Java
- 12 Apr 2023
- 7 Minutes to read
- PDF
Java
- Updated on 12 Apr 2023
- 7 Minutes to read
- PDF
Article Summary
Traceable’s Java tracing agent or Java agent is based on OpenTelemetery and enhances the Spans within a Trace with security-focused attributes. Traceable’s agent can capture all the traffic that flows through your Java application, including request and response headers along with the body of the request and response. Traceable's Java agent uses OTLP exporter.
Before you begin
The following prerequisites are required for installing Traceable's Java agent:
- The Java agent requires Java 8 or above.
- Traceable Platform Agent - Make sure that the Traceable platform agent's address is available to the applications being instrumented
Supported frameworks
| Library/Framework | Versions |
| Apache HttpAsyncClient | 4.1+ |
| Apache HttpClient | 4.0+ |
| gRPC | 1.6+ |
| JAX-RS Client | 2.0+ |
| Micronaut (basic support via Netty) | 1.0+ |
| Netty | 4.0+ |
| OkHttp | 3.0+ |
| Servlet | 2.3+ |
| Spark Web Framework | 2.3+ |
| Spring Webflux | 5.0+ |
| Vert.x | 3.0+ |
| Struts | 2.3+ |
Setup
Complete the following steps to attach or load Traceable’s Java agent and do a static attach. In the static attach deployment method, the Java application is started along with a Java agent. You can choose one of the following three methods to statically attach the Java agent:
- Download using curl and attach using the command line
- Download from Maven central and attach using Gradle
- Download from Maven central and attach using Maven
Download using curl
Download and untar the Java agent by entering the following command:
curl -OL https://downloads.traceable.ai/agent/java/latest/javaagent-latest.tgz
tar -xzf javaagent-latest.tgz Run your application JAR with the traceable-agent from the command line:
export HT_CONFIG_FILE=/<path_to_config_file>/example-config.yaml; java -javaagent:/<path_to_java_agent>/javaagent.jar -jar app.jarDownload from Maven Central and attach using Gradle
If you want to attach the Traceable agent to the runtask of a Gradle project leveraging the Application Plugin, complete the following steps:
- Define a custom Gradle configuration for
javaagent - Declare the Traceable Java agent as a dependency using the custom configuration to download it from Maven Central
- Set the -
javaagentflag as the first element of thejvmArgslist for theruntask. Use the custom configuration you defined to dynamically retrieve the path of the Java agent JAR on your system. - gradle run will now run your application with the Traceable Java agent attached.ActionScript
plugins { id 'application' } repositories { mavenCentral() } configurations { traceableAgent.extendsFrom runtimeOnly } dependencies { traceableAgent("ai.traceable.agent:javaagent:$traceableVersion") } application { // Define the main class for the application. mainClassName = 'com.example.Main' } run { jvmArgs = [ "-javaagent:${configurations.traceableAgent.asPath}" ] }
Download from Maven Central and attach using Maven
If you want to attach the Traceable agent to the exec task of a Maven project leveraging the Exec Maven Plugin, complete the following steps:
- Use the Maven Dependency Plugin to download the agent from Maven Central and copy it to your project's build directory
- Add an
<argument>to the Exec Maven Plugin configuration to set the -javaagentflag mvn compile exec:execwill now run your application with the Traceable Java agent attachedActionScript<build> <plugins> <plugin> <artifactId>maven-dependency-plugin</artifactId> <version>3.1.2</version> <executions> <execution> <phase>compile</phase> <goals> <goal>copy</goal> </goals> <configuration> <artifactItems> <artifactItem> <groupId>ai.traceable</groupId> <artifactId>javaagent</artifactId> <version>${traceable.version}</version> <classifier>all</classifier> </artifactItem> </artifactItems> <outputDirectory>${project.build.directory}</outputDirectory> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>exec-maven-plugin</artifactId> <version>3.0.0</version> <configuration> <executable>java</executable> <arguments> <argument>-javaagent:${project.build.directory}/javaagent-${hypertrace.version}-all.jar</argument> <argument>-classpath</argument> <classpath/> // Define the main class for the application <mainClass>com.example.Main</mainClass> </arguments> </configuration> </plugin> </plugins> </build>
Configure
You can configure the Java agent using one of the following three methods:
- Method 1 – Configure a YAML file – Configure a YAML file with all the configurations
- Method 2 – Provide configuration values as an environment variable – Provide the configuration as environment variables. This option overrides the configurations defined in the YAML file.
