Deploying the AcuSensor agent for JAVA - Tomcat (Ubuntu Linux)

🔍 AcuSensor Network PreRequisites

AcuSensor makes use of the AcuSensor Bridge. Read more information here.

Acunetix JAVA Acusensor requires Tomcat (8.5+) and Java (1.7+). Current testing is with Tomcat 10 and Java 1.8.

The AcuSensor agent will need to be deployed to your web application. This section describes how to deploy AcuSensor to a JAVA web application.

The Java AcuSensor requires:

  • Deploying aspectjweaver.jar into your web server - provides the integration required for AcuSensor to work with your application
  • Deploying the Acunetix Java AcuSensor into your web server - this is unique for each Target, and can be downloaded by using the Download JAVA AcuSensor button
  • Configuring your web server to use Load Time Weaving (AspectJWeaver)

🔍 Assumptions for this document

This document assumes that you will be using regular repositories for Ubuntu Linux..

Deploying AspectJWeaver into your web application

  • Run the following command:

sudo apt install libaspectj-java

Deploying AcuSensor into your web application

  • Download the Acunetix JAVA AcuSensor from the Acunetix UI

AcuSensor for a specific web application on the web server (Recommended)

  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to /var/lib/tomcat9/webapps/<your_app_folder>/WEB-INF/lib

AcuSensor for all web applications on the web server

  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to /usr/share/tomcat9/lib
  • You will need to adjust your AcuSensor password to use a single AcuSensor for the entire web server - more information here.
  • Note that deploying AcuSensor for all web applications on the web server can have a performance hit

Configure Tomcat to use AspectJWeaver and AcuSensor

  • Launch Tomcat with Load Time Weaving enabled. This can be done by adding a -javaagent parameter with the path to aspectjweaver.jar when launching Tomcat, and optionally a parameter to enable AcuSensor debug logging
  1. For Ubuntu 20.04.1 where Tomcat 9 was installed using the regular Ubuntu repositories to install tomcat and needed components (sudo apt install tomcat9 libaspectj-java), you will need to add 2 parameters into the Tomcat setenv.sh script (normally you will be creating a new file):
  1. run the command: sudo nano /usr/share/tomcat9/bin/setenv.sh
  2. at the end of the file, add the line: JAVA_OPTS="$JAVA_OPTS -javaagent:/usr/share/java/aspectjweaver.jar -Dacusensor.debug.log=ON"
  3. save the file
  4. run the command: sudo systemctl restart tomcat9

Note: The parameter "-Dacusensor.debug.log=ON'' is optional, and should ONLY be used for troubleshooting purposes. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".

Disabling and Removing AcuSensor for JAVA

To remove and disable the sensor from your website you need to revert the changes done during the deployment of the Agent.:

  • Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder where it was deployed. In the case of Ubuntu 20.04.1 where Tomcat 9 was installed using the regular Ubuntu repositories to install tomcat and needed components (sudo apt install tomcat9 libaspectj-java), remove the AcuSensor.jar file by running the command: rm /usr/share/tomcat9/lib/AcuSensor.jar
  • Remove aspectjweaver.jar by running the command: sudo apt remove libaspectj-java
  • Reconfigure Tomcat with Load Time Weaving disabled:
  1. Under Ubuntu 20.04.1 this can be done as follows:
  1. remove the "JAVA_OPTS" line added earlier in the setenv.sh file
  2. run the command: sudo systemctl restart tomcat9

Note: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.

 

« Back to the Acunetix Support Page