6.10. Security

6.10.1. Query Auditing

GeoMesa provides a Java SPI to audit queries. Auditing can be enabled when creating a DataStore by setting the parameter auditQueries to true in the connection map. Auditing is written to different locations depending on the data store implementation. In Accumulo, audits are written to the <catalog>_queries table. For other data stores, audits are written to log files.

As GeoMesa can run in many environments, determining who executed a query is delegated to a service class. Services need to implement org.locationtech.geomesa.utils.audit.AuditProvider. Third-party implementations can be enabled by placing them on the classpath and including a special service descriptor file. See the Oracle Javadoc for details on implementing a service provider.

The GeoMesa Accumulo GeoServer plugin comes bundled with an AuditProvider that pulls user credentials from GeoServer’s Spring security framework - org.locationtech.geomesa.plugin.security.SpringAuditProvider.

6.10.2. Apache Commons Collections

Version 3.2.1 and earlier of the Apache Commons Collections library have a CVSS 10.0 vulnerability. Read more here.

Accumulo 1.6.5+ and GeoServer 2.8.3+/2.9.0+ include the patched JAR. Users on older versions should install the newer jar manually.