- Method 3 – Provide configuration values as Java system properties – Use Java’s
-Dproperty=valuemethod to set the configuration. This overrides the configurations set using the environment variables.
Method 1 – Configure a YAML file
You can use the following sample YAML file, for example, example-config.yaml to configure Traceable’s Java agent. If you do not provide the configuration file, the Java agent takes the inbuilt default values, which you can see in the output of the command on the console. Run the above command separately for each Java application that you want to instrument with Traceable’s Java agent.
serviceName: service_name
reporting:
endpoint: http://hostname:4317
opa:
endpoint: http://hostname:8181/The following table explains the various configuration options.
| Option | Description |
serviceName | The name of the service that you want it to be identified with on Traceable’s dashboard |
propagationFormats | Defines the propagation format. The default is set as TRACECONTEXT. The options are TRACECONTEXT and B3. |
endpoint | Traceable agent's URL along with the port number.
|
secure | Set it to true if you want to connect to the endpoint over TLS. The default value is true |
opa: endpoint | URL of Traceable agent where it is running on port number 8181. |
pollPeriodSeconds | The time in seconds to poll the OPA service to fetch the blocking rules. |
|
|
Other Tracing vendors are likely to use the TRACECONTEXT propagation format as well. If you already have an existing tracing solution and would like to use Traceable alongside it, then you must reconfigure Traceable to use the B3 propagation format. This will ensure Traceable is not competing for the Traceparent and will avoid broken correlations from service to service.
Load the Java agent
After you have completed the configuration file, run the following command to instrument your Java application with Traceable’s Java agent:
HT_CONFIG_FILE=/<path_to_config_file>/example-config.yaml java -javaagent:/<path_to_java_agent>/javaagent-1.0.8 -jar app.jarMethod 2 – Provide configuration values as an environment variable
You can configure the Java agent by providing the configuration as an environment variable to the java command. When you provide configuration through an environment variable, it overwrites the configuration values set using Method 1. Following is an example of providing the configuration as an environment variable.
export HT_SERVICE_NAME=my_service_name HT_CONFIG_FILE=/<path_to_config_file>/example-config.yaml java -javaagent:/<path_to_java_agent>/javaagent.jar -jar app.jar| Environment variable | Description |
|---|---|
| HT_SERVICE_NAME | Identifies the service or process on Traceable’s dashboard. |
| HT_REPORTING_ENDPOINT | The address of the Traceable agent where traces are reported, for example:
hostname is the host where the Traceable agent is deployed. |
| HT_REPORTING_SECURE | When true, connect to endpoints over TLS. |
| HT_REPORTING_TRACE_REPORTER_TYPE | This is an optional environmental variable. |
| HT_DATA_CAPTURE_HTTP_BODY_REQUEST | When set to true, capture the body of the HTTP request |
| HT_DATA_CAPTURE_HTTP_BODY_RESPONSE | When set to true, captures the body of the HTTP response |
| HT_DATA_CAPTURE_HTTP_HEADERS_REQUEST | When set to true, captures the header of the HTTP request |
| HT_DATA_CAPTURE_HTTP_HEADERS_RESPONSE | When set to true, captures the header of the HTTP response |
| HT_DATA_CAPTURE_RPC_METADATA_REQUEST | When set to true, captures the RPC metadata of the request |
| HT_DATA_CAPTURE_RPC_METADATA_RESPONSE | When set to true, captures the RPC metadata of the response |
| HT_DATA_CAPTURE_RPC_BODY_REQUEST | When set to true, captures the RPC body of the request |
| HT_DATA_CAPTURE_RPC_BODY_RESPONSE | When set to true, captures the RPC body of the response |
OPA environment variables and system properties
| Environment variable | System properties | Description |
|---|---|---|
| TA_OPA_ENABLED | ta.opa.enabled | Set it to true if you wish to enable OPA. The default value is false. This will be enabled only if a system property -Dja.filter.impl=OPA is set or an environment variable JA_FILTER_IMPL=OPA is set. This is deprecated. |
| TA_OPA_ENDPOINT | ta.opa.endpoint | The address of the Traceable agent with port 8181, for example, http://hostname:8181/. OPA endpoint is required to fetch Web application firewall configurations. |
