Deploying the AcuSensor agent for JAVA - Tomcat (Windows)

🔍 AcuSensor Network PreRequisites

AcuSensor makes use of the AcuSensor Bridge. Read more information here.

Acunetix JAVA Acusensor requires Tomcat (8.5+) and Java (1.7+). Current testing is with Tomcat 10 and Java 1.8.

The AcuSensor agent will need to be deployed to your web application. This section describes how to deploy AcuSensor to a JAVA web application.

The Java AcuSensor requires:

  • Deploying aspectjweaver.jar into your web server - provides the integration required for AcuSensor to work with your application
  • Deploying the Acunetix Java AcuSensor into your web server - this is unique for each Target, and can be downloaded by using the Download JAVA AcuSensor button
  • Configuring your web server to use Load Time Weaving (AspectJWeaver)

🔍 Assumptions for this document

This document assumes that you will be using version 1.9.5 (latest at time of writing) of AspectJWeaver.

Deploying AspectJWeaver into your web application

Deploying AcuSensor into your web server

  • Download the Acunetix JAVA AcuSensor from the Acunetix UI

AcuSensor for a specific web application on the web server (Recommended)

  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to %TOMCAT-HOME%\webapps\<your_app_folder>\WEB-INF\lib
  • If installing on Windows where Tomcat 9 was installed using the official "32-bit/64-bit Windows Service Installer", copy the AcuSensor.jar file to C:\Program Files (x86)\Apache Software Foundation\Tomcat 9.0\webapps\<your_app_folder>\WEB-INF\lib or C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\<your_app_folder>\WEB-INF\lib

AcuSensor for all web applications on the web server

  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to %TOMCAT-HOME%\lib
  • If installing on Windows where Tomcat 9 was installed using the official "32-bit/64-bit Windows Service Installer", copy the AcuSensor.jar file to C:\Program Files (x86)\Apache Software Foundation\Tomcat 9.0\lib or C:\Program Files\Apache Software Foundation\Tomcat 9.0\lib
  • You will need to adjust your AcuSensor password to use a single AcuSensor for the entire web server - more information here.
  • Note that deploying AcuSensor for all web applications on the web server can have a performance hit

Configure Tomcat to use AspectJWeaver and AcuSensor

  • Launch Tomcat with Load Time Weaving enabled. This can be done by adding a -javaagent parameter with the path to aspectjweaver.jar when launching Tomcat, and optionally a parameter to enable AcuSensor debug logging
  • Add 2 parameters into the Apache Tomcat Configuration > JAVA options tab
  1. -javaagent:C:\Program Files (x86)\Apache Software Foundation\Tomcat 9.0\lib\aspectjweaver.jar (mandatory; adjust path depending on where you deployed the aspectjweaver.jar file)
  2. -Dacusensor.debug.log=ON (optional; enables debug logging and should only be used for troubleshooting)

  • restart the Tomcat service

Note: The parameter "-Dacusensor.debug.log=ON" is optional, and can be omitted. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".

Disabling and Removing AcuSensor for JAVA

To remove and disable the sensor from your website you need to revert the changes done during the deployment of the Agent.:

  • Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder or folders where it was deployed
  • Remove aspectjweaver.jar from the folder where it was copied to
  • Reconfigure Tomcat with Load Time Weaving disabled, as follows:
  1. remove the -javaagent and -Dacusensor.debug.log parameters in the Apache Tomcat Configuration > JAVA options tab
  2. restart the Tomcat service

Note: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.

 

« Back to the Acunetix Support Page