Deploying the AcuSensor agent for JAVA - Tomcat (Ubuntu Linux)

πŸ” AcuSensor Network PreRequisites

AcuSensor makes use of the AcuSensor Bridge. Read more information here.

Acunetix JAVA Acusensor requires Tomcat (8.5+) and Java (1.7+). Current testing is with Tomcat 10 and Java 1.8.

The AcuSensor agent will need to be deployed to your web application. This section describes how to deploy AcuSensor to a JAVA web application.

The Java AcuSensor requires:

  • Deploying aspectjweaver.jar into your web server - provides the integration required for AcuSensor to work with your application
  • Deploying the Acunetix Java AcuSensor into your web server - this is unique for each Target, and can be downloaded by using the Download JAVA AcuSensor button
  • Configuring your web server to use Load Time Weaving (AspectJWeaver)

πŸ” Assumptions for this document

This document assumes that you will be using regular repositories for Ubuntu Linux..

Deploying AspectJWeaver into your web application

  • Run the following command:

sudo apt install libaspectj-java

Deploying AcuSensor into your web application

  • Download the Acunetix JAVA AcuSensor from the Acunetix UI

AcuSensor for a specific web application on the web server (Recommended)

  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to /var/lib/tomcat9/webapps/<your_app_folder>/WEB-INF/lib

AcuSensor for all web applications on the web server

  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to /usr/share/tomcat9/lib
  • You will need to adjust your AcuSensor password to use a single AcuSensor for the entire web server - more information here.
  • Note that deploying AcuSensor for all web applications on the web server can have a performance hit

Configure Tomcat to use AspectJWeaver and AcuSensor

  • Launch Tomcat with Load Time Weaving enabled. This can be done by adding a -javaagentΒ parameter with the path to aspectjweaver.jar when launching Tomcat, and optionally a parameter to enable AcuSensor debug logging
  1. For Ubuntu 20.04.1 where Tomcat 9 was installed using the regular Ubuntu repositories to install tomcat and needed components (sudo apt install tomcat9 libaspectj-java), you will need to add 2 parameters into the Tomcat setenv.sh script (normally you will be creating a new file):
  1. run the command: sudo nano /usr/share/tomcat9/bin/setenv.sh
  2. at the end of the file, add the line: JAVA_OPTS="$JAVA_OPTS -javaagent:/usr/share/java/aspectjweaver.jar -Dacusensor.debug.log=ON"
  3. save the file
  4. run the command: sudo systemctl restart tomcat9

Note: The parameter "-Dacusensor.debug.log=ON'' is optional, and should ONLY be used for troubleshooting purposes. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".

Disabling and Removing AcuSensor for JAVA

To remove and disable the sensor from your website you need to revert the changes done during the deployment of the Agent.:

  • Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder where it was deployed. In the case of Ubuntu 20.04.1 where Tomcat 9 was installed using the regular Ubuntu repositories to install tomcat and needed components (sudo apt install tomcat9 libaspectj-java), remove the AcuSensor.jar file by running the command: rm /usr/share/tomcat9/lib/AcuSensor.jar
  • Remove aspectjweaver.jar by running the command: sudo apt remove libaspectj-java
  • Reconfigure Tomcat with Load Time Weaving disabled:
  1. Under Ubuntu 20.04.1 this can be done as follows:
  1. remove the "JAVA_OPTS" line added earlier in the setenv.sh file
  2. run the command: sudo systemctl restart tomcat9

Note: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.

 

Β« Back to the Acunetix Support Page