| TA_OPA_POLL_PERIOD_SECONDS | ta.opa.poll.period.seconds | The poll period in seconds to query the OPA service. |
| TA_OPA_CERT_FILE | ta.opa.cert.file | Location of cert file for connecting over TLS to Traceable Platform agent. |
Blocking configuration environment variable and system properties
| Environment variable | System property | Description |
|---|---|---|
| TA_BLOCKING_CONFIG_ENABLED | ta.blocking.config.enabled | Set it to true if you wish to enable blocking. The default value is true. |
| TA_BLOCKING_CONFIG_MODSECURITY_ENABLED | ta.blocking.config.modsecurity.enabled | Set it to true if you wish to enable ModSecurity. The default value is true. |
| TA_BLOCKING_CONFIG_REGION_BLOCKING_ENABLED | ta.blocking.config.region.blocking.enabled | Set it to true if you wish to enable region blocking. The default value is true. |
| TA_BLOCKING_CONFIG_EVALUATE_BODY | ta.blocking.config.evaluate.body | Set it to true if you wish to evaluate request body content for blocking. The default value is true. |
| TA_BLOCKING_CONFIG_SKIP_INTERNAL_REQUEST | ta.blocking.config.skip.internal.request | Set it to false if you wish to block internal requests. If it is set to true, then the agent skips evaluating internal requests for blocking. The default value is true. |
Remote configuration environment variable and system properties
| Environment variable | System property | Description |
|---|---|---|
| TA_REMOTE_CONFIG_ENABLED | ta.remote.config.enabled | Set it to true if you wish to pull configuration from a remote Traceable Platform agent. The default value is true. |
| TA_REMOTE_CONFIG_ENDPOINT | ta.remote.config.endpoint | The address of Traceable Platform agent with port 5441, for example, hostname:5441. This is required to fetch the various rules from Traceable Platform agent, for example, blocking rules and so on. The default value is localhost:5441. |
| TA_REMOTE_CONFIG_POLL_PERIOD_SECONDS | ta.remote.config.poll.period.seconds | Interval in seconds between subsequent calls to Traceable Platform agent for polling remote configuration. The default value is 30 seconds. |
| TA_REMOTE_CONFIG_GRPC_MAX_CALL_RECV_MSG_SIZE | ta.remote.config.grpc.max.call.rec.msg.size | The maximum size of messagein bytes to be received in one call to a remote endpoint. The default value is 33554432 bytes. |
| TA_REMOTE_CONFIG_CERT_FILE | ta.remote.config.cert.file | Location of certificate file for connecting over TLS to Traceable Platform agent. By default, the value is empty. |
Miscellaneous environment variable and system property
| Environment variable | System property | Description |
|---|---|---|
| TA_DEBUG_LOG | ta.debug.log | Set it to true if you wish to enable blocking. The default value is false. |
| TA_API_DISCOVERY_ENABLED | ta.api.discovery.enabled | Set it to true if you wish to enable API discovery. The default value is true. |
| TA_SAMPLING_ENABLED | ta.sampling.enabled | Set it to true if you wish to enable sampling. The default value is true. |
Method 3 – Provide configuration values as java system properties
You can also use Java’s -Dproperty=value method to set the configuration values. When you set the value using this method, it overwrites the values set using both Method 1 and 2. Following is an example of using Java’s -D flag:
java -Dht.service.name=my_service_name -javaagent:/<path_to_java_agent>/javaagent-1.0.12.jar -jar app.jarVerify deployment
To verify the deployment of the Java agent, log into your Traceable Dashboard and click on Services. If the deployment was successful, you will see your service listed under the Name column..png)
Disable instrumentation
You can disable instrumentation by running the following command:
java -Dotel.instrumentation.<instrumentation-name>.enabled=false -javaagent:/<path_to_java_agent>javaagent.jar -jar app.jarThe following instrumentation names disable only Hypertrace instrumentation, not the core OpenTelemetery:
ht – All Hypertrace instrumentationservlet-ht – Servlet, Spark Webokhttp-ht- Okhttpgrpc-ht – Okhttp
The Hypertrace instrumentation also uses the core OpenTelemetry instrumentation names. For example, -Dotel.instrumentation.servlet.enabled=false disables all the servlet instrumentation, including core OpenTelemetry and Hypertrace.
Uninstall Java agent
To uninstall Traceable's Java agent, restart your application without the javaagent argument or any of the Traceable's system properties.
Was this article helpful?
