Deploying the AcuSensor agent for JAVA - Tomcat (Centos 8.1 & RHEL 8.1)

🔍 AcuSensor Network PreRequisites

AcuSensor makes use of the AcuSensor Bridge. Read more information here.

Acunetix JAVA Acusensor requires Tomcat (8.5+) and Java (1.7+). Current testing is with Tomcat 10 and Java 1.8.

The AcuSensor agent will need to be deployed to your web application. This section describes how to deploy AcuSensor to a JAVA web application.

The Java AcuSensor requires:

  • Deploying aspectjweaver.jar into your web server - provides the integration required for AcuSensor to work with your application
  • Deploying the Acunetix Java AcuSensor into your web server - this is unique for each Target, and can be downloaded by using the Download JAVA AcuSensor button
  • Configuring your web server to use Load Time Weaving (AspectJWeaver)

Assumptions for this document

Note: Since there are no packages in the official repositories to install Tomcat 9, this document assumes that the Tomcat 9 zip file was installed directly into /opt/apache-tomcat-9.0.31 with a symlink /opt/tomcat9 pointing to this installation folder.

Note: This document assumes that the official RPM file jre-8u241-linux-x64.rpm from Oracle was used to install the JRE using command line: dnf install jre-8u241-linux-x64.rpm

Note: This document assumes that you will be using version 1.9.5 (latest at time of writing) of AspectJWeaver.

Deploying AspectJWeaver into your web application

To download and deploy AspectJWeaver, run the following commands:

Deploying AcuSensor into your web application

  • Download the Acunetix JAVA AcuSensor from the Acunetix UI

AcuSensor for a specific web application on the web server (Recommended)

  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to /opt/tomcat9/webapps/<your_app_folder>/WEB-INF/lib

AcuSensor for all web applications on the web server

  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to /opt/tomcat9/lib
  • You will need to adjust your AcuSensor password to use a single AcuSensor for the entire web server - more information here.
  • Note that deploying AcuSensor for all web applications on the web server can have a performance hit

Configure Tomcat to use AspectJWeaver and AcuSensor

  • Launch Tomcat with Load Time Weaving enabled. This can be done by adding a -javaagent parameter with the path to aspectjweaver.jar when launching Tomcat, and optionally a parameter to enable AcuSensor debug logging
  1. For Centos 8.1 and RHEL 8.1, you will need to add 2 parameters into the Tomcat setenv.sh script (normally you will be creating a new file):
  1. run the command: sudo nano /opt/tomcat9/bin/setenv.sh
  2. at the end of the file, add the line: JAVA_OPTS="$JAVA_OPTS -javaagent:$CATALINA_HOME/lib/aspectjweaver.jar -Dacusensor.debug.log=ON"
  3. save the file
  4. run the command: sudo systemctl restart tomcat9

Note: The parameter "-Dacusensor.debug.log=ON" is optional, and should ONLY be used for troubleshooting purposes. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".

Disabling and Removing AcuSensor for JAVA

To remove and disable the sensor from your website you need to revert the changes done during the deployment of the Agent. Based on the assumptions above:

  1. Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder where it was deployed with:
  1. rm /opt/tomcat9/lib/AcuSensor.jar
  1. Remove aspectjweaver.jar with:
  1. sudo rm /opt/tomcat9/lib/aspectjweaver.jar
  2. sudo rm /opt/tomcat9/lib/aspectjweaver-1.9.5.jar
  1. Reconfigure Tomcat with Load Time Weaving disabled:
  1. remove the "JAVA_OPTS" line added earlier in the setenv.sh file
  2. run the command: sudo systemctl restart tomcat9

Note: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.

 

« Back to the Acunetix Support Page