Installing the AcuSensor agent for JAVA websites
First, you need to download the AcuSensor agent for your Target.
The AcuSensor agent will need to be installed in your web application. This section describes how to install AcuSensor in a JAVA web application.
The Java AcuSensor requires the installation of 2 files:
- The Acunetix Java AcuSensor - This is unique for each Target, and can be downloaded by using the Download JAVA AcuSensor button.
- aspectweaver.jar - provides the integration required for AcuSensor to work with your application. This can be downloaded from https://www.acunetix.com/download/aspectjweaver.zip.
Acunetix JAVA Acusensor requires Tomcat (7+) and Java (1.7+)
- Download the Acunetix JAVA AcuSensor from the Acunetix UI.
- Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to %TOMCAT-HOME%\lib
- Copy aspectjweaver.jar to any folder on disk, e.g.: C:\aspectj1.8\lib
- Launch Tomcat with Load Time Weaving enabled. This can be done by adding a -javaagent parameter with the path to aspectjweaver.jar when launching Tomcat as shown below:
java -javaagent:C:\aspectj1.8\lib\aspectjweaver.jar -Djava.util.logging.config.file=C:\apache-tomcat-8.5.15\conf\logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager "-Djdk.tls.ephemeralDHKeySize=2048" "-Djava.protocol.handler.pkgs=org.apache.catalina.webresources" -classpath "C:\apache-tomcat-8.5.15\bin\bootstrap.jar;C:\apache-tomcat-8.5.15\bin\tomcat-juli.jar" -Dcatalina.base=C:\apache-tomcat-8.5.15 -Dcatalina.home=C:\apache-tomcat-8.5.15 -Djava.io.tmpdir=C:\apachetomcat-8.5.15\temp org.apache.catalina.startup.Bootstrap start
- If Tomcat is started as a Windows service, you will need to specify the javaagent from Apache Tomcat Configuration > JAVA options tab.
- If Tomcat is used on Linux, the -javaagent command needs to be added to the Tomcat start shell script, which is usually located in /opt/tomcat/bin/startup.sh
- To enable extra debug logging add the following parameter when running tomcat -Dacusensor.debug.log=ON
This will output AcuSensor logging in the Tomcat logs starting with: [Acunetix-debug]
Disabling and uninstalling AcuSensor for JAVA
To uninstall and disable the sensor from your website you need to revert the changes done during the installation of the Agent.:
- Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) to %TOMCAT-HOME%\lib
- Remove aspectjweaver.jar from the folder where it was copied to
- Stop launching Tomcat with Load Time Weaving enabled. This can be done by removing the -javaagent parameter with the path to aspectjweaver.jar
- If Tomcat is started as a Windows service, you will need to remove the javaagent parameter from Apache Tomcat Configuration > JAVA options tab
Note: Although the Acunetix AcuSensor agent are secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.