maximum file size 5MB, back up to 5 files.

The content of the event output is in CSV format, the description of the data: Event topic, event issued time stamp, user id, user email, Leap application id, Leap application name, Leap application Form short name, Record Id, result

Sample csv formatted data: builder/source/save,2015-10-06T14:12:31.607Z,a6d44e9f-ca38-4ebd-a5ff-6062b2cd304e,,aa7bd4cd-ea11-4776-8834-07713ebdb39c,Stages,,,Success builder/record/submit,2015-10-06T13:49:38.568Z,a6d44e9f-ca38-4ebd-a5ff-6062b2cd304e,,aa7bd4cd-ea11-4776-8834-07713ebdb39c,Stages,F_Form1,54ec9364-a32e-4d4e-a2f3-11b399fc951c,Success

Below is the list of event topics that Leap sends out:
"builder/app/delete" – Application is deleted
"builder/app/deploy" – Application is deployed for the first time
"builder/app/redeploy" – A deployed application is deployed again
"builder/app/stop" – A deployed application is stopped
"builder/app/import" – Application is imported
"builder/app/importAndDeploy" – Application is imported and deployed
"builder/app/importAndDeployWithData" – Application is imported and deployed with data
"builder/app/export" – Application is exported
"builder/app/exportWithData" – Application is exported with data
"builder/app/upgrade" – Application is upgraded
"builder/app/upgradeWithDataReplaced" – Application is upgraded and the data replaced
"builder/app/result/export" – Application data is exported from View Data (or REST API)
"builder/app/retrieve/source"
"builder/app/query/deployed"

"builder/record/submit" – A form is submitted
"builder/record/update" – A specific form record is updated
"builder/record/delete" – A specific form record is deleted

"builder/data/insert/user"
"builder/data/insert/code"
"builder/data/update/user"
"builder/data/update/code"
"builder/data/delete/user"
"builder/data/delete/code"

To capture failed events, use "builder/error" + mainEventCode

To enable the event logging for all events under normal trace settings:

ibm.nitro.EventHandler.infoLevelEvents=*

To enable event logging for all form submission events, including failed ones:

ibm.nitro.EventHandler.infoLevelEvents= builder/record/submit, builder/error/ builder/record/submit

The customThemes config settings define a list of customer-provided themes that can be used in Leap applications.

For each theme, two parameters must be set: customThemes.[ID].displayName customThemes.[ID].location

[ID] -An identifier for the custom theme (e.g. "corpTheme1"). The id can contain the letters 'a' through 'z' and numbers, and must start with a letter. displayName - The theme name to be displayed in the Leap authoring UI location -The full URL of the theme's .css file

For each theme, there are 2 optional parameters: customThemes.[ID].isDefault customThemes.[ID].nl.[LOCALE]

isDefault -If set to true, designates the theme as the default selection for new applications nl.[LOCALE] -For globalization support of the theme's display name. [LOCALE] is the locale code that identifies the language (e.g., "en","fr", "fr_CA", "zh")

After modifying these settings, restart the Leap application to see the changes in the authoring environment. If the location property of a theme is modified, any deployed applications using that custom theme will need to be redeployed for changes to take affect.

customThemes.corpTheme1.displayName = Corp Theme customThemes.corpTheme1.nl.fr = Thème d'entreprise customThemes.corpTheme1.nl.zh = 企业主题 customThemes.corpTheme1.isDefault = true customThemes.corpTheme1.location = https://mycompany.com/theme.css

customThemes.corpTheme2.displayName = Corp Theme 2 customThemes.corpTheme2.nl.fr = Thème d'entreprise 2 customThemes.corpTheme2.nl.zh = 企业主题2 customThemes.corpTheme2.isDefault = false customThemes.corpTheme2.location = https://mycompany.com/theme2.css

The imageDomainWhiteList config settings define a white-list of domains from where images can be uploaded to a Rich Text Entry field.

In addition to setting

imageDomainWhitelist.enabled=true

for each domain an additional parameters must be set.

imageDomainWhitelist.[N].domain =

Where "[N]" is an integer number identifying that service.

domain - The domain property implicitly allows sub-domains. For example, a domain property of example.com allows URLs such as https://www.example.com/anything,http://api.example.com/anything , or https://example.com/anything.

imageDomainWhitelist.enabled=true

imageDomainWhitelist.1.domain = example.com

imageDomainWhitelist.2.domain = https://myserver.com/images/
Access to a service description may be given to a specific user, group, or special assignment. The access control is made up of two parts:
  • Who may discover and work with the service while designing an application.
  • Who may run the service.
Users or Groups provided must be defined using the attributes defined by ibm.was.MemberManager.userProps.id = mail and ibm.was.MemberManager.groupProps.id = name respectively.

Special assignment valid values are:
  • all-authenticated: for app author "discover" privilege only
  • anonymous: for app authors and end-user "discover" and "invoke" privileges
  • all-authors: for end-user "invoke" privilege only
To enable service authorizations, set ibm.nitro.NitroConfig.serviceAuthorization.enabled=true.

Multiple services may be defined. To define a service authorization, add ibm.nitro.NitroConfig.serviceAuthorization.serviceIdN where serviceIdN is the 'id' of the service description. The value must be a valid JSON string, see provided samples.
Note: A backslash (\) at the very end of a line can be used to present a value over multiple lines. The backslashmust be the very last character on the line.
 
ibm.nitro.NitroConfig.serviceAuthorization.enabled = true
ibm.nitro.NitroConfig.serviceAuthorization.jxpath-sample = {{"comment": 
"Sample 1","discover": { "users": [ "user1" ], "groups": [],"special": [] }, "invoke": 
{ "users": [ "user1"], "groups": [], "special": [] } }