This means that you set up the
-javaagent switch properly, but used an incorrect path for contrast.jar. We recommend using a fully qualified path while setting up the switch to prevent any relative path confusion, i.e.:
[joe@localhost /~#] set JAVA_OPTS=$JAVA_OPTS -noverify -javaagent:../contrast.jar # Bad! Relative path may be interpreted incorrectly by the launcher.
Using fully-qualified paths fixes everything:
[joe@localhost /~#] set JAVA_OPTS=$JAVA_OPTS -noverify -javaagent:/usr/share/java/lib/contrast.jar # Good! Everyone sees this path the same.
If it still fails, double check the path to the contrast.jar file correctly and make sure the user running the server has the correct filesystem privileges to read the file and its parent directory.
When you start your application server with Contrast, the first thing you should see is a few startup messages from Contrast printed to standard out. There are only a couple reasons this could happen:
The server has not had the JVM options set correctly. The vast majority of the time, this is the issue. Look at the Installation Guide for specific instructions on how to add JVM options to your server startup script or run configuration. Sometimes, users will add Contrast options to the server's startup script which isn't used by their launcher.
The server or application is redirecting standard output. Confirm that Contrast messages are appearing with the rest of the redirected output.
If these steps don't help, consult your application server, IDE or launcher documentation on setting the server's JVM options. The same steps for adding memory (via the -Xmx switch) can be used to add the Java agent.
Are you sure the Engine was installed correctly? Here's a checklist of common fixes for this issue:
JAVA_OPTSas was shown in installation documents?
-XX:PermGen=128mor more) and heap space (
-Xmx768mor more) in case it needs more memory?
There are a few network-related reasons why your server wouldn't appear on Contrast's installation wizard, even if Contrast was installed correctly. Assuming you've seen the Contrast and server's startup messages in your console on startup, consider the following options.
Your network requires a HTTP proxy to access Contrast's site If you need to configure an HTTP proxy to reach the Internet in your web browser, it's very likely Contrast will also require an HTTP proxy. To add an one off HTTP proxy, select "Advanced Configuration" and then "Use HTTP Proxy"in the Agent download screen. Fill out values for the HTTP proxy host and port. These values should be supplied by your network administrators. Finally, download and install Contrast as per the normal instructions.
Your network firewall doesn't allow outbound HTTP connections to Contrast's site Work with your network administrators to allow the server on which the Agent is running to create outbound HTTP requests to the Contrast TeamServer from which you obtained said Agent. For SaaS users, this is app.contrastsecurity.com on port 443.
You're suffering from the Windows and Java7 IPv6 bug
Starting with Java 7, the behavior of the IP stack is to utilize IPv6 addresses if available. On Windows, this causes problems with Java machines attempting to make connections out and results in inexplicable "PermissionDenied" exceptions. To fix, this, add
-Djava.net.preferIPv4Stack=true to your JVM options.
The Contrast engine ships with a diagnostic tool that can be run by passing the "diagnostic" argument to contrast.jar. This may help you identify your problem area.
$ java -jar contrast.jar diagnostic *** Contrast Engine (version 1.X) [!] Attempting to connect to the Contrast TeamServer at http://localhost:19080/Contrast (No proxy). [+] Looking up http://localhost:19080/Contrast Couldn't resolve host [-] Client cannot resolve the Contrast TeamServer. A proxy or DNS change may be needed. [+] Issuing HTTP request to Contrast... Executing request... Reading response  Response size = 3215 Snippet: <!doctype html> <!--[if gt IE 8]><!--> <html class="no-js"> [+] Client can connect directly to the Contrast TeamServer. No proxy needed.
You can also customize the diagnostic test and quickly test out different proxy and NTLM configurations by setting the following System properties:
If you're running into unexplained OutOfMemoryErrors, NoClassDefFoundErrors that seem to reference Contrast code or PermGen problems, the following may explain what's happening:
If you have enough memory, are running a supported container, and aren't doing any class visibility funkiness, send us some details at email@example.com.
This means that you don't have read/write access to the cache directory.
The cache directory is located in the contrast directory, and has permissions 755 by default. If the location of the contrast directory has been modified with the
contrast.dir property, the cache directory has also moved consequently. You must update the permissions to the cache directory.
This error usually indicates you've renamed your agent jar from its original name, contrast.jar. The contrast.jar file name has to match a file that's already inside the jar. (If you unzip contrast.jar, look at the file META-INF/MANIFEST.mf.) If it doesn't match, it will cause classloading issues.
The solution: Don't rename the Contrast agent file.
It might also mean that you're using an OSGi container, like Felix or Equinox, that should only use the Java 1.5 agent.
The solution: Only use the Java 1.5 agent, which has the same functionality as the Java agent but doesn't auto-update.
Starting with version 3.5.4, you can try running with
-Dcontrast.automaticbootdelegation, which will attempt to supplement classloading behavior to increase the visibility of Contrast agent classes.
Older versions of Java had separate area for permanent memory use called PermGen. Some of the memory Contrast uses will be kept in this space, but not a lot. If the JVM is already close to its PermGen limit, Contrast may be putting it over.
Adding another 32MB should be more than enough for Contrast.
Contrast Protect requires very litle, if any, extra memory. Unless you're already very close to the heap limit, it's possible no additions will be necessary. At the maximum, you should add an extra 128MB. The official minimum required for Contrast is 64MB.
Contrast Assess requires more memory to record the analytics necessary to tell a complete vulnerability story. Contrast suggests using 2x the maximum heap usage during typical Assess usage. The minimum required is 1.75x. (E.g., if you normally run with 128MB of memory, run with 256MB.)
If you still experience memory problems after adding the necessary memory, or think that Contrast is doing something wrong, send a heap dump. A Contrast team member will gladly take a look!
If you're experiencing this error on IBM Java 8, your JVM may not include latest FixPack.
Confirm that your JVM includes FixPack17 (FP17), which addresses several bugs, including JIT-related bugs that may lead to this error. If FP17 isn't included, you may try downloading and installing it, or applying the appropriate iFix.