Deploying the AcuSensor agent for JAVA - Docker (Tomcat)

Acunetix JAVA Acusensor requires Tomcat (8.5+) and Java (1.7+). Current testing is with Tomcat 10 and Java 1.8.

The AcuSensor agent will need to be deployed to your web application. This section describes how to deploy AcuSensor to a JAVA web application.

The Java AcuSensor requires:

• Deploying aspectjweaver.jar into your web server - provides the integration required for AcuSensor to work with your application
• Deploying the Acunetix Java AcuSensor into your web server - this is unique for each Target, and can be downloaded by using the Download JAVA AcuSensor button
• Configuring your web server to use Load Time Weaving (AspectJWeaver)

Assumptions for this document

Note: Since your docker container can be built from a variety of different templates, the file locations (path) may be different. This document assumes that:

• the docker container was built with "FROM tomcat:9.0-alpine".
• the docker container name is "mycontainer" - you will have to substitute with your docker container's name

Note: This document assumes that you will be using version 1.9.5 (latest at time of writing) of AspectJWeaver.

Deploying AspectJWeaver into your web application

To download and deploy AspectJWeaver, run the following commands:

• wget -c https://repo1.maven.org/maven2/org/aspectj/aspectjweaver/1.9.5/aspectjweaver-1.9.5.jar
• mv aspectjweaver-1.9.5.jar aspectjweaver.jar
• docker cp aspectjweaver.jar mycontainer:/usr/local/tomcat/lib/

Deploying AcuSensor into your web application

• Download the Acunetix JAVA AcuSensor from the Acunetix UI
• Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to %TOMCAT-HOME%\lib

1. If deploying to a docker container, copy the AcuSensor.jar file to /usr/local/tomcat/lib/ using the command: docker cp AcuSensor.jar mycontainer:/usr/local/tomcat/lib/

Configure Tomcat to use AspectJWeaver and AcuSensor

• Launch Tomcat with Load Time Weaving enabled. This can be done by adding a -javaagent parameter with the path to aspectjweaver.jar when launching Tomcat, and optionally a parameter to enable AcuSensor debug logging

1. For a docker container, you will need to add 2 parameters into the Tomcat setenv.sh script - this assumes that this file does not exist within the docker container:

1. run the command: nano setenv.sh
2. at the end of the file, add the line: JAVA_OPTS="$JAVA_OPTS -javaagent:/usr/local/tomcat/lib/aspectjweaver.jar -Dacusensor.debug.log=ON"
3. save the file
4. move the file into the docker container:

1. docker cp setenv.sh mycontainer:/usr/local/tomcat/bin/

5. restart the container: docker restart mycontainer

Note: The parameter "-Dacusensor.debug.log=ON" is optional, and should ONLY be used for troubleshooting purposes. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".

Disabling and Removing AcuSensor for JAVA

To remove and disable the sensor from your website you need to revert the changes done during the deployment of the Agent.:

1. Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder where it was deployed. In the case of a docker environment, run the command:

1. docker exec mycontainer rm /usr/local/tomcat/lib/AcuSensor.jar

2. Remove aspectjweaver.jar; run the commands:

1. docker exec mycontainer rm /usr/local/tomcat/lib/aspectjweaver.jar

3. Reconfigure Tomcat with Load Time Weaving disabled:

1. docker exec mycontainer rm /usr/local/tomcat/bin/setenv.sh
2. docker restart mycontainer

Note: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.