License Type | SaaS & On-Premise |
Agent Mode | Assess & Protect |
Main Product Category | Java Agent |
Sub Category | Configuration & Deployment |
Question
How does the Java agent handle application naming?
Answer
Default (no additional properties specified) = Auto application discovery, the application is created once we see http traffic for it and allocate a name for it. We allocate a name based on the following:
- Checks for a
display-name
tag in the app's web.xml - If we can't find this, we use the context of the app. If it's running at
http://host/myapp
then the agent would call itmyapp
. - If we can't find a name or it's running from the root context
http://host/
, then it will be namedROOT
.
The default option will give you multiple applications in the Contrast UI if there's multiple running on the same JVM. However it means that there's a period of time after the agent starts where no application entries exist. (until http traffic is generated on them) It also means that the agent won't send vulnerabilities which can't be tied to one of these reported applications.
-Dcontrast.application.name = this is the newer form of -Dcontrast.appname
. The behavior on the agent side is the same as the default option.
- As each app is identified, we replace the name for all application with the one you specify, so you only see one application in the Contrast UI.
- All applications running within the same JVM will be grouped under this name.
-Dcontrast.agent.java.standalone_app_name = We create the application entry in the Contrast UI when the JVM starts, no waiting for http traffic. Everything the agent sees goes to this one application entry.
- Allows for the discovery of routing information
- Allows for some additional vulnerabilities to be found through static analysis on startup.
- All applications running within the same JVM will be grouped under this name.
For more information on these agent properties see our Contrast Documentation