Deploying the AcuSensor agent for JAVA - Tomcat (Windows/Linux/Docker)

AcuSensor Network Prerequisites

AcuSensor makes use of the AcuSensor Bridge. For more information, refer to the AcuSensor Bridge documentation.

  • Acunetix JAVA AcuSensor requires Tomcat (8.5+) and Java (8+).
  • The AcuSensor agent will need to be deployed to your web application. This article describes how to deploy AcuSensor to a JAVA web application.

IMPORTANT: The following installation instructions are for the newer version of the JAVA IAST sensor. If you are running the older, aspectjweaver-based JAVA sensor, you need to remove the old sensor before proceeding with installing the newer version of the JAVA sensor. Instructions on how to check if you are using the older version of the JAVA sensor and how to remove it can be found at the end of this document.

How to deploy AcuSensor into your web server

To install the Java AcuSensor, you need to:

  1. Download the JAVA AcuSensor agent (AcuSensor.jar) from the Target’s Settings in the Acunetix UI.
    The JAVA AcuSensor download includes the AcuSensor Token which, by default, is unique for each target. Unless the Token has been changed to be the same for all the targets, you will need to download the JAVA AcuSensor for each Target separately.
    You will need to adjust your AcuSensor password to use a single AcuSensor for the entire web server - more information here.

  1. Save the downloaded JAVA AcuSensor to a location on your web server (e.g. C:\JAVA_AcuSensor or /usr/share/JAVA_AcuSensor).

  1. Tomcat needs to be configured to load the JAVA AcuSensor.

  1. On Windows, this can be done from the Apache Tomcat Configuration > Java tab > Java Options. Add 2 parameters into the Apache Tomcat Configuration > JAVA options tab

  • -javaagent:C:\JAVA_AcuSensor\acusensor.jar (mandatory; adjust path depending on where you saved the acusensor.jar file)

  • -Dacusensor.debug.log=ON (optional; enables debug logging and should only be used for troubleshooting)

  1. On Linux, this can be done from /usr/share/tomcat9/bin/setenv.sh in the JAVA_OPTS="$JAVA_OPTS -javaagent:/usr/share/java/acusensor.jar -Dacusensor.debug.log=ON"

  1. Restart the Tomcat service.

NOTE: The parameter "-Dacusensor.debug.log=ON" is optional, and can be omitted. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Invicti-debug]".

How to disable and remove AcuSensor for JAVA

To remove and disable the sensor from your website you need to revert the changes done during the deployment of the Agent:

  1. Stop the Tomcat service.

  1. Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder where it was saved.

  1. Reconfigure Tomcat so that it does not load the javaagent by removing the -javaagent and -Dacusensor.debug.log parameters.

  1. On Windows, this can be done from the Apache Tomcat Configuration > JAVA options tab.

  1. On Linux, this can be done from /usr/share/tomcat9/bin/setenv.sh by removing the line JAVA_OPTS="$JAVA_OPTS -javaagent:/usr/share/java/acusensor.jar -Dacusensor.debug.log=ON"

  1. Restart the Tomcat service.

NOTE: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.

How to disable and remove older versions of the AcuSensor for JAVA

Older versions of the AcuSensor for JAVA made use of aspectjweaver to provide the IAST functionality. You can confirm if you are using the  aspectjweaver-based JAVA sensor from the Apache Tomcat Configuration > JAVA options tab. If the -javaagent option is loading aspectjweaver.jar, then you need to remove the older AcuSensor for JAVA using the following instructions:

  1. Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder or folders where it was deployed.

  1. Remove aspectjweaver.jar from the folder where it was copied to.

  1. Reconfigure Tomcat with Load Time Weaving disabled, as follows:

  1. Remove the -javaagent and -Dacusensor.debug.log parameters in the Apache Tomcat Configuration > JAVA options tab.

  1. Restart the Tomcat service.

 

« Back to the Acunetix Support Page