Deploying the AcuSensor agent for JAVA - Ubuntu Linux

Acunetix JAVA Acusensor requires Tomcat (7+) and Java (1.7+). Current testing is with Tomcat 9 and Java 1.8.

The AcuSensor agent will need to be deployed to your web application. This section describes how to deploy AcuSensor to a JAVA web application.

The Java AcuSensor requires:

  1. Deploying aspectjweaver.jar into your web server - provides the integration required for AcuSensor to work with your application
  2. Deploying the Acunetix Java AcuSensor into your web server - this is unique for each Target, and can be downloaded by using the Download JAVA AcuSensor button
  3. Configuring your web server to use Load Time Weaving (AspectJWeaver)

Assumptions for this document

Note: This document assumes that you will be using regular repositories for Ubuntu Linux.

Deploying AspectJWeaver into your web application

  • Run the following command: sudo apt install libaspectj-java

Deploying AcuSensor into your web application

  • Download the Acunetix JAVA AcuSensor from the Acunetix UI
  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to %TOMCAT-HOME%\lib
  1. If deploying to Ubuntu 18.04.3 where Tomcat 9 was installed using the regular Ubuntu repositories to install tomcat and needed components (sudo apt install tomcat9 libaspectj-java), copy the AcuSensor.jar file to /usr/share/tomcat9/lib

Configure Tomcat to use AspectJWeaver and AcuSensor

  • Launch Tomcat with Load Time Weaving enabled. This can be done by adding a -javaagent parameter with the path to aspectjweaver.jar when launching Tomcat, and optionally a parameter to enable AcuSensor debug logging
  1. For Ubuntu 18.04.3 where Tomcat 9 was installed using the regular Ubuntu repositories to install tomcat and needed components (sudo apt install tomcat9 libaspectj-java), you will need to add 2 parameters into the Tomcat setenv.sh script (normally you will be creating a new file):
  1. run the command: sudo nano /usr/share/tomcat9/bin/setenv.sh
  2. at the end of the file, add the line: JAVA_OPTS="$JAVA_OPTS -javaagent:/usr/share/java/aspectjweaver.jar -Dacusensor.debug.log=ON"
  3. save the file
  4. run the command: sudo systemctl restart tomcat9

Note: The parameter "-Dacusensor.debug.log=ON" is optional, and can be omitted. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".

Disabling and Removing AcuSensor for JAVA

To remove and disable the sensor from your website you need to revert the changes done during the deployment of the Agent.:

  • Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder where it was deployed. In the case of Ubuntu 18.04.3 where Tomcat 9 was installed using the regular Ubuntu repositories to install tomcat and needed components (sudo apt install tomcat9 libaspectj-java), remove the AcuSensor.jar file by running the command: rm /usr/share/tomcat9/lib/AcuSensor.jar
  • Remove aspectjweaver.jar by running the command: sudo apt remove libaspectj-java
  • Reconfigure Tomcat with Load Time Weaving disabled:
  1. Under Ubuntu 18.04.3 this can be done as follows:
  1. remove the "JAVA_OPTS" line added earlier in the setenv.sh file
  2. run the command: sudo systemctl restart tomcat9

Note: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.

 

« Back to the Acunetix Support Page