Deploying AcuSensor for JAVA - Windows (Jetty 10.0.10 + WAR file)

The following article shows you how you can run a Java application in Jetty and then use AcuSensor to run an interactive application security testing (IAST) scan for that application.

🔍 Environment Notes

  • This document assumes you have Jetty installed in C:\jetty
  • This document was tested on Windows 10 using Amazon Corretto OpenJDK 11 installed in the folder C:\Program Files\Amazon Corretto\jdk11.0.15_9.
  • You will also need to set your JAVA_HOME environment variable to the folder in question:

PreRequisites

  • Install JAVA
  • Install Eclipse IDE for Enterprise JAVA and Web Developers
  • Install Eclipse Extensions from "Web, XML, Java EE and OSGI Enterprise Development":
  • Eclipse Java EE Developer Tools
  • Eclipse Java Web Developer Tools
  • Eclipse Web Developer Tools
  • JST Server Adapters Extensions (Apache Tomcat)

Step 1: Prepare an Example Application Using Eclipse IDE

  • Go to the menu item File → New → Project

  • In the New Project wizard, search for and select the Dynamic Web Project option and click on the Next button

  • Set the Project name field to axexample-java
  • Set the Target runtime field to Apache Tomcat v8.5
  • Set the Dynamic web module version field to 3.1
  • Set the Configuration field to Default Configuration for Apache Tomcat v8.5
  • Click on the Next button

  • In the Java window, leave default settings and click on the Next button

  • In the Web Module window, enable the Generate web.xml option and click the Finish button

  • In the Open Associated Perspective? dialog, click on the No button
  • Expand the axexample-java project
  • Right-click on the src folder
  • Select the New → Other option

  • Highlight the Servlet option
  • Click on the Next > button

  • Set the Java package field to com.mytest.axexample
  • Set the Class name field to axExampleJavaServlet
  • Click on the Finish button
  • Edit the contents of the axExampleJavaServlet.java file to read as follows:

package com.mytest.axexample;

import java.io.IOException;

import java.io.PrintWriter;

import javax.servlet.ServletException;

import javax.servlet.annotation.WebServlet;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

/**

 * Servlet implementation class HelloWorldServlet

 */

@WebServlet("/axExampleJavaServlet")

public class axExampleJavaServlet extends HttpServlet {

        private static final long serialVersionUID = 1L;

       

    /**

     * @see HttpServlet#HttpServlet()

     */

    public axExampleJavaServlet() {

        super();

        // TODO Auto-generated constructor stub

    }

        /**

         * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)

         */

        protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

                PrintWriter out = response.getWriter();

                out.print("<html><body><h1>Test JAVA Site Example for AWS Elastic Beanstalk</h1><br>Welcome to the main page.<br></body></html>");

        }

        /**

         * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)

         */

        protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

                // TODO Auto-generated method stub

                doGet(request, response);

        }

}

  • Expand the axexample-java project, right click on the axexample-java/src/main/webapp folder, and select the New → File option

  • Set the filename to index.html and click on the Finish button
  • Edit the contents of the index.html file to read as follows:

<head>

<title>Test JAVA Site Example for AWS Elastic Beanstalk</title>

</head>

<body>

<h1>Test JAVA Site Example for AWS Elastic Beanstalk</h1><br/><br/>

<a href="axExampleJavaServlet">Click here to invoke servlet</a>

</body>

</html>

  • Make sure that the changes to both new files are saved
  • Right-click on the axexample-java project, click on the Export… option, search for the WAR file option, and select it

  • Click on the Next > button and select a Destination for your exported WAR file

  • Ensure that the filename for your export file is axexample-java.war
  • Click on the Finish button

Step 2: Prepare AcuSensor for Java

We will deploy the test application to the following URL: http://127.0.0.1:8080/axexample-java/ (in a production environment, you will need to change this to the hostname you will use for your deployment)

  • Create a new target for your URL
  • Download AcuSensor for Java from the Acunetix UI and retain the AcuSensor.jar file for the next step

Step 3: Prepare a folder for the AspectJWeaver component

Step 4: Prepare your Jetty deployment by installing prerequisites

  • Using a text editor, edit the contents of the C:\jetty\resources\jetty-logging.properties file to read as follows:

## Set logging levels from: ALL, TRACE, DEBUG, INFO, WARN, ERROR, OFF

org.eclipse.jetty.LEVEL=INFO

com.invicti.LEVEL=TRACE

context.LEVEL=TRACE

  • Using a text editor, edit the contents of the C:\jetty\resources\java-util-logging.properties file to read as follows:

.level=INFO

handlers=org.slf4j.bridge.SLF4JBridgeHandler

com.invicti.useParentHandlers=false

com.invicti.handlers = org.slf4j.bridge.SLF4JBridgeHandler

com.invicti.level = FINEST

context.useParentHandlers=false

context.handlers = org.slf4j.bridge.SLF4JBridgeHandler

context.level = FINEST

java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n

  • Launch Jetty from the C:\jetty folder with the parameters:

 --add-modules=annotations,deploy,ext,http,jsp,logging-jul-capture,resources,server --approve-all-licenses

  • … as follows:

C:\jetty>java -jar start.jar --add-modules=annotations,deploy,ext,http,jsp,logging-jul-capture,resources,server --approve-all-licenses

INFO  : All Licenses Approved via Command Line Option

WARN  : creating start.d in ${jetty.home} is not recommended!

Proceed (y/N)? y

INFO  : mkdir ${jetty.base}\start.d

INFO  : webapp          transitively enabled, ini template available with --add-module=webapp

INFO  : ext             initialized in ${jetty.base}\start.d\ext.ini

INFO  : server          initialized in ${jetty.base}\start.d\server.ini

INFO  : logging-jul-capture initialized in ${jetty.base}\start.d\logging-jul-capture.ini

INFO  : servlet         transitively enabled

INFO  : jsp             initialized in ${jetty.base}\start.d\jsp.ini

INFO  : annotations     initialized in ${jetty.base}\start.d\annotations.ini

INFO  : resources       initialized in ${jetty.base}\start.d\resources.ini

INFO  : threadpool      transitively enabled, ini template available with --add-module=threadpool

INFO  : plus            transitively enabled

INFO  : deploy          initialized in ${jetty.base}\start.d\deploy.ini

INFO  : logging-jetty   transitively enabled

INFO  : security        transitively enabled

INFO  : apache-jsp      transitively enabled

INFO  : jndi            transitively enabled

INFO  : http            initialized in ${jetty.base}\start.d\http.ini

INFO  : logging/slf4j   transitive provider of logging/slf4j for logging-jetty

INFO  : logging/slf4j   transitive provider of logging/slf4j for logging-jul-capture

INFO  : logging/slf4j   dynamic dependency of logging-jetty

INFO  : bytebufferpool  transitively enabled, ini template available with --add-module=bytebufferpool

INFO  : mkdir ${jetty.base}\lib\ext

INFO  : download https://repo1.maven.org/maven2/org/slf4j/jul-to-slf4j/2.0.0-alpha6/jul-to-slf4j-2.0.0-alpha6.jar to ${jetty.base}\lib\logging\jul-to-slf4j-2.0.0-alpha6.jar

INFO  : mkdir ${jetty.base}\resources

INFO  : copy ${jetty.base}\modules\logging\jul\resources\java-util-logging-bridge.properties to ${jetty.base}\resources\java-util-logging.properties

INFO  : mkdir ${jetty.base}\webapps

INFO  : copy ${jetty.base}\modules\logging\jetty\resources\jetty-logging.properties to ${jetty.base}\resources\jetty-logging.properties

INFO  : Base directory was modified

C:\jetty>

Step 5: Deploy AcuSensor and required components

  • Copy your AcuSensor.jar file into C:\jetty\lib\ext\AcuSensor.jar
  • Using a text editor, create a file C:\jetty\start.d\start.ini
  • Edit the contents of the C:\jetty\start.d\start.ini file to read as follows:

--exec

-javaagent:C:\jetty\lib\aspectjweaver-1.9.7.jar

-Dacusensor.debug.log=ON

Step 6: Deploy your application

  • Copy your axexample-java.war file into the C:\jetty\webapps

Step 7: Start your Jetty server

  • From the command line, navigate to your C:\jetty folder, and launch Jetty:

C:\jetty> java -jar start.jar

Test and scan your web application

Point your browser to your web application to confirm it is running as intended; you will get the following:

Finally, run a scan on your target; the Activity panel will confirm that AcuSensor was detected and used for the scan.

 

« Back to the Acunetix Support Page