How does the Java Agent handle application naming

  • Updated

Question

How does the Java agent handle application naming?

Answer

In order of precedence - the following factors will determine the resulting application name as seen in the Contrast UI.

Use of -Dcontrast.agent.java.standalone_app_name

Use of standalone_app_name has been deprecated as it's functionality has been incorporated into java agents(≥4.x) by default.

This setting is only needed to force the onboarding of an application that runs in a Java framework that the Contrast Java Agent does not yet support (see here for a list of currently supported frameworks).  When used, the agent will, on startup, immediately create an application in the Contrast UI with this name regardless of whether traffic or vulnerabilities have been discovered.

Use this setting only if the following apply:

Use of -Dcontrast.application.name

The contrast.application.name property allows for the customization of the onboarded application name. 

Applications will be onboarded into the Contrast UI once activity occurs on the application itself. 

This option should be used if:

  • If you desire to customize the name of the application instead of taking the default behavior found below.
  • Only one application is loaded into the JVM
  • For situations where multiple applications are loaded in one JVM please refer to: 

For more information on these and other agent configuration properties see the Contrast Documentation.

In all other cases, if no override options are specified, the following discovery logic comes into play: 

Direct Framework Support

Several frameworks provide a hook point that allows an application name to be explicitly specified.  If this is the case, the application name will be set using that value.

The following frameworks are currently supported in this regard:

  • MuleSoft

  • Servlet WebServers:
    • Jetty
    • Resin
    • Tomcat
    • Undertow
    • WebLogic
    • WebSphere

Inferred Framework Support

For frameworks other than the above, the following logic is used:

Context Path

If the above framework-related logic returns nothing, the context path is used as a fallback.

ClassPath Derived Name

The ClassPath Derived Name is determined by looking at the JAR file entry Implementation-Title or the name of the file minus the value of Implementation_Version.

  • If the application is packaged as an Uber jar, only the Uber jar file will be examined.
  • If not an Uber jar, all the classpath entries are walked until something matching the above description is discovered that does not result in an empty value.

If all else fails - the default of ROOT is used

Note:  When the agent uses the above logic to discover applications running on the JVM, the end result will be multiple applications in the Contrast UI, if multiple applications are discovered.  However, there may be a delay following startup of the agent before all applications show up in the UI (until inventory or HTTP traffic associated with each discovered app is detected).
 

Related Articles:

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request