Deploying the AcuSensor agent for JAVA - Tomcat (Windows)
🔍 AcuSensor Network PreRequisites
AcuSensor makes use of the AcuSensor Bridge. Read more information here.
Acunetix JAVA Acusensor requires Tomcat (8.5+) and Java (1.7+). Current testing is with Tomcat 10 and Java 1.8.
The AcuSensor agent will need to be deployed to your web application. This section describes how to deploy AcuSensor to a JAVA web application.
The Java AcuSensor requires:
- Deploying aspectjweaver.jar into your web server - provides the integration required for AcuSensor to work with your application
- Deploying the Acunetix Java AcuSensor into your web server - this is unique for each Target, and can be downloaded by using the Download JAVA AcuSensor button
- Configuring your web server to use Load Time Weaving (AspectJWeaver)
🔍 Assumptions for this document
This document assumes that you will be using version 1.9.5 (latest at time of writing) of AspectJWeaver.
Deploying AspectJWeaver into your web application
- Download AspectJWeaver here: https://repo1.maven.org/maven2/org/aspectj/aspectjweaver/1.9.5/aspectjweaver-1.9.5.jar
- Rename the file to "aspectjweaver.jar" and copy the "aspectjweaver.jar" file to C:\Program Files (x86)\Apache Software Foundation\Tomcat 9.0/lib
Deploying AcuSensor into your web server
- Download the Acunetix JAVA AcuSensor from the Acunetix UI
AcuSensor for a specific web application on the web server (Recommended)
- Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to %TOMCAT-HOME%\webapps\<your_app_folder>\WEB-INF\lib
- If installing on Windows where Tomcat 9 was installed using the official "32-bit/64-bit Windows Service Installer", copy the AcuSensor.jar file to C:\Program Files (x86)\Apache Software Foundation\Tomcat 9.0\webapps\<your_app_folder>\WEB-INF\lib or C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\<your_app_folder>\WEB-INF\lib
AcuSensor for all web applications on the web server
- Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to %TOMCAT-HOME%\lib
- If installing on Windows where Tomcat 9 was installed using the official "32-bit/64-bit Windows Service Installer", copy the AcuSensor.jar file to C:\Program Files (x86)\Apache Software Foundation\Tomcat 9.0\lib or C:\Program Files\Apache Software Foundation\Tomcat 9.0\lib
- You will need to adjust your AcuSensor password to use a single AcuSensor for the entire web server - more information here.
- Note that deploying AcuSensor for all web applications on the web server can have a performance hit
Configure Tomcat to use AspectJWeaver and AcuSensor
- Launch Tomcat with Load Time Weaving enabled. This can be done by adding a -javaagent parameter with the path to aspectjweaver.jar when launching Tomcat, and optionally a parameter to enable AcuSensor debug logging
- Add 2 parameters into the Apache Tomcat Configuration > JAVA options tab
- -javaagent:C:\Program Files (x86)\Apache Software Foundation\Tomcat 9.0\lib\aspectjweaver.jar (mandatory; adjust path depending on where you deployed the aspectjweaver.jar file)
- -Dacusensor.debug.log=ON (optional; enables debug logging and should only be used for troubleshooting)
- restart the Tomcat service
Note: The parameter "-Dacusensor.debug.log=ON" is optional, and can be omitted. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".
Disabling and Removing AcuSensor for JAVA
To remove and disable the sensor from your website you need to revert the changes done during the deployment of the Agent.:
- Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder or folders where it was deployed
- Remove aspectjweaver.jar from the folder where it was copied to
- Reconfigure Tomcat with Load Time Weaving disabled, as follows:
- remove the -javaagent and -Dacusensor.debug.log parameters in the Apache Tomcat Configuration > JAVA options tab
- restart the Tomcat service
Note: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.