Deploying the AcuSensor agent for JAVA - Centos 8.1 & RHEL 8.1

Acunetix JAVA Acusensor requires Tomcat (7+) and Java (1.7+). Current testing is with Tomcat 9 and Java 1.8.

The AcuSensor agent will need to be deployed to your web application. This section describes how to deploy AcuSensor to a JAVA web application.

The Java AcuSensor requires:

  1. Deploying aspectjweaver.jar into your web server - provides the integration required for AcuSensor to work with your application
  2. Deploying the Acunetix Java AcuSensor into your web server - this is unique for each Target, and can be downloaded by using the Download JAVA AcuSensor button
  3. Configuring your web server to use Load Time Weaving (AspectJWeaver)

Assumptions for this document

Note: Since there are no packages in the official repositories to install Tomcat 9, this document assumes that the Tomcat 9 zip file was installed directly into /opt/apache-tomcat-9.0.31 with a symlink /opt/tomcat9 pointing to this installation folder.

Note: This document assumes that the official RPM file jre-8u241-linux-x64.rpm from Oracle was used to install the JRE using command line: dnf install jre-8u241-linux-x64.rpm

Note: This document assumes that you will be using version 1.9.5 (latest at time of writing) of AspectJWeaver.

Deploying AspectJWeaver into your web application

To download and deploy AspectJWeaver, run the following commands:

Deploying AcuSensor into your web application

  • Download the Acunetix JAVA AcuSensor from the Acunetix UI
  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to %TOMCAT-HOME%\lib - based on the assumptions above, you would copy the AcuSensor.jar file to /opt/tomcat9/lib

Configure Tomcat to use AspectJWeaver and AcuSensor

  • Launch Tomcat with Load Time Weaving enabled. This can be done by adding a -javaagent parameter with the path to aspectjweaver.jar when launching Tomcat, and optionally a parameter to enable AcuSensor debug logging
  1. For Centos 8.1 and RHEL 8.1, you will need to add 2 parameters into the Tomcat setenv.sh script (normally you will be creating a new file):
  1. run the command: sudo nano /opt/tomcat9/bin/setenv.sh
  2. at the end of the file, add the line: JAVA_OPTS="$JAVA_OPTS -javaagent:$CATALINA_HOME/lib/aspectjweaver.jar -Dacusensor.debug.log=ON"
  3. save the file
  4. run the command: sudo systemctl restart tomcat9

Note: The parameter "-Dacusensor.debug.log=ON" is optional, and can be omitted. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".

Disabling and Removing AcuSensor for JAVA

To remove and disable the sensor from your website you need to revert the changes done during the deployment of the Agent. Based on the assumptions above:

  1. Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder where it was deployed with:
  1. rm /opt/tomcat9/lib/AcuSensor.jar
  1. Remove aspectjweaver.jar with:
  1. sudo rm /opt/tomcat9/lib/aspectjweaver.jar
  2. sudo rm /opt/tomcat9/lib/aspectjweaver-1.9.5.jar
  1. Reconfigure Tomcat with Load Time Weaving disabled:
  1. remove the "JAVA_OPTS" line added earlier in the setenv.sh file
  2. run the command: sudo systemctl restart tomcat9

Note: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.

 

« Back to the Acunetix Support Page