Deploying the AcuSensor agent for JAVA - Windows

Acunetix JAVA Acusensor requires Tomcat (7+) and Java (1.7+). Current testing is with Tomcat 9 and Java 1.8.

The AcuSensor agent will need to be deployed to your web application. This section describes how to deploy AcuSensor to a JAVA web application.

The Java AcuSensor requires:

  1. Deploying aspectjweaver.jar into your web server - provides the integration required for AcuSensor to work with your application
  2. Deploying the Acunetix Java AcuSensor into your web server - this is unique for each Target, and can be downloaded by using the Download JAVA AcuSensor button
  3. Configuring your web server to use Load Time Weaving (AspectJWeaver)

Assumptions for this document

Note: This document assumes that you will be using version 1.9.5 (latest at time of writing) of AspectJWeaver.

Deploying AspectJWeaver into your web application

Deploying AcuSensor into your web application

  • Download the Acunetix JAVA AcuSensor from the Acunetix UI
  • Copy the Acunetix JAVA AcuSensor (AcuSensor.jar) to %TOMCAT-HOME%\lib
  1. If installing on Windows where Tomcat 9 was installed using the official "32-bit/64-bit Windows Service Installer", copy the AcuSensor.jar file to C:\Program Files (x86)\Apache Software Foundation\Tomcat 9.0\lib

Configure Tomcat to use AspectJWeaver and AcuSensor

  • Launch Tomcat with Load Time Weaving enabled. This can be done by adding a -javaagent parameter with the path to aspectjweaver.jar when launching Tomcat, and optionally a parameter to enable AcuSensor debug logging
  • Add 2 parameters into the Apache Tomcat Configuration > JAVA options tab
  1. -javaagent:C:\Program Files (x86)\Apache Software Foundation\Tomcat 9.0\lib\aspectjweaver.jar (mandatory; adjust path depending on where you deployed the aspectjweaver.jar file)
  2. -Dacusensor.debug.log=ON (optional; enables debug logging)

  • restart the Tomcat service

Note: The parameter "-Dacusensor.debug.log=ON" is optional, and can be omitted. If this parameter is retained, this will output AcuSensor logging as additional lines in the Tomcat logs starting with "[Acunetix-debug]".

Disabling and Removing AcuSensor for JAVA

To remove and disable the sensor from your website you need to revert the changes done during the deployment of the Agent.:

  • Remove the Acunetix JAVA AcuSensor (AcuSensor.jar) from the folder where it was deployed
  • Remove aspectjweaver.jar from the folder where it was copied to
  • Reconfigure Tomcat with Load Time Weaving disabled, as follows:
  1. remove the -javaagent and -Dacusensor.debug.log parameters in the Apache Tomcat Configuration > JAVA options tab
  2. restart the Tomcat service

Note: Although the Acunetix AcuSensor agent is secured with a strong password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.


« Back to the Acunetix Support